Bureaucrats, steward, Administrators, translator
2,307
edits
Changes
Inferential Analysis of Maliciously Registered Domains (view source)
Revision as of 22:05, 11 June 2024
, 3 months agoAdded internal links, fixed reference
'''INFERMAL (Inferential Analysis of Maliciously Registered Domains)''' is a research project being carried out by KOR Labs and funded by ICANN. <ref>https://infermal.korlabs.io/</ref> The project aims to systematically analyze the preferences of cyberattackers and possible measures to mitigate malicious activities across [[TLDs|top-level domains]] (TLDs) <ref name="infermal1">[https://korlabs.io/blog/infermal-investigating-cyber-attackers-preferences.html About Infermal]</ref>. This project is funded as a part of ICANN's [[DNS Security Threat Mitigation Program|Domain Name System (DNS) Security Threat Mitigation Program]], which strives to make the Internet a safer place for end users by reducing the prevalence of [[DNS]] security threats across the Internet. It is supervised by ICANN's Office of the Chief Technology Officer Security, Stability, and Resiliency team <ref name= "infermal2">https://korlabs.io/blog/new-icann-project-infermal.html More About</ref>.
'''INFERMAL (Inferential Analysis of Maliciously Registered Domains)''' is a research project being carried out by KOR Labs and funded by [[ICANN]]. <ref name="infermal1">[https://infermal.korlabs.io/ About Infermal]</ref> The project aims to systematically analyze the preferences of cyberattackers and possible measures to mitigate malicious activities across [[TLDs|top-level domains]] (TLDs) <ref name="infermal2">[https://korlabs.io/blog/infermal-investigating-cyber-attackers-preferences.html Infermal Blog]</ref>. This project is funded as a part of ICANN's [[DNS Security Threat Mitigation Program|Domain Name System (DNS) Security Threat Mitigation Program]], which strives to make the Internet a safer place for end users by reducing the prevalence of [[DNS]] security threats across the Internet. It is supervised by ICANN's [[Office of the Chief Technology Officer]] [[SSR|Security, Stability, and Resiliency]] team <ref name= "infermal3">[https://korlabs.io/blog/new-icann-project-infermal.html More About]</ref>.
INFERMAL was created to expand knowledge in an area in which, for years, there has been anecdotal evidence: the suggestion that cybercriminals tend to exploit TLDs and [[registrars]] with low domain name registration prices. However, this hypothesis lacked concrete evidence and a systematic analysis of attackers' preferences. Each malicious actor may have their own criteria, with one favoring lower registration prices while another may target registrars with specific payment methods or free APIs for bulk domain registration.
INFERMAL was created to expand knowledge in an area in which, for years, there has been anecdotal evidence: the suggestion that cybercriminals tend to exploit TLDs and [[registrars]] with low domain name registration prices. However, this hypothesis lacked concrete evidence and a systematic analysis of attackers' preferences. Each malicious actor may have their own criteria, with one favoring lower registration prices while another may target registrars with specific payment methods or free APIs for bulk domain registration <ref name="infermal1" />.
== Methodology ==
== Methodology ==
In previous work, the relationship between a limited number of security indicators and the structural properties of TLDs, and abuse at the level of gTLDs was analyzed, whereas the here-proposed approach will allow a fine-grained analysis at the domain name level.
In previous work, the relationship between a limited number of security indicators and the structural properties of TLDs, and abuse at the level of gTLDs was analyzed, whereas the here-proposed approach will allow a fine-grained analysis at the domain name level.
First, URLs blacklisted by reputable organizations such as the Anti-Phishing Working Group (APWG) are collected. This study focuses on domains that were maliciously registered rather than hacked websites. Then, the registration policies of the registrars (i.e., registration features, proactive and reactive security policies) at the time the malicious domain name was registered are assembled. The set of registration features preferred by attackers are systematically distilled using generalized linear models (GLMs) to assess their importance.
First, URLs blacklisted by reputable organizations such as the [[Anti-Phishing Working Group]] (APWG) are collected. This study focuses on domains that were maliciously registered rather than hacked websites. Then, the registration policies of the registrars (i.e., registration features, proactive and reactive security policies) at the time the malicious domain name was registered are assembled. The set of registration features preferred by attackers are systematically distilled using generalized linear models (GLMs) to assess their importance <ref name="infermal2" />.
== Project Timeline ==
== Project Timeline ==
'''Phase 3: Fine-grained inferential analysis of maliciously registered domains'''
'''Phase 3: Fine-grained inferential analysis of maliciously registered domains'''
Finally, by September 2024, a final report will be published, in the form of a research paper providing a fine-grained inferential analysis of maliciously registered domains using GLM modeling to determine driving factors of domain abuse. The project will also propose best practices to effectively mitigate abuse <ref name="infermal1" />
Finally, by September 2024, a final report will be published, in the form of a research paper providing a fine-grained inferential analysis of maliciously registered domains using GLM modeling to determine driving factors of domain abuse. The project will also propose best practices to effectively mitigate abuse <ref name="infermal2" />.
== INFERMAL partners ==
== INFERMAL partners ==
Dr. Maciej Korczyński, co-founder of KOR Labs, will serve as the scientific consultant of the INFERMAL project. Dr. Samaneh Tajalizadehkhoob, Director of Security, Stability and Resiliency Research (SSR), is the scientific contact point of the INFERMAL project from ICANN Org side.
Dr. [[Maciej Korczynski]], co-founder of KOR Labs, will serve as the scientific consultant of the INFERMAL project. Dr. [[Samaneh Tajalizadehkhoob]], Director of SSR, is the scientific contact point of the project from ICANN Org side <ref name="infermal1" />.
References
References
{{reflist}}
{{reflist}}