Ensign InfoSecurity (Ensign), the largest pure-play, end-to-end cybersecurity service provider in Asia Pacific, announced today that it has been granted a patent – “A system and method for detecting phishing-domains in a set of Domain Name System (DNS) records”.
This patent marks a significant contribution to addressing the critical challenge of detecting phishing domains, a tool frequently exploited by cybercriminals for phishing attacks. This invention introduces four key modules: the homoglyph phishing domain detection module, the typo-squatting phishing domain detection module, the general phishing domain detection module, and the alert module. These modules work in synergy, collectively identifying and flagging phishing domains within a designated set of DNS records. The method goes beyond traditional approaches such as Levenshtein edit distance by integrating keyboard distance, ensuring fewer inaccuracies, and enhancing the precision in pinpointing phishing domains. In addition, it is adaptable to the evolving landscape of homoglyph attacks, factoring in visual characteristics and Punycode representations. By facilitating early detection of phishing domains, especially those that exploits human behaviours, this invention offers proactive cybersecurity as it recognises potential threats earlier in the cyber attack timeline. This proactive approach enhances the defence against emerging threats.
“Our latest innovation is designed to pre-emptively detect phishing domains, safeguarding entities before harm is done. This patent is a testament to the proactive measures we take to shield businesses from emerging cyber threats, which leads to data breaches, financial losses, and reputational harm,” said Mr. Tan Ah Tuan, Head of Labs at Ensign. “Ensign’s innovations are conceived and developed in-house, and it underscores our commitment to pushing the boundaries in cybersecurity.”
Our previous patents also stand as significant milestones:
· Patented: Self-Learning Threat Detection - This patent describes a method to train threat detection models for network traffic data without needing a completely labelled dataset. It leverages both Indicators of Compromise (IoCs) and pre-existing models to generate partial labels for model training. This innovative approach is subsequently harnessed to enhance our threat detection capabilities by incorporating all available IoCs and historical insights. Ensign thus maximises the potential of the dataset for training advanced threat detection models. It also empowers the team to maintain a competitive edge in developing models by extending their prior knowledge to unlabelled data by incorporating it into their training process.
· Patented: Approach to Detecting Domain Generation Algorithm (DGA) Attacks – Ensign’s proprietary DGA detection model filters extensive network traffic to identify DGA traits and confirm if any successful connections to malicious domains occurred. By deploying Ensign’s DGA detection model, organisations can significantly decrease the volume of alerts linked to such communications. This substantially enhances accuracy and accelerates response time.