5 Questions for Michael B. Halvorsen: Machine Learning and AI in the DNS Abuse space

5 Questions for Michael B. Halvorsen, CEO IQ Global: Machine Learning and AI in the DNS Abuse space.

AI has been on my mind a lot lately. Mostly because news stories about AI have been all over my screens lately. It is the stuff of philosophical arguments with my partner and curiosity from my parents. Congratulations everyone trying to explain what we do to our parents, because it is no longer answerable by asking: “have you seen a Godaddy commercial?”. They understand we work on the internet and now they want us to tell them what AI is and whether it is specifically coming for them.

For those of us who work with AI in some form every day, the editorial alarm bells that AI will destroy our species leads to a thought exercise that goes a little something like this “how far would I have to go and how many hoops would my program have to learn to jump through before it was able to end humanity?” The answer when applying it to the domain name industry is “So many that even thinking about this is making me sleepy. Now I need a snack, good night”.

Michael B. Halvorsen, the CEO of IQ Global is also thinking a lot about AI and has been doing a deep dive on Machine Learning in regard to Domain Abuse Mitigation. I have learned in the last few months that a deep dive for Michael usually ends with a product and since I know he made something really cool, I have:  5 Questions about Machine Learning and AI in the DNS Abuse space.

Kelly: I know you have been thinking a lot about Machine Learning Mitigation. How is this playing out in your day-to-day work?

Michael: We have recently created iQ Domain Risk Score, a service that will detect malicious domains and prevent abuse before it happens. Basically, we are using string analytics algorithms and machine learning to detect the risk level associated with domains.

To assess the risk, we look at a domain name at the point of registration and evaluate it based on a set of criteria we already know would indicate an abusive registration. An example of this kind of detectable behaviour would be if a brand name is being registered with common abuse affixes, if there is high entropy in random letters and numbers or if there are a lot of dictionary words in random orders.

All we need is the domain name and the API conducts a thorough risk analysis. The API can be used at any point during the domain name registration process but I imagine it will be most commonly used during post-provisioning.

Kelly: Proactive abuse mitigation at the point of registration is a transformative approach to abuse prevention. Does this replace or make redundant any of the current mechanisms in place?

Michael: Not at all. The necessity to gather and scrutinise reports from trusted notifiers remains paramount. iQ dedicates substantial resources to meticulously curate these feeds, with a focus on ensuring high-quality information over sheer volume. To further refine this procedure and elevate its effectiveness, iQ is actively incorporating Artificial Intelligence, Computer Vision, and Machine Learning technologies to advance the process.

Kelly: Give me more examples of how machine learning is changing the way you think about mitigating DNS Abuse. For instance, you talk about GPTs a lot…

Michael: We are currently experimenting with the utilisation of Large Language Models (LLMs), inclusive of generative pre-trained transformers (GPT), for the assessment of evidence associated with abuse reports. These sophisticated models excel at evaluating and deciphering complex non-conforming data, such as the analysis of web content and email correspondence.

Every abuse report amassed by the iQ Abuse Feed repository is subjected to rigorous evidence collection. This process encompasses a comprehensive examination of the domain, including its history, present state, DNS records, WHOIS data, website content, registry, and registrar, among other factors. All these data points serve as inputs for our Machine Learning (ML) models, which are exceptionally proficient in discerning patterns that may elude human detection.

I am excited about the potential of synergistic application of Artificial Intelligence (AI), Computer Vision, and ML to improve the capacity to enhance evidence and improve the automation and efficiency of the abuse mitigation processing.

Kelly: Can we talk about AI? What are your predictions about this in the future for the domain industry vis a vis abuse?

Michael: Artificial Intelligence (AI) is poised to profoundly reshape our world, leaving no industry untouched, including the domain and internet sectors.

AI will equip us with innovative tools and strategies to combat abuse in ways previously unimaginable. However, it's inevitable that these technological advancements will also attract nefarious actors seeking to exploit this technology for malevolent purposes.

For instance, the detection of spam email and phishing attempts will become considerably more challenging due to the significant enhancements in content quality. These advancements will not only improve grammar and writing style, but also enable personalised messaging, making each email appear tailor-made for the recipient.

Moreover, bad actors might leverage automated language models akin to Auto-GPT for devious ends. They could potentially automate sign-ups using fraudulent credit cards, spawning tens of thousands of websites teeming with custom-made content, rapidly and inexpensively. Companies lagging behind in leveraging AI to tackle these evolving fraudulent activities will find themselves at a severe disadvantage.

Furthermore, AI is set to revolutionise our interaction with software. Typing or voice-based dialogue with software will become the new norm. While the likes of Siri and Alexa have been initial forays into this realm, the evolution of AI promises a more efficient realisation of this concept, enabling the completion of intricate, multi-step tasks. This development will inform the design of application user interfaces, with apps and services becoming more conversational. Users will express their desired outcome, rather than navigating complex menus or memorising keyboard shortcuts.

Kelly: In what ways do you see AI impacting the internet as a whole?

Michael: AI will alter the way we access information on the internet. Instead of visiting a webpage to gather information or perform a task, these activities will be handled by AI. Presently, the primary function of search engines is to locate suitable websites for users. SEO optimization, an industry in itself, is tailored to this reality. However, as AI increasingly takes on the task of information retrieval, the relevance of search will diminish. SEO will evolve from supplying search engine crawlers with metadata to offering AI APIs access to your information or application.

Domain names, a human-centric solution for remembering server addresses, may also undergo a shift due to AI's ascendance. For an AI, the distinction between a domain and an IP address is irrelevant, raising the possibility that an increase in AI usage could diminish the need for human-friendly server addresses.