PaDAWaNS: Proactive Domain Abuse Warning and Notification System
T.L.M. Brands (TU Delft - Electrical Engineering, Mathematics and Computer Science)
C. Doerr – Mentor
Maarten Wullink – Mentor
J. C.A. van der Lubbe – Graduation committee member
DMJ Tax – Graduation committee member
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
The counterfeit market is rapidly expanding into the online realm. Large amounts of fraudulent webshops advertise luxury clothing and fashion accessories, but ship counterfeit products to their customers. Apart from customers, brand owners and domain registries experience a negative impact caused by these fake webshops. Current countermeasures are slow and of a reactive nature, leaving a large enough window of opportunity for criminals to make a profit. This thesis introduces a proactive mitigation approach that can be deployed at domain registries. By predicting whether a newly registered domain will be used to sell counterfeit merchandise, preventive countermeasures can often be taken in advance, minimizing the criminals' window of opportunity and profits. These predictions are made by training a detection model using both registrant information and infrastructure measurements of the registered domains. To evaluate the prediction system, new domain registrations are classified for a period of 6 months. Registrations classified as malicious are then monitored for signs of abuse. Overall, the system is able to detect malicious registrations with reasonable precision. Additionally, the body of abusive domain registrations created during this thesis project is analyzed to gain insights into the methods used to host counterfeit webshops, which can be used as a starting point for future research.