LOS ANGELES – Press Release,
the Internet Corporation for Assigned Names and Numbers (ICANN) announced the
publication of a paper describing the methodology used in the Domain Abuse
Activity Reporting (DAAR) system and two reviews of that methodology.
DAAR was designed to provide the
ICANN community with a reliable, persistent, and reproducible data from which
security threat (abuse) analyses could be performed.
The experts selected for the
review of the DAAR methodology are respected members of operational security,
cybersecurity, and academic communities:
Marcus Ranum is a renowned
security expert. He is arguably the inventor of the modern Internet firewall
and network intrusion detection system. Through his capacities as chief
executive, chief technology, and chief security officer, security auditor or
consultant, Ranum has accumulated extensive experience with collecting and
processing threat data.
John Bambenek is a consultant,
Vice President of Security Research and Intelligence at ThreatSTOP, and a
Lecturer at the University of Illinois. John has produced and developed
open-source threat intelligence feeds for algorithmic-ally generated domain
names (DGA) and malware. In his role at University of Illinois, Bambenek is
directing a graduate team project to analyze TLD registries, registrars, and
hosting providers using a methodology similar to DAAR.
The DAAR project has produced a
system for studying and reporting domain name registration and security threat
(domain abuse) behavior across top-level domain (TLD) registries and
registrars. The overarching purpose of DAAR is to report security threat
activity as it is experienced in network operations to the ICANN community,
which can then use the data to facilitate informed policy decisions.
To inform the community of the
DAAR project design objectives and the ways by which those objectives have been
met, the ICANN organization has prepared a methodology white paper. The paper
explains the purposes of the DAAR project and gives an overview of the system,
describes the security threats that DAAR observes, and how DAAR compiles threat
data from high-confidence threat reputation data feeds.
To foster confidence in the DAAR
system, the ICANN org has engaged two independent experts to review the
methodology paper, to comment on the threat data that DAAR consumes, and to
experiment with the reporting system. The purpose of these reviews is to have
experts in the field validate the methodology, attest to the reproducibility of
DAAR's findings and reporting, and to attest to the quality and reliability of
the reputation data that the ICANN org has chosen to use for this project.