According to the Wall Street Journal “Researchers at Princeton and the University of California have developed a machine-learning algorithm that can detect malicious domain names.”
“The code scans for 22 features that are consistent with suspicious behavior, including names that are registered in bulk by the hundreds, names that are variations of the same name, random-looking names, and names with numerical characters.”
“The algorithm, published in a research paper this month, is called PREDATOR, which stands for Proactive Recognition and Elimination of Domain Abuse at Time-of-Registration.”
“In a five-month study of registration logs of 12.8 million “.com” and “.net” domains, the algorithm could determine 70% of malicious domains at the time they were registered–days or weeks faster than existing technologies that blacklist domain names.”
“The research found that non-criminals usually choose domain names that are easy to remember, whereas criminals choose random names because they’re buying in bulk in hopes of decreasing their chances of all their domain names being blacklisted.”
“In phishing attacks, variations of an established domain name or names with digits are used to trick users into clicking on a seemingly legitimate website, such as a bank account.”
It will be interesting to see what happens if they use the PREDATOR program for some of the new gTLD’s as well.
