The registries DNS Belgium (Belgian ccTLD .BE) and SIDN (Netherlands ccTLD .NL) have agreed to work together to develop a system for recognizing potentially malicious domain registrations. This is reported in an article published on the SIDN website. Both registries have already set up their own anti-malicious registration systems. So, SIDN has had a RegCheck system since last summer. It uses machine learning algorithms to analyze each domain name registration application, which counts between 2,000 and 3,000 per day in the Dutch country code. The program evaluates each of the parameters identified as a potential criterion for malicious use of the domain. If the critical total score is exceeded, the application is transferred to analysts for a "manual" study. If the analyst confirms that the intentions of the registrant are doubtful, the latter will have to confirm his identity. And if this is not done within three days, the domain registration is blocked.
The daily number of domain name registration applications in the Belgian ccTLD is approximately 1000. And the practice of assessing the potential harm of registrations has been in place in DNS Belgium for almost a decade. However, in the past, this assessment was done manually, making the process quite lengthy and the workload on employees very high. As a result, the registry has developed its own computer-based scoring system. Its approach differs from that taken by the Netherlands. The software of the Belgian system is aimed at identifying the maximum number of potential infringers at the earliest possible stage. This implies a fairly high number of “false alarms”, but, as one of the leaders of DNS Belgium, Maarten Bosteels, says, “If we have to send 200 legitimation requests to prevent 20 malicious registrations, that's a good trade-off as far as we're concerned".
The registries have now agreed to open source their software to each other and work together to create a common system. The developers note that SIDN's RegCheck system looks more sophisticated and results-oriented, while the Belgian system opens up more opportunities for research and further product improvement. At the same time, each of the systems contains a number of criteria for the potential harmfulness of domain registrations, which are not considered by the other system. Thus, joining forces opens up good prospects for creating the most effective solution. The developers assume that in the future the unified system they have created may be required by other registries and distributed, for example, under the auspices of the Council of European National Top-Level Domain Registries (CENTR). At the same time, they exclude the possibility of its distribution as open source software, since such a step will inevitably open up an opportunity for attackers to understand what methods registries protect against malicious domain registrations.
