A group of American experts have created a software tool for combating cybercrime at the stage of domain registration by identifying behavior that indicates possible intent to use these domains for malicious purposes. The technology is called PREDATOR – Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration.
PREDATOR is based on principles of artificial intelligence and is a self-learning system that analyzes time-of-registration features, some of them obvious such as IP addresses and DNS servers, for possible past involvement in malicious activities.
Other features have been developed by the software designers for the first time. For example, PREDATOR takes note of large groups of domains registered by one registrar. Another feature is criminals using slight variations on names or switching word orders in phrases, for example asklenderhome.com, asklendershome.com, or askhomeslender.com.
Even the time of registration is important – scam-spikes in registration activity typically happen between 12:35 and 1:15 in the afternoon.
The researchers say PREDATOR identified 70 percent of domain registrations that were later abused, and they claim a false positive rate of just 0.35 percent. Since 80,000 domains are registered each day, that’s still around 250 sites a day unfairly tagged as evil, so PREDATOR still needs some refinement on that score. However, experts believe that PREDATOR has a bright future. Refinement will likely allow it to upset the scammers’ financial assumptions, because they would have to spend more money and time acquiring domains.
