web analytics

PREDATOR : Princeton students develop malicious domain detection tool


A team of Princeton students has developed PREDATOR, a tool that detects malicious domain names as soon as they get registered.

Princeton University computer science professor Nick Feamster and Ph.D. student Shuang Hao have developed PREDATOR to identify and detect domain names used for nefarious purposes.

PREDATOR is an acronym that stands for Proactive Recognition and Elimination of Domain Abuse at Time Of Registration, a proactive reputation system that can accurately and automatically identify malicious domains at time of registration, rather than later at time of use.

The Princeton team presented PREDATOR at the 2016 ACM Conference on Computer and Communications Security. PREDATOR can distinguish between legitimate and malicious domain registrations, achieving a detection rate of 70% and only 0.35% false positives.

According to the paper, PREDATOR is based on the intuition that, to make domain purchase as economical as possible miscreants must register large quantities of domains – typically in bulk – to ensure that they can remain agile as individual domains are blacklisted or taken down.


During the testing period, PREDATOR utilized zone files to scan through 80,000 domain names per day, for .com and .net TLDs. The system also utilizes SpamHaus black lists, in a deep learning fashion.

PREDATOR analyses the registration behavior of domain scammers, who – for example – would utilize cheap domain registrars or use promotional discounts to acquire domains as cheap as possible.

To evade PREDATOR, scammers and other miscreants would have to pay a minimum of 3 times as much in order to register domains that intentionally avoid the patterns the domain tool detects.

Definitely a piece of software that could become instrumental in the battle against spammers and scammers.


Copyright © 2019 DomainGang.com · All Rights Reserved.


2 Responses to “PREDATOR : Princeton students develop malicious domain detection tool”
  1. Eric Lyon says:

    Very nice! Too bad it can’t detect them prior to registration.

Leave a Reply

Your email address will not be published. Required fields are marked *

 characters available