Site Sponsor:

mcafee_logo.gif
line

Now Available:

Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Dan or post a comment to the blog.

« Basics of E-discovery | Main | Celebrity Popularity and Spam »

Detecting Automatically Registered Domains

Bots are now being used to register domains giving attackers more options for pushing malware and launching phishing attacks. Fortunately, some basic text analysis techniques seem to the key to detecting when a machine registers a domain instead of a human.

Dark Reading is reporting on a tool from WebSense that seems to use n-grams or something similar:

The tool's algorithm determines whether a domain name was registered by man or machine, by assessing whether the domain and URL are "human consumable," or "whether someone would type that into a URL or search for that" site. It scores the likelihood of maliciousness of the domain and host name based on patterns in the name.

There aren't a lot of details on how this works for obvious reasons but a combination of n-gram and regular expression patterns culled from examples of machine registered domains would be my guess for the underlying algorithms.

Tags:          
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Dan Sullivan on March 6, 2008 5:11 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-websecurity.com/type/mt-tb.cgi/658

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Latest White Papers

line

Blog Roll

line

Dan Sullivan's Bio:

Dan Sullivan is a systems architect with 20 years of IT experience that includes engagements in enterprise security, application design, and systems architecture. His experience includes a broad range of industries, including financial services, manufacturing, government, retail, gas and oil production, power generation, and education. Dan’s security-related project work has ranged from requirements analysis for enterprise information security to designing and implementing security for database applications and enterprise portals. Dan has written about information security and other enterprise information management topics for Business Security Advisor, DM Review, Intelligent Enterprise, and E-Business Advisor. You can contact Dan at: dan_sullivan@realtimepublishers.net