New system to spot malicious websites before they cause harm

Nov 02, 2016 | 1:52 pm

Published by | Chandan Singh


Researchers are developing a new system that will make it more difficult to join up websites for immoral purposes, even before the malicious users have done anything harmful.

The device called predator, developed by researchers at Princeton University or college in America distinguishes between genuine and malicious purchasers of new websites.

It produces important insights into how those two groups act differently online even before the anything obviously bad or harmful is completed.

These types of early signs of likely evil-doers help security experts take preemptive measures, rather than waiting for a security threat to a surface.

“The intuition has always been that the way that malicious actors use online learning resources in some way differs fundamentally from the way legitimate actors utilize them, ” said Nick Feamster, the professor at Princeton University.

“We were looking for those signals: what is it about a website name that makes it automatically identifiable as a bad domain name? ” said Feamster.

Once a site commences being used for malicious purposes – when it is associated with in spam email campaigns, for instance, or when it installs malicious code on visitors’ machines – the defenders can flag it as bad and start blocking it.

However, by then, the site had been used for the very sorts of behavior that we want to prevent.

PREDATOR, which means Positive Recognition and Elimination of Domain Abuse at Time-Of-Registration, gets ahead of the curve.

The researcher’s techniques rely on the presumption that malicious users will exhibit registration behavior that differs from those of normal users, such as buying and registering plenty of domains at once to take good thing about discounts, so that they can quickly and inexpensively adapt when their sites are noticed and penalized.

Criminals will often sign-up multiple sites using minor variations on names: changing words like “home” and “homes” or switching term orders in phrases.

Simply by identifying such patterns, experts were able to start out rummaging through the more than 80,000 new domain names registered every day to preemptively identify which ones were most likely to be used for damage.

Testing their results against known blacklisted websites, they found that PREDATOR recognized 70 % of harmful and destructive websites based solely on information known at the time those domains were first registered.

The fake positive rate of the PREDATOR system, or rate of legitimate sites which were incorrectly determined as harmful by the tool, was only 0.35 percent.

Being able to discover malicious sites at the moment of registration, before they are being used, can have multiple security benefits, Feamster said.

All those sites can be clogged sooner, rendering it difficult to use them to cause as much harm – or, indeed, any damage whatsoever if the providers are certainly not permitted to get them.

Source: DNAIndia