SecAppDev 2019 has ended
Back To Schedule
Thursday, February 21 • 09:00 - 10:30
Detecting and preventing domain name abuse in the .eu TLD

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

To operate their malicious activities, cybercriminals register a constant flux of domain names. In this talk, we explore their modus operandi and discuss mitigations at the registry level.

This session reports on an extensive analysis of 14 months of domain registration in the .eu TLD. In particular, we investigate domain names that are registered for malicious purposes (such as spam, phishing, botnets C&C, ...). The goal of our research is to understand and identify large-scale malicious campaigns and to detect and prevent malicious registrations early.

We explore the ecosystem and modus operandi of elaborate cyber criminal entities that recurrently register large amounts of domains for single, malicious use. We further report on insights in the operational aspects of this business and observe, for instance, that their processes are only partially automated.

Finally, we present our automatic prediction system, that classifies at registration time whether a domain name will be used maliciously or benign. As such, malicious domain registrations can effectively be prevented from doing any harm. As part of the talk, we discuss the first results of this prediction system, which currently runs in production at EURid, the registry of the .eu TLD.

This session is intended for anyone interested organized cyber-crime, or in the use of data mining and machine learning for security.


Lieven Desmet

Senior research manager, KU Leuven

Thursday February 21, 2019 09:00 - 10:30 CET
West wing (room Lemaître)