Proactive recognition of domain abuse

The number of phishing domains increases due to the ever-increasing worldwide internet use. This research contributes to the state-of-the-art of the recognition of phishing domains at the time of registration. This was done in two steps. In the first step, a system that automatically verifies the correctness of the registration information was created. This system aids abuse analysts by giving them information about the correctness of the registration information of a domain. In the second step, a classifier was created using features regarding the registration information, such as the correctness of the information, to detect phishing domains. The results show that such a classifier can detect malicious domains with a performance that is on par with the current state-of-the-art without relying on bulk registration features. The results show that checking the correctness of the registration information of newly registered domains is a useful indicator in predicting whether a domain will be used for phishing purposes. Furthermore, the results can be used to improve the defences and safety of the .nl country code Top Level Domain (ccTLD).