Skip to main content

1st AI-driven proactive suspension system for domain names

4 Feb. 2020

Over 3.6 million .eu domain names are registered by businesses and private individuals. EURid, the organization that manages the .eu internet space, has launched an award winning AI-driven system that can detect which .eu domain names will be used for malicious purposes, and automatically suspends those before they can do any harm.

Project APEWS – Abuse Prevention and Early Warning System – is the first ever system that can detect domain name abuse before it takes place and bases its decisions on novel machine learning algorithms developed at KU Leuven.

In 75% of the cases where the system flagged a domain name, the prediction was confirmed by third-party abuse indicators. Since its deployment in January 2018, over 60.000 malicious .eu domain name registrations were correctly identified.

CEO Marc Van Wesemael: “Creating a trustworthy .eu space is our primary goal. APEWS is the flagship of our prevention strategy. It has a deterrent effect on cybercriminals, making .eu domains safer for its users.”

Detecting abuse at the earliest possible

Cybercriminals use domain names to send spam, to distribute malware or to set up a botnet (a network of private computers infected with malicious software and controlled as a group). Until recently, blacklists were the best way to react to these attacks. Subscribers could block incoming or outgoing communication with ‘bad’ domain names on the list. But blacklists can only be used once the harm has already been done.

APEWS, on the other hand, kicks in at the very beginning: when a .eu domain name is registered. EURid worked on APEWS alongside with KU Leuven for four years.

First, parts of the 3.6 million .eu domain names were matched against blacklists. Every detail of the matching domain names was then used to train the predictive model. This resulted in a comprehensive scoring model.

APEWS now continuously watches over the safety of the .eu cyberspace. Every newly registered domain name is scored on these predictive indicators. If the score is too low, the domain name is automatically suspended before it’s active.

This process discourages cybercriminals to use a .eu domain name in the first place. The system continuously learns from previous experience, making it more and more difficult for cybercriminals to avoid detection.