10/24/2024 | News release | Distributed by Public on 10/24/2024 15:21
The Inferential Analysis of Maliciously Registered Domains (INFERMAL) Project, funded by ICANN and conducted by KOR Labs, is dedicated to understanding the selection patterns behind cybercriminals' preferences for specific domain name registrars and top-level domains (TLDs) in their phishing operations. Our goal is to dissect the factors that make certain registrars and TLDs particularly attractive to attackers, focusing on pre-selected features grouped into three categories: registration attributes, proactive verification, and reactive security practices.
These attributes include the services and policies offered by registrars that can be exploited by malicious actors:
This category encompasses the measures registrars employ to validate registrant information during the registration process:
Reactive practices focus on how registrars respond to detected abuse:
To enhance our analysis, INFERMAL consolidates related features. For instance, multiple payment methods are categorized into broader groups (e.g., "payment crypto," "payment digital wallet"), and various security restrictions are aggregated into a composite indicator. This approach enhances the model's interpretability and reliability.
By examining registration attributes, proactive verification, and reactive security practices, our research aims to illuminate the factors contributing to malicious domain registrations. This analysis not only reveals the mechanisms of domain abuse but also highlights the complexities of malicious activities within the registration landscape.
Feature selection was the step behind the final analysis of the INFERMAL project. After the features are selected and collected, the project leads are going to build statistical models to see if they can explain why and to what extent certain features play a role in DNS abuse. This is the last deliverable of the project: INFERMAL's final report.
Upon our agreements, the final report will be submitted to the Office of the CTO's Security, Stability, and Resiliency team by late October. After that, it will undergo internal reviews.
We hope to publish the INFERMAL report to our community in early November 2024, just before the ICANN81 meeting.
Samaneh is a reporting to John Crain, Chief Security, Stability & Resiliency Officer and is part of the Office of CTO (OCTO) group. She is based in ICANN's Europe Region and will be working remotely from the Netherlands. As the SSR Specialist, Samaneh works in close coordination with other ICANN organization functions to implement ICANN's Security, Stability and Resiliency strategies. Samaneh carries out research on DNS security and abuse. She also represents ICANN on matters relating to the SSR of the Internet's system of unique identifiers within ICANN's remit as well as helping to develop technical work, positions and produce materials related to the administration of those identifiers from an SSR perspective.
Samaneh is from a multi-disciplinary background. While she is an Electronics Engineer by training, she studied Engineering and Policy Analysis for her masters. She holds a PhD degree in Internet Security and Data Analytics from the Delft University of Technology in the Netherlands. She worked as a Post-Doctoral researcher at the same university where she did research on banking security and underground markets utilizing advanced statistical techniques and machine learning.
She has collaborated with other research teams as a visiting scholar; at KU Leuven, DistriNet Research Group she worked on Internet measurements to estimate web vulnerabilities and measure patching practices of hosting servers. Additionally, she worked with scholars from the security and privacy lab at University of Innsbruck on designing abuse metrics that can reliably measure security performance of Internet identifiers.
Samaneh has authored publications on web security, cyber security, Internet measurements, underground economy, and development of security metrics design using advance statistical methods.
Samaneh speaks English, Farsi, Dutch and has basic knowledge in Arabic. She is a big fan of board games. In her free time, she runs, plays tennis, and piano.