SafeDNS New System to Detect Malicious Internet Resources

Share Article

With the company's new system for detecting malicious internet resources, close to 100% of them are now blocked for better online protection of SafeDNS users

machine learning, user behavior analysis, malware detection, dynamic classifier of domains

SafeDNS_Malware Detection System

This unparalleled technology developed by the company's research team takes SafeDNS to a different, much higher level – on par with global leaders of the industry.

Based on continuous machine learning and user behavior analysis, the new SafeDNS system is a great step forward from static lists of categorized resources to dynamically created databases. SafeDNS research team has produced a technology allowing to detect malicious internet resources with 98% precision.

According to Dmitry Vostretsov, SafeDNS CEO, "This unparalleled technology developed by the company's research team takes SafeDNS to a different, much higher level – on par with global leaders of the industry, as our ability to detect and filter out malware and botnets has significantly improved. The technology gives SafeDNS a competitive edge as it detects malicious resources overlooked by the analogous systems of other vendors."

This is achieved through processing and analyzing data of the company's filtering service to pinpoints attributes of malicious resources necessary to make the new dynamic classifier efficient. One of the most important attributes is group activity. Usually, a fixed number of users requests a malicious resource during such a short period of time as a couple of hours. And this malicious group activity can be detected. On the contrary, if a resource is legitimate, it is requested by occasional users, rather than a fixed group of them.

Within every time frame users are grouped according to the servers requested. And the latter are either blacklisted or whitelisted altogether excluding resources which are rarely requested. Every time frame is compared to the others from the point of view of the resources visited. If they are frequented by mostly the same groups of users, it can be assumed the resources are malicious ones. To identify how similar these groups of users really are, SafeDNS has tried different approaches and found the Jaccard similarity coefficient the most appropriate one.

The procedure for defining the user groups' "similarity" is very complex and is the key to the quality of detecting malicious resources. Despite all the difficulties, SafeDNS research team has managed to achieve 98% precision in detecting all kinds of malware in real conditions.

Such an outstanding accuracy is made possible with the addition of the internet resources ranking method. Namely, two ranks are introduced – one of maliciousness and the other of legitimacy. Both of them are computed on a continuous basis and independently from one another in correlation with analyzing the shares of users requesting particular resources during the predetermined time frames.

Having assembled the diverse methods into a single model, the system detects malicious internet resources enlarging the SafeDNS database of them. Since the system is fully integrated in the company's web content filtering service, the SafeDNS database of malware has increased by over 66% and continues to grow. And with that, the number of malicious resources being blocked by the SafeDNS web filtering service has also grown. It plays a very important role in increasing the service users' internet security against ever growing number of online threats.

Data provided by the new system is available for usage through the company's open API of categorized internet resources.

About SafeDNS
SafeDNS was founded in 2010 for developing cloud-based web filtering solutions. In 2013 a commercial version of the service for home, educational and corporate users was launched. In 2014 the company released its web filtering platform for ISPs and mobile operators.

The SafeDNS filtering servers are located throughout data centers in Europe, Asia, North and Central America. Every day the company process over 2 billions queries from users of its filtering service. Now the SafeDNS products and cloud service are used by more than 300 telcos, 4 000 organizations and tens of thousands of home users and about one million of anonymous free users worldwide.

The top quality of the SafeDNS web filtering service has already been acknowledged by world leading test labs and publications. In 2015 the service was named Approved Parental Control Product by AV-Comparatives. In February 2016 SafeDNS became Editor’s Choice for Content Management & Filtering Solutions in 2016 Cyber Defense Magazine Infosec Awards. Learn more about us at

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Julia Neganov
SafeDNS, Inc.
+1 (571) 421 29 90
Email >
Follow >
Follow us on
Visit website