Early Warning System for Newly Registered Malicious Domains : A Machine Learning and Certificate Transparency Approach

Cybercrime is a significant and growing threat, resulting in substantial financial losses annually. The Domain Name System (DNS) is often exploited for malicious activities, such as command and control servers, malware hosting, and phishing campaigns. This research investigates the feasibility of using machine learning in conjunction with Certificate Transparency (CT) logs to detect newly registered malicious domain names. By actively monitoring newly registered domains, we label domains as malicious or benign using blocklists and train a classifier to distinguish between them. Our classifier detects 44% of newly registered malicious domains with a false positive rate of 0.47%. Additionally, our classifier offers customizable precision and recall, allowing for an increase in the detection rate up to 79% at the cost of the false positive rate. The classifier can support registries and registrars in identifying potentially harmful domains.