AppSec Europe 2018 has ended
                                                                                    ***Content is subject to change.***
View analytic
Thursday, July 5 • 11:45am - 12:30pm
Detecting and Preventing Malicious Domain Registrations in the .eu TLD LIMITED

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Limited Capacity seats available

In this talk, we report on an extensive analysis of 14 months of domain registration in the .eu TLD. In particular, we zoom in into domain names that are registered for malicious purposes (such as spam, phishing, botnets C&C, ...). The goal of our research is to understand and identify large-scale malicious campaigns, and to early detect and prevent malicious registrations.
Overall, the dataset of this study contains 824,121 new domain registrations; 2.53% of which have been flagged as malicious by blacklisting services. We explore the ecosystem and modus operandi of elaborate cybercriminal entities that recurrently register large amounts of domains for one-shot, malicious use. Although these malicious domains are short-lived, we establish that at least 80.04% of them can be framed in to 20 larger campaigns with varying duration and intensity. We further report on insights in the operational aspects of this business and observe, amongst other findings, that their processes are only partially automated.
 In the last past, we report on our most recent results. Based on the insights of the analysis, we have incepted and developed an automatic prediction system, that classifies at registration time wether a domain name will be used malicious or benign. As such, malicious domain registrations can already be detected and prevented before doing any harm. As part of the talk, we will present the first results of this prediction system, which currently runs in production at EURid, the registry of the .eu TLD.

avatar for Lieven Desmet

Lieven Desmet

Research Manager, imec-DistriNet-KU Leuven
Lieven Desmet is a Senior Research Manager on Software Secure at the imec-DistriNet Research Group (KU Leuven, Belgium), where he coaches researchers in (web) application security and participates in dissemination and valorization activities. His interests are in security of middleware... Read More →

Thursday July 5, 2018 11:45am - 12:30pm
Westminster - 4th Floor QEII Centre Broad Sanctuary, Westminster, London. SW1P 3EE

Attendees (9)