Machine Learning and AI in the DNS Abuse Space

Depending on whom you are speaking to, AI is a hero technology that moves evolution forward or it is the ultimate evil that ends humanity.

Those who don’t work with AI daily might not know that, in practicality, AI is used in cancer screening, automating rote tasks, and, in the case of the Internet infrastructure industry, can take over for humans during the more psychologically harmful instances of vetting certain kinds of online abuse.

But how do you build trust in AI systems when the general public’s greatest association with Artificial Intelligence is Cyberdyne Systems’ Skynet from the Terminator movies? Or when the people who make the film and television we love are striking with a focus on AI amendments to their contracts to address the (legitimate) fear that GPTs are being trained using the existing work of writers and actors to produce new work created by mining their “voices”?

How do you build trust that the technology can aid in the dampening of real harms while keeping an eye on the editorial alarm bells that AI will destroy our species? Michael Halvorsen, the CEO of the cybersecurity and business intelligence company iQ Global, has been doing a deep dive on AI and Machine Learning in regard to ways we can use it to perform or enhance Domain Abuse Mitigation. The answer, at least from his perspective, is to build trust by deploying AI and Large Language Models in products developed with a strong ethical compass and keeping the focus on good Internet stewardship.

Halvorsen explains that: “Using Machine Learning as a tool in mitigation has become integral in the day-to-day work of detecting malicious domains. We have recently created iQ Domain Risk Score, a service that will detect malicious domains as a tool to prevent some instances of abuse before it happens. Basically, we are using string analytics algorithms and machine learning to detect the risk level associated with domains.

“To assess the risk, we look at a domain name at the point of registration and evaluate it based on a set of criteria we already know would indicate an abusive registration. An example of this kind of detectable behavior would be if a brand name is being registered with common abuse affixes, if there is high entropy in random letters and numbers, or if there are a lot of dictionary words in random orders.

“All we need is the domain name and the API conducts a thorough risk analysis. The API can be used at any point during the domain name registration process, but I imagine it will be most commonly used during post provisioning.”

Proactive abuse mitigation at the point of registration can be a transformative tool but does not replace current reactive mechanisms.

Halvorsen continues: “The necessity to gather and scrutinize reports from trusted notifiers remains paramount. iQ dedicates substantial resources to meticulously curate these feeds, with a focus on ensuring high-quality information over sheer volume. To further refine this procedure and elevate its effectiveness, iQ is actively incorporating Artificial Intelligence, Computer Vision, and Machine Learning technologies to advance the process.”

Machine learning and AI are changing the way Halvorsen thinks about mitigating DNS Abuse. For instance: “We are currently experimenting with the utilization of Large Language Models (LLMs), inclusive of generative pre-trained transformers (GPT), for the assessment of evidence associated with abuse reports. These sophisticated models excel at evaluating and deciphering complex non-conforming data, such as the analysis of web content and email correspondence.

“Every abuse report amassed by the iQ Abuse Feed repository is subjected to rigorous evidence collection. This process encompasses a comprehensive examination of the domain, including its history, present state, DNS records, WHOIS data, website content, registry, and registrar, among other factors. All these data points serve as inputs for our Machine Learning (ML) models, which are exceptionally proficient in discerning patterns that may elude human detection.

“I am excited about the potential of the synergistic application of Artificial Intelligence (AI), Computer Vision, and ML to improve the capacity to enhance evidence and improve the automation and efficiency of the abuse mitigation processing.”

Halvorsen strongly believes that AI will profoundly reshape our world, including the domain and Internet sectors. He explains: “AI will equip us with innovative tools and strategies to combat abuse in ways previously unimaginable. However, it's inevitable that these technological advancements will also attract nefarious actors seeking to exploit this technology for malevolent purposes.

“For instance, the detection of spam email and phishing attempts will become considerably more challenging due to the significant enhancements in content quality. These advancements will not only improve grammar and writing style, but also enable personalized messaging, making each email appear tailor-made for the recipient.

“Moreover, bad actors might leverage automated language models akin to Auto-GPT for devious ends. They could potentially automate sign-ups using fraudulent credit cards, spawning tens of thousands of websites teeming with custom-made content, rapidly and inexpensively. Companies lagging behind in leveraging AI to tackle these evolving fraudulent activities will find themselves at a severe disadvantage.

“Furthermore, AI is set to revolutionize our interaction with software. Typing or voice-based dialogue with software will become the new norm. While the likes of Siri and Alexa have been initial forays into this realm, the evolution of AI promises a more efficient realization of this concept, enabling the completion of intricate, multi-step tasks. This development will inform the design of application user interfaces, with apps and services becoming more conversational. Users will express their desired outcome, rather than navigating complex menus or memorizing keyboard shortcuts.”

While the full picture of how we can use AI and LLMs to combat online harms and DNS Abuse continues to unfold, it is clear that consistently moving the technology into a place that is ethically sound is key to maintaining the Internet we want.

Kelly Hardy is an Internet infrastructure consultant and SVP of Strategy and Development at IQ Global. Kelly has spent the last decade focusing on development, policy and abuse issues including how unchecked user content abuse can impact an entire namespace. A 16 year veteran of the domain industry, Kelly has worked with ccTLDs, registrars, data companies, back-end registry providers, and new TLDs.