SafeDNS is excited to announce that now the new system for detecting malicious internet resources allows to block almost all of them to further improve protection of SafeDNS users online.
Based on continuous machine learning and user behavior analysis, the new SafeDNS system is a great step forward from static lists of categorized resources to dynamically created databases. SafeDNS research team has produced a technology allowing to detect malicious internet resources with 98% precision.
This unparalleled technology developed by the company's research team takes SafeDNS to a different, much higher level – on par with global leaders of the industry, as our ability to detect and filter out malware and botnets has significantly improved. The technology gives SafeDNS a competitive edge as it detects malicious resources overlooked by the analogous systems of other vendors.
This is achieved through processing and analyzing data of the company's filtering service to pinpoints attributes of malicious resources necessary to make the new dynamic classifier efficient. One of the most important attributes is group activity. Usually, a fixed number of users requests a malicious resource during such a short period of time as a couple of hours. And this malicious group activity can be detected. On the contrary, if a resource is legitimate, it is requested by occasional users, rather than a fixed group of them.
Within every time frame users are grouped according to the servers requested. And the latter are either blacklisted or whitelisted altogether excluding resources which are rarely requested. Every time frame is compared to the others from the point of view of the resources visited. If they are frequented by mostly the same groups of users, it can be assumed the resources are malicious ones. To identify how similar these groups of users really are, SafeDNS has tried different approaches and found the Jaccard similarity coefficient the most appropriate one.
The procedure for defining the user groups' "similarity" is very complex and is the key to the quality of detecting malicious resources. Despite all the difficulties, SafeDNS research team has managed to achieve 98% precision in detecting all kinds of malware in real conditions.
Such an outstanding accuracy is made possible with the addition of the internet resources ranking method. Namely, two ranks are introduced – one of maliciousness and the other of legitimacy. Both of them are computed on a continuous basis and independently from one another in correlation with analyzing the shares of users requesting particular resources during the predetermined time frames.
Having assembled the diverse methods into a single model, the system detects malicious internet resources enlarging the SafeDNS database of them. Since the system is fully integrated in the company's web content filtering service, the SafeDNS database of malware has increased by over 66% and continues to grow. And with that, the number of malicious resources being blocked by the SafeDNS web filtering service has also grown. It plays a very important role in increasing the service users' internet security against ever growing number of online threats.
Data provided by the new system is available for usage through the company's open API of categorized internet resources.