Cybersecurity at the DNS Layer: Using AI to Analyze, Learn and Protect

Essentials in modern day cybersecurity include artificial intelligence and machine learning that can autonomously understand, learn and act to thwart cyberattacks.

Artificial Intelligence (AI) and Machine Learning (ML) are essentials in modern cybersecurity. Both can automated the process of analyzing internet content and categorize it while identifying and mitigating threats such as malware, ransomware, phishing and botnets. AI and ML technologies are constantly updated, and with each update, they learn more and improve a defensive knowledge base and posture. Besides predicting threats based on analyzing past experience, AI and ML can also compliment each other and understand, learn and act.

At SafeDNS, we leverage AI and ML at the Domain Name System (DNS) level using a unique approach, which is based on constant anti-threat intelligence learning and training to deliver a strong defensive posture for our customers. Our goal is to ensure clean traffic for our customers free of malicious and undesirable content. Here is a breakdown of how SafeDNS leverages AI and ML in its approach to security at the the DNS level.

Content-based Classification of Websites

  • Classification of all internet websites.
  • Sorting them into 63 categories.
  • Providing a database of more than 109 million unique domains for further analysis of their businesses.
  • Analysis of malware activity on the internet: phishing, virus propagation domains, botnets, etc.
  • Making the internet more structured, understandable and safe.

SafeDNS Database

We use more than 60 sources to form the database. Some of these sources are static, in that they do not change on their own. However, such sources need to be updated periodically (currently invalid domains have to be deleted, categories, if the content has changed, are changed, too). The department of machine learning is constantly engaged in this process.SafeDNS dashboard categorizes threats by type

SafeDNS dashboard categorizes threats by 61 types

To learn more about SafeDNS offerings, please visit our Web Content Filtering for Businesses offerings.

Another type factor to consider is external sources. They often have a narrow specialization. For example, the use of a list of phishing sites or advertising domains. The most important ones are usually generated by our AI and ML technology.

We also get data from multiple external sources such as the Internet Watch Foundation (IWF), and then we combine our own methods with external data processing methods to create and train a custom-built algorithm.

SafeDNS Categorizes Web Content

There are billions of websites all over the internet and thousands of new ones appear on a daily basis. It makes categorization more complicated, especially when website owners or their content might change unexpectedly.

SafeDNS AI-ML uses many methods to categorize the internet, among them are open sources, content and non-content categorization engines and other heuristic methods and algorithms.

In more depth, around 10 million domains are generated every day by our user’s logs and external resources. New domains go through a classification procedure in our database by AI and ML. Every page of those domains gets scanned to be sorted and classified into the related category. In addition, we have a re-classification procedure for outdated domains to ensure they are correctly categorized.

Our AI and ML technology scans all pages in those domains by downloading the content and analyzing texts, links, specific site links, images, engines, etc.

There are separate classifiers for different languages such as English, Spanish and others.

At SafeDNS, we are constantly training and improving our AI and ML technology to ensure clean traffic for our customers without malicious content and the content that they do not wish to see.

Source:https://threatpost.com/artificial-intelligence-cybersecurity/178851/

Leave a Comment

Your email address will not be published. Required fields are marked *