Logo
ICANN
ICANN
Filtered Search

Are you sure you want to sign out from http://www.icann.org?

If you want to sign out from both http://www.icann.org and ICANN Account, click here.

ICANN Blogs

Read ICANN Blogs to stay informed of the latest policymaking activities, regional events, and more.

Update on ICANN-Funded INFERMAL Project Designed To Combat DNS Abuse

25 October 2023
By
Samaneh Tajalizadehkhoob

Samaneh Tajalizadehkhoob

Director, Security, Stability and Resiliency Research

Samaneh is a reporting to John Crain, Chief Security, Stability & Resiliency Officer and is part of the Office of CTO (OCTO) group. She is based in ICANN’s Europe Region and will be working remotely from the Netherlands. As the SSR Specialist, Samaneh works in close coordination with other ICANN organization functions to implement ICANN’s Security, Stability and Resiliency strategies. Samaneh carries out research on DNS security and abuse. She also represents ICANN on matters relating to the SSR of the Internet’s system of unique identifiers within ICANN’s remit as well as helping to develop technical work, positions and produce materials related to the administration of those identifiers from an SSR perspective.

Samaneh is from a multi-disciplinary background. While she is an Electronics Engineer by training, she studied Engineering and Policy Analysis for her masters. She holds a PhD degree in Internet Security and Data Analytics from the Delft University of Technology in the Netherlands. She worked as a Post-Doctoral researcher at the same university where she did research on banking security and underground markets utilizing advanced statistical techniques and machine learning.

She has collaborated with other research teams as a visiting scholar; at KU Leuven, DistriNet Research Group she worked on Internet measurements to estimate web vulnerabilities and measure patching practices of hosting servers. Additionally, she worked with scholars from the security and privacy lab at University of Innsbruck on designing abuse metrics that can reliably measure security performance of Internet identifiers.

Samaneh has authored publications on web security, cyber security, Internet measurements, underground economy, and development of security metrics design using advance statistical methods.

Samaneh speaks English, Farsi, Dutch and has basic knowledge in Arabic. She is a big fan of board games. In her free time, she runs, plays tennis, and piano.

 

I am happy to update you on progress made in a recently announced, ICANN-funded research project called Inferential Analysis of Maliciously Registered Domains (INFERMAL). The INFERMAL project aims to uncover cyberattackers' preferences in maliciously registering domain names and study the pragmatic measures employed to mitigate against Domain Name System (DNS) abuse. As you may know from my previous blog, we have funded Kor Labs for the project and Dr. Maciej Korcynszky is conducting the research.

Domain names are a shorthand for Internet Protocol addresses, and enable the easy navigation on the Internet. While the overwhelming majority of domain name registrations are harmless and the amount of DNS abuse has declined over the years, cybercriminals continue to register new domains to launch large-scale attacks, such as phishing or spam campaigns. This poses significant threats to Internet users and the security of the entire Internet ecosystem.

The project is relevant to ICANN, its community, and end users for several reasons. Since October 2013, ICANN has incorporated hundreds of new generic top-level domains (gTLDs) into the DNS. We are now preparing to add even more through ICANN's New gTLD Program.

Notably, previous ICANN-funded research revealed a shift in attackers' behavior as they transitioned from exploiting legacy gTLD domains to targeting domains in the new gTLD domain name space. The study also found that exceptionally low registration prices attract cyber criminals. This poses a significant challenge to the domain name market: attracting legitimate gTLD registrations while simultaneously implementing robust measures to deter malicious registrations.

Below is a timeline of this important project.

Timeline

Phase 1: By the end of November 2023, the project team intends to extract malicious domain names from large samples of domain names and map them to their corresponding registration information at the time of their registration.

Phase 2: By July 2024, the team plans to perform an analysis of identified security measures that help mitigate DNS abuse. The team also intends to summarize a study on how quickly abusive domain names are suspended after operators are notified about the abuse.

Phase 3: Finally, by September 2024, the team plans to publish a final report in the form of a research paper. The project will also propose best practices to effectively mitigate abuse.

To learn more details about the project, please see the project's dedicated website.

Authors

Samaneh Tajalizadehkhoob

Samaneh Tajalizadehkhoob

Director, Security, Stability and Resiliency Research
Samaneh Tajalizadehkhoob

Samaneh Tajalizadehkhoob

Director, Security, Stability and Resiliency Research

Samaneh is a reporting to John Crain, Chief Security, Stability & Resiliency Officer and is part of the Office of CTO (OCTO) group. She is based in ICANN’s Europe Region and will be working remotely from the Netherlands. As the SSR Specialist, Samaneh works in close coordination with other ICANN organization functions to implement ICANN’s Security, Stability and Resiliency strategies. Samaneh carries out research on DNS security and abuse. She also represents ICANN on matters relating to the SSR of the Internet’s system of unique identifiers within ICANN’s remit as well as helping to develop technical work, positions and produce materials related to the administration of those identifiers from an SSR perspective.

Samaneh is from a multi-disciplinary background. While she is an Electronics Engineer by training, she studied Engineering and Policy Analysis for her masters. She holds a PhD degree in Internet Security and Data Analytics from the Delft University of Technology in the Netherlands. She worked as a Post-Doctoral researcher at the same university where she did research on banking security and underground markets utilizing advanced statistical techniques and machine learning.

She has collaborated with other research teams as a visiting scholar; at KU Leuven, DistriNet Research Group she worked on Internet measurements to estimate web vulnerabilities and measure patching practices of hosting servers. Additionally, she worked with scholars from the security and privacy lab at University of Innsbruck on designing abuse metrics that can reliably measure security performance of Internet identifiers.

Samaneh has authored publications on web security, cyber security, Internet measurements, underground economy, and development of security metrics design using advance statistical methods.

Samaneh speaks English, Farsi, Dutch and has basic knowledge in Arabic. She is a big fan of board games. In her free time, she runs, plays tennis, and piano.

 

You May Also Like