This system can detect malicious websites before they cause any harm

WASHINGTON: Scientists are developing a new system that will make it more difficult to register websites for immoral purposes, even before the malicious users have done anything harmful.
The system called PREDATOR, developed by researchers at Princeton University in the US distinguishes between legitimate and malicious purchasers of new websites.
It yields important insights into how those two groups behave differently online even before the anything obviously bad or harmful is done.
These early signs of likely evil-doers help security professionals take preemptive measures, instead of waiting for a security threat to surface.
"The intuition has always been that the way that malicious actors use online resources somehow differs fundamentally from the way legitimate actors use them," said Nick Feamster, professor at Princeton University.
"We were looking for those signals: what is it about a domain name that makes it automatically identifiable as a bad domain name?" said Feamster.
Once a website begins to be used for malicious purposes - when it is linked to in spam email campaigns, for instance, or when it installs malicious code on visitors' machines - the defenders can flag it as bad and start blocking it.
However, by then, the site has already been used for the very kinds of behaviour that we want to prevent.
PREDATOR, which stands for Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration, gets ahead of the curve.
The researcher's techniques rely on the assumption that malicious users will exhibit registration behaviour that differs from those of normal users, such as buying and registering lots of domains at once to take advantage of bulk discounts, so that they can quickly and cheaply adapt when their sites are noticed and blacklisted.
Criminals will often register multiple sites using slight variations on names: Changing words like "home" and "homes" or switching word orders in phrases.
By identifying such patterns, researchers were able to start sifting through the more than 80,000 new domains registered every day to preemptively identify which ones were most likely to be used for harm.
Testing their results against known blacklisted websites, they found that PREDATOR detected 70% of malicious websites based solely on information known at the time those domains were first registered.
The false positive rate of the PREDATOR system, or rate of legitimate sites that were incorrectly identified as malicious by the tool, was only 0.35%.
Being able to detect malicious sites at the moment of registration, before they are being used, can have multiple security benefits, Feamster said.
Those sites can be blocked sooner, making it difficult to use them to cause as much harm -- or, indeed, any harm at all if the operators are not permitted to purchase them.

Related posts

Latest News

This week didn't look good for Apple. Google's new Pixel phone launched to posit

The search giant Google has released a new Gmail gadget for its Google Desktop p

In a fillip to Prime Minister Narendra Modi's "Digital India" initiative, globa

Google launched the Pixel phones in two sizes - 5-inch and 5.5-inch. The Pixel a

HP has hit a sweet spot with its budget Stream laptops. Introduced two years ago

Sharp has added another smartphone - Aquos Xx3, to its line-up. Announced in Jap

In collaboration with Google VR, HTC Vive and Upload, US-based educational insti

In sync with the festive season, HP on Wednesday announced offers on select prod

South Korean tech giant LG has launched its ultra-slim and lightweight laptop in

Popular dating app Tinder has launched a new feature called 'Smart Photos'. It's