Computers on Focus - Online Security Guide

06:30 午後
05 December 2024

NLPRank by OpenDNS to Fight Malicious Domains

NLPRank by OpenDNS to Fight Malicious Domains

NLPRank (Natural Language Processing rank) is a threat detection technology, which is currently being developed by OpenDNS. NLPRank employs specific algorithms, more common for bioinformatics and data mining rather than IT security. Nevertheless, the new system aims at websites and domains protection from cyber crime attacks. In particular, NLPRank is set to vastly and accurately detect phishing and sites that lead to the downloading of malware.

NLPRank is designed by the OpenDNS security researcher Jeremiah O’Connor. The expert and his team observed hundreds of phishing emails sent to employees and found out they all have links to malicious domains. The interesting part is that those domains usually consist of the names of well-known tech companies and software, plus words like “login”, “update”, 等. The tricky combination has lured many people into thinking that the links in their emails are legitimate.

It is no surprise that OpenDNS has started working on such technology. The company, which was founded in 2005, provides phishing detection and optional content filtering to DNS services. It also owns a cloud computing security product called Umbrella. Umbrella is set to protect from all sorts of malicious software and cyber attacks. So it is safe to assume that NLPRank is the next logical solution in OpenDNS’s bundle.

How Does NLPRank Function?

Shortly described, the technology ‘scans’ the domain name in order to detect whether it’s malicious or not. The innovative tool is also able to recognize such domains by estimating the ASN (Autonomous System Number) data of legitimate domains. That is how NLPRank prevents false positives.

To understand how exactly the tool works, one has to pay attention to the cyber criminals methods. Many attackers use domains like update-java.net and adobe-update.net. In order to determine their fraudulent character, NLPRank uses a minimum edit-distance on substrings to determine the word distance between legitimate and fake URL domains. For instance, the tool would compare malware.com and rnalware.com, linkedin.com and 1inkedin.net.

Many researchers believe that NLPRank will be a milestone in the fight against cyber crime.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload the CAPTCHA.