As we all unfortunately know, malicious websites that promote scams and distribute malware pervade the web. To make matters worse, blocking or blacklisting those websites doesn’t help much. This is because criminals who create malicious websites can easily set up new domain names to support their activities after they’ve been blocked or blacklisted. The good news is that a research team from the Princeton University has developed a new system to make it more difficult to register new domains for bad purposes.
The new system is called PREDATOR, which stands for Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration. This tool is able to distinguish between legitimate and malicious purchasers of new websites, and in doing so, it provides important insights into how those two groups behave differently online. Even more importantly, PREDATOR is able to provide these insights before the malicious users have done anything obviously harmful.
PREDATOR relies on the assumption that malicious users exhibit registration behavior that differs from those of normal users. Things like buying and registering lots of domains at once to take advantage of bulk discounts, so that they can immediately and cheaply adapt when their sites are noticed and blacklisted, or registering multiple sites using slight variations on names, are some of the behaviors that separate normal from malicious users.
In the study, PREDATOR was able to detect 70% of malicious websites based only on information known at the time those domains were first registered. Additionally, the rate of legitimate sites that were incorrectly identified as malicious was only 0.35%.
Source:
Princeton University (http://www.princeton.edu/main/news/archive/S47/74/26M01/index.xml)
Chanwoo's Weekly Tech 