Skip to main content
Resources

Welcome to the INFERMAL Project

The INFERMAL project, funded by ICANN, aims to deepen our understanding of domain name abuse and the contributing factors. Guided by ICANN's Office of the Chief Technology Officer Security, Stability, and Resiliency team, this initiative is a key component of ICANN's Domain Name System (DNS) Security Threat Mitigation Program.

What Is INFERMAL?

INFERMAL– short for Inferential Analysis of Maliciously Registered Domains –aims to systematically analyze the domain registration preferences and patterns of cyberattackers. By examining proactive and reactive factors such as registration costs, payment methods, and bulk registration features, INFERMAL seeks to uncover patterns that could help mitigate malicious activities such as phishing.

Why it Matters

Cybercriminals often need to use domain registration processes to execute large-scale attacks. By identifying which particular features of the registration process are most attractive to these malicious actors, INFERMAL will provide crucial insights for improving DNS security. The findings are expected to inform best practices for registrars and registries, strengthen industry self-regulation, and reduce overall domain regulation costs.

Project Timeline

The project was conducted for two years.

Start date: September 2022

End date: November 2024

Project Goals and Outcomes

Led by Professor Maciej Korczyński, INFERMAL gathers data on domain registration policies and analyzes them using advanced statistical models. This research aims to:

  • Reveal patterns in attacker preferences for domain registration features.
  • Enhance DNS anti-abuse practices across the industry.
  • Increase domain name security and user trust.

The project will culminate in publications and presentations at leading conferences, including those hosted by ICANN and other prominent security and policy organizations.

Material

Report: Insights and Clarifications on the INFERMAL Study

Final report: INFERMAL: Inferential analysis of maliciously registered domains.

Recording: Webinar on INFERMAL - a Project Focused on Malicious Domain Registrations (February 2025).

Presentation at ICANN81 (November 2024).

Why ICANN?

ICANN is uniquely positioned to tackle this challenge as it prepares for the next round of new generic top-level domains (gTLDs) and promotes Universal Acceptance. Our mission is to coordinate the Internet's systems of unique identifiers to ensure a stable, secure, and unified global Internet.

This is a follow-up study to the previous work, the "Statistical Analysis of DNS Abuse in gTLDs" (SADAG) study which was conducted by Delft University of Technology and SIDN Labs and commissioned by the ICANN organization.

Contact

Do not hesitate to contact us at [email protected] if you have any questions.

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."