A group of scientists at the Hamad Bin Khalifa University’s Qatar Computing Research Institute (QCRI) has invented a new tool to identify unknown malicious domains by using a real-life “guilt by association” principle.
The researchers, led by Issa Khalil and Ting Yu, have developed a prototype that can detect malicious domains by analysing the movements and previous associations of a domain address.
Malicious domains are involved in many cyber security attacks including Distributed Denial of Service (DDoS) attacks, in which web servers are attacked and become unusable. They are also a source of phishing, whereby criminals dupe e-mail users to disclose information by posing as reputable entities; and are used to control botnets, when armies of infected machines without their owners’ knowledge can propagate malware and send spam messages.
Khalil said the tool, dubbed Guilt by Association Inference of Malicious Domains, used data from public Domain Name Service (DNS) records and other interested parties to provide high-quality intelligence of potentially
“One would consider an unknown person suspicious if he mostly hangs around with known criminals and trustworthy if he hangs around
with known good people,” Khalil said.
“Similarly, in the context of malicious domains, hanging around can be interpreted in different ways including moving from one web-hosting provider to another in flocks, being hosted on similar IPs, accessed by similar set of clients, or having similar registration records, among other behaviour.”
An example used by the researchers in developing the tool was a tendency by owners of malicious domains to “run”, changing the hosting of their domains from one service provider to another to avoid being detected and blocked.
The research findings are to appear in the ACM AsiaCCS conference to be held in June.
LEAVE A COMMENT Your email address will not be published. Required fields are marked*
Amir, Italian president hold official talks
Qatar-Croatia talks focus on bolstering ties
Advisory Council discusses draft law on media city
Amir sends message to Lebanese president
Workshop discusses efforts to establish barcode office in Doha
Advisory Council discusses two decrees
Sudan govt: Doha Document is basis for peace in Darfur
Early Childhood Assistant Teacher programme graduates felicitated
QIB, QPAY launch first Islamic ‘Point of Sale’, online payment gateway