News

Predicting domain names registered with malicious intent

04 July 2024

In January 2024, Thomas Daniels started working on his doctorate, under the supervision of Maarten Bosteels, our R&D manager. Through his PhD, Thomas will help us work on a particularly important matter: how to detect domain names registered with malicious intent, e.g. to be used as phishing websites or fake webshops? Thus, his PhD will not only be captivating to him, but us as well. 

At the moment, Thomas is primarily working on improving the system for detecting malicious registrations

“The goal of the PhD is to work on a way to detect domain names used for fraudulent purposes as fast as possible. Ideally, this would be done at the time of registration to instantly mitigate the risk for everyone,” Thomas specified. 

The focus for the beginning of this PhD, with the cooperation of several colleagues, was to release  “RegCheck” in production by the end of March. 

The idea behind RegCheck is two faced: 

  • predicting domain names which may be used for malicious purposes
  • trying to predict if registrants will go through the process when they are selected for Registrant Verification application.

With his PhD, Thomas thus works on improving the algorithm itself. This is the main aspect of his work on RegCheck. 

But why is this research important? 

What can it bring to DNS Belgium, and even the whole sector? Well, it is imperative to work on this subject because we, at DNS Belgium, want a safe internet for all the users out there. "Thanks to our strong focus on cybersecurity, the .be TLD is one of the safest TLD's in the world and we want to keep it that way.” as Maarten added. To attain such a goal, malicious registrations need to be detected quickly, preferably before they enter the .be zone so that they cannot be weaponized. Not only DNS Belgium would benefit from this, but the whole digital field

Thanks to our strong focus on cybersecurity, the .be TLD is one of the safest TLD's in the world and want to keep it that way.

To work on RegCheck, DNS Belgium is not alone. In fact, we collaborate with registries from other countries. More registries may be coming to work on the matter. For now, other future cooperation is not certain, but still in check for feasibility. 

From Thomas’ point of view, there are 2 aspects of the work which are important and interesting. 

“First, the direct application of having less malicious registrations, resulting in less victims online with .be and a safer internet. Second, the scientific aspect of generating results that are useful beyond the direct application we are working on.” There is an interest to see if this will be transferable to other fields as well to solve problems there. 

Finally, Thomas added that he wants his PhD to have an impact, “hopefully, the PhD will yield significant value and have a big impact as well” To this, Maarten added that on a more general note "it is also nice to keep learning and improving on such things. Testing new technologies is always very interesting.” 

Actually, Maarten is looking forward to the next stages where Thomas will be using more data. “This will bring interesting new results.” Also, he hopes that collaboration with the other registries and organisations can help. 

To help with the progress of the doctorate, Thomas and DNS Belgium applied for the “Baekeland mandate”. The latter is a program from the Flemish Government which provides funding for PhD students who work with an organisation. Once the mandate granted, 70% of the costs are then paid by VLAIO, the Agency for Innovation and Entrepreneurship in Flanders.

This is beneficial for the company working with the student. But for Maarten, the benefits go further than the financial aspect. In fact, as he mentioned: “the grant from VLAIO confirms that fighting phishing and other online fraud is an important challenge and that we, DNS Belgium, and Thomas have the capacity to tackle it” (with the support of KU Leuven of course). Not all companies get the mandate, so to be granted it shows the seriousness and worthiness of what DNS Belgium and Thomas seek to achieve through the PhD. 

With this article, we support the United Nations Sustainable Development Goals.