SIDN Labs, Afnic Labs and Grenoble Alps University have commenced a new research project on the “Classification of compromised versus maliciously registered domains” (COMAR).
The Franco-Dutch project, which commenced on 1 October, will address the problem of automatically distinguishing between domain names registered by cybercriminals for the purpose of malicious activities, and domain names exploited through vulnerable web applications. The project is designed to help intermediaries such as registrars and ccTLD registries further optimise their anti-abuse processes.
The ultimate goal of COMAR is to develop a machine learning-based classifier that labels blacklisted domains as compromised or maliciously registered, then extensively evaluate its accuracy, and implement it for a production-level environment. They also plan to study the attackers’ profit-maximising behaviour and their business models. The project will apply a classifier to unlabelled domain names of URL blacklists, for example, to answer the following question: do attackers prefer to register malicious domains, compromise vulnerable websites, or misuse domains of legitimate services such as cloud-based file-sharing services in their criminal activities?
COMAR is a joint project of SIDN Labs, Afnic Labs, and Grenoble Alps University. SIDN is the country code top level domain (ccTLD) registry for .nl, Afnic for .fr and Grenoble Alps University is aiming to establish itself as a leading cybersecurity research centre in the Rhône-Alpes region in France.
For more information on the research project, see: