Jump to content

Classification of Compromised versus Maliciously Registered Domains: Difference between revisions

From ICANNWiki
Jessica (talk | contribs)
No edit summary
Christiane (talk | contribs)
m Typo
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Classification of COmpromised versus Maliciously Registered domains ('''COMAR''') is a joint research project with the goal of using machine learning to classify types of domain exploitation.<ref>[https://www.sidnlabs.nl/en/news-and-blogs/distinguishing-exploited-from-malicious-domain-names-using-comar Distinguishing between Malicious and Compromised Domains, SIDN Labs Blog]</ref> It is led by [[SIDN]] Labs, [[AFNIC]] Labs, and Grenoble Alps University (GAU). The Franco-Dutch project distinguishes ''automatically'' between domain names registered by cybercriminals for the purpose of malicious activities and domain names exploited through vulnerable web applications. The project is designed to help intermediaries, such as [[registrars]] and [[ccTLD]] [[registries]], optimize their anti-[[DNS Abuse|abuse]] processes.<ref>[https://comar-project.univ-grenoble-alpes.fr/ COMAR, Grenoble Alpes Uni]</ref> A [[malicious Domain|domain name classified as maliciously registered]] should be blocked by the registry or registrar, by removing the name from the zone file. A [[compromised Domain|legitimate but compromised domain]] name should not be blocked. Instead, just the malicious content should be removed by the hosting provider or domain owner ([[registrant]]).<ref>[https://comar-project.univ-grenoble-alpes.fr/ COMAR Project, GAU]</ref>
Classification of Compromised versus Maliciously Registered domains ('''COMAR''') is a joint research project with the goal of using machine learning to classify types of domain exploitation.<ref>[https://www.sidnlabs.nl/en/news-and-blogs/distinguishing-exploited-from-malicious-domain-names-using-comar Distinguishing between Malicious and Compromised Domains, SIDN Labs Blog]</ref> It is led by [[SIDN]] Labs, [[AFNIC]] Labs, and Grenoble Alps University (GAU). The Franco-Dutch project distinguishes ''automatically'' between domain names registered by cybercriminals for the purpose of malicious activities and domain names exploited through vulnerable web applications. The project is designed to help intermediaries, such as [[registrars]] and [[ccTLD]] [[registries]], optimize their anti-[[DNS Abuse|abuse]] processes.<ref>[https://comar-project.univ-grenoble-alpes.fr/ COMAR, Grenoble Alpes Uni]</ref> A [[malicious Domain|domain name classified as maliciously registered]] should be blocked by the registry or registrar, by removing the name from the zone file. A [[compromised Domain|legitimate but compromised domain]] name should not be blocked. Instead, just the malicious content should be removed by the hosting provider or domain owner ([[registrant]]).<ref>[https://comar-project.univ-grenoble-alpes.fr/ COMAR Project, GAU]</ref>
==Research Committee==
==Research Committee==
* [[Cristian Hesselman]] (Manager [[SIDN]] Labs)
* [[Cristian Hesselman]] (Manager [[SIDN]] Labs)
* [[Benoit Ampeau]] (Director Partnerships & Innovations, [[Afnic]] Labs)
* [[Benoit Ampeau]] (Director Partnerships & Innovations, [[AFNIC]] Labs)
* [[Maciej Korczyński]] (Faculty member at GAU & PI of the COMAR project)
* [[Maciej Korczyński]] (Faculty member at GAU & PI of the COMAR project)
* [[Sourena Maroofi]] (Ph.D. student at GAU)
* [[Sourena Maroofi]] (Ph.D. student at GAU)

Latest revision as of 03:25, 9 May 2024

Classification of Compromised versus Maliciously Registered domains (COMAR) is a joint research project with the goal of using machine learning to classify types of domain exploitation.[1] It is led by SIDN Labs, AFNIC Labs, and Grenoble Alps University (GAU). The Franco-Dutch project distinguishes automatically between domain names registered by cybercriminals for the purpose of malicious activities and domain names exploited through vulnerable web applications. The project is designed to help intermediaries, such as registrars and ccTLD registries, optimize their anti-abuse processes.[2] A domain name classified as maliciously registered should be blocked by the registry or registrar, by removing the name from the zone file. A legitimate but compromised domain name should not be blocked. Instead, just the malicious content should be removed by the hosting provider or domain owner (registrant).[3]

Research Committee


References