Detection of malicious and abusive domain names

Egon Kidmose, Erwin Lansing, Søren Brandbyge, Jens Myrup Pedersen

Research output: Contribution to book/anthology/report/conference proceedingArticle in proceedingResearchpeer-review

2 Citations (Scopus)


The Domain Name System (DNS) is a critical component of the Internet, and as such it is widely relied upon by a large part of the world. Consequently, it can be abused for multiple purposes, with financial gain being perhaps the most obvious, and important. An important countermeasure to such criminal and malicious activity is to identify involved domains, in order to blacklist or otherwise disable them. In this paper we provide the results of studying existing work on detecting malicious domains and analyse the findings. We identify an approach which is promising but has received surprisingly little attention; Pre-registration detection. We identify the following gaps between the problem of domain abuse, and the described state-of-The-Art: Existing work on Pre-registration is strictly focused on a single form of abuse, spam, hence it must be explored if Pre-registration detection can be applied to other forms of abuse as well. Existing work, on both Pre-and Post-registration detection, is focused on a few Top-Level domains (TLDs) and Registries, prompting for studies with other TLDs and Registries. There is relevant information, including Registrant-based features, that has not yet been used for Pre-registration detection-which also calls for investigation. Finally, a study of a real-world deployment of Pre-registration detection at a Registry has not yet been presented, despite the potential of the approach. We contribute with an analysis of existing work, by identifying the state-of-The-Art, and by identifying important areas of future work.

Original languageEnglish
Title of host publicationProceedings - 2018 1st International Conference on Data Intelligence and Security, ICDIS 2018
Number of pages8
Publication date2018
ISBN (Print)978-1-5386-5763-8
ISBN (Electronic)978-1-5386-5762-1
Publication statusPublished - 2018
EventThe 1st International Conference on Data Intelligence and Security - South Padre Island, United States
Duration: 8 Apr 201810 Apr 2018


ConferenceThe 1st International Conference on Data Intelligence and Security
LocationSouth Padre Island
CountryUnited States
Internet address



  • Abuse
  • DNS
  • Detection
  • Domain
  • Domain name
  • Maliciousness
  • Malware
  • Phishing
  • Pre registration
  • Registration
  • Registry
  • Spam
  • Time of registration

Cite this

Kidmose, E., Lansing, E., Brandbyge, S., & Pedersen, J. M. (2018). Detection of malicious and abusive domain names. In Proceedings - 2018 1st International Conference on Data Intelligence and Security, ICDIS 2018 (pp. 49-56). IEEE.