“PREDATOR” – A system that allows early detection of malicious cyber activity

Making an analysis of domain names at the time of registration is thought to be an effective way in the early detection for potential cyber-attacks and spam messages in the future.

This was noticed by American professors and the International Computer Science Institute who created the system PREDATOR: Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration.

DNS

Many people use the Domain Name System (DNS) without even realising. It’s a system that turns domain names into Internet Protocol (IP) so computers can be identified on the network. Think of it as your computer’s digital GPS system.

It all sounds great, but cyber-attackers can abuse DNS. They can misdirect users to sites that contain scams, phishing, and other malicious software.

Existing defence mechanisms

Operators and organisations’ cyber-security teams are continually looking for ways to fight cyber-attacks. The most common way of doing this is to develop a blacklist of “bad DNS'”. By doing so, operators and cyber-security teams can determine whether the traffic is malicious or not. However, this method is not the most effective one as it may take days or weeks to develop the DNS blacklist.

By that time cyber-attackers could cause some hefty damage.

It’s also difficult to draw up a blacklist as there are millions of domains registered on a continual basis, and there are a variety of attacks happening all the time. This makes it understandably difficult to prepare for cyber-attacks.

PREDATOR

The new PREDATOR system seeks to make up for the DNS blacklists failures.

At the time of the domain registration, the PREDATOR system will make a note of any suspicious behaviour, like the threat of a malware campaign. Cyber-attackers often bulk-buy and register new domains daily to enable them to launch large attacks through spam, phishing, and denial of server hacks, so keeping an eye on what may be obviously “unusual” behaviour can be a smart way of improving security for all of us.

The PREDATOR system is developed as a one-time registration to establish a domain reputation. The system is designed on the fact that cyber-attackers need to get hold of a large database of domain names to ensure that their attack is financially beneficial, which can flag up on the system. The detection rate of 70% makes it an effective first line of defence. The system is reportedly quick enough to predict the cyber-attacks days or weeks earlier than the DNS blacklists as well.

When registering a domain, it’s important to ascertain the domain’s reputation and its association with malicious activity. In doing so, it allows the cyber-security team to be ‘one step ahead’ of the game, thus protecting users and fending off any potential threats.

It is trickier when it comes to existing domains. There are more patterns and contents to look up when observing existing domain reputation systems. This can usually be too late to prevent cyber-attackers.

Complementary system

Cyber-security is becoming increasingly important in the digital era. Cyber-attacks are costing businesses and organisations millions.

PREDATOR seems to be a system that is effective through the use of its ‘state-of-the-art’ defence mechanisms. It can detect malicious activity much earlier than DNS blacklists, and it analyses domain registration to prevent illegitimate registration behaviour. However, existing cyber-security mechanisms should still be used, but I believe the PREDATOR will only enhance the cyber-security system, and not replace it.