Scientists develop Predator system to identify malicious website users
Researchers at Princeton University, through this system identify between legitimate and malicious purchasers of new websites. They study the behaviour of both the groups and prevent any harmful activity from taking place.
Scientists
are developing a new system that will make it more difficult to register
websites for immoral purposes, even before the malicious users have done
anything harmful. The system called PREDATOR, developed by researchers at
Princeton University in the US distinguishes between legitimate and malicious
purchasers of new websites. It yields important insights into how those
two groups behave differently online even before the anything obviously bad or
harmful is done. These early signs of likely evil-doers help security
professionals take pre-emptive measures, instead of waiting for a security
threat to surface.
“The intuition has always been that the way
that malicious actors use online resources somehow differs fundamentally from
the way legitimate actors use them,” said Nick Feamster, professor at Princeton
University. ”We were looking for those signals: what is it about a domain
name that makes it automatically identifiable as a bad domain name?” said
Feamster. Once a website begins to be used for malicious purposes – when it is
linked to in spam email campaigns, for instance, or when it installs malicious
code on visitors’ machines – the defenders can flag it as bad and start
blocking it.
However, by then, the site has already been
used for the very kinds of behavior that we want to prevent. PREDATOR, which
stands for Proactive Recognition and Elimination of Domain Abuse at
Time-Of-Registration, gets ahead of the curve. The researcher’s techniques rely
on the assumption that malicious users will exhibit registration behavior that
differs from those of normal users, such as buying and registering lots of
domains at once to take advantage of bulk discounts, so that they can quickly
and cheaply adapt when their sites are noticed and blacklisted.
Criminals will often register multiple sites
using slight variations on names: Changing words like “home” and “homes” or
switching word orders in phrases. By identifying such patterns, researchers
were able to start sifting through the more than 80,000 new domains registered
every day to preemptively identify which ones were most likely to be used for
harm. Testing their results against known blacklisted websites, they found that
PREDATOR detected 70 percent of malicious websites based solely on information
known at the time those domains were first registered.
The false positive rate of the PREDATOR
system, or rate of legitimate sites that were incorrectly identified as
malicious by the tool, was only 0.35 percent. Being able to detect malicious
sites at the moment of registration, before they are being used, can have
multiple security benefits, Feamster said. Those sites can be blocked sooner,
making it difficult to use them to cause as much harm — or, indeed, any harm at
all if the operators are not permitted to purchase them.
Source | http://www.bgr.in/news/scientists-develop-predator-system-to-identify-malicious-website-users/
Regards
Pralhad
Jadhav
Senior
Manager @ Library
Khaitan
& Co
No comments:
Post a Comment