Pre-emptive lines of defence
“The programme I lead focuses on abuse prevention within the .eu domain name framework. Our goal is to support public authorities and protect consumers,” explains Philip Struyf, Program Manager in Domain Name Abuse Prevention. “In the past, detecting abusive registrations was a manual process, time-consuming, largely reactive, and often slowed down by the delay between registration and response. But with increasing pressure from both regulatory bodies and the market to ensure a safer digital environment, it became clear that a new approach was needed.”
In 2019, EURid embarked on a transformation journey to develop an innovative methodology capable of predicting whether a domain name could potentially be used in an abusive manner. The AI-powered solution, developed in collaboration with KU Leuven, combines predictive machine learning models with rule-based logic to assess the likelihood of abuse at the point of registration, before a domain even goes live. It analyses detailed registration metadata not only to flag suspicious registrations for immediate suspension, but also to trigger layered “Know Your Customer” procedures. In other words, if a domain name holder fails to verify their identity, the domain is withdrawn before it can cause any harm. The approach relies on close collaboration among all actors involved in the registration process.
“Thanks to this capability, we can now act the moment an anomaly is detected,” explains Struyf. “It allows us to stay one step ahead, protecting the integrity of the .eu space and ensuring a more reliable digital landscape for everyone.”
Data quality and federated learning
At the same time, CETIC, an organisation that aims to translate existing ICT expertise into business applications in Wallonia, has advanced anomaly detection through the use of AI. The central challenge is that, because organisations are understandably reluctant to share sensitive logs or proprietary information, context-rich anomaly data is extremely scarce. “To make a system effective at detecting irregularities, you first have to teach it to recognise ‘normal’ behaviour. This is crucial to avoid too many false positives,” says Philippe Massonet, Scientific Coordinator at CETIC.
“It’s a complex task, but by experimenting with different learning methods, we have managed to create a workable system. A key element in this success is our use of federated learning: a pioneering technique where models are trained locally on private organisational data,” Massonet continues. “Rather than sharing raw data, only model parameters or updates are aggregated centrally. This not only preserves privacy but also enables much richer training.”
Blueprints to digital trust
The AIDE project, funded by the Federal Public Service Policy and Support (FPS BOSA), clearly demonstrates the strong growth potential of this approach. “You can continue to train and apply it in different contexts by using more specific data as training material for the systems,” Massonet explains. “CETIC therefore actively invites organisations across sectors to participate, with a vision to develop use cases from healthcare to banking and critical infrastructure.” The AIDE project on Federated Learning is a collaboration between KU Leuven, Ghent University/IMEC, UCLouvain and CETIC.
A similar sense of optimism can be felt at EURid. “Our current project should be seen as a building block within a larger infrastructure,” says Struyf. “We are currently expanding the system, primarily by making it modular through containerisation, paving the way for cross-registry cooperation while remaining fully compliant with strict data protection laws.”
EURid and CETIC both suggest a blueprint for a future in which they successfully combine abuse prevention and anomaly detection with unprecedented collaboration, a strong commitment to privacy, and proactive risk management. The path to digital trust lies not only in smarter algorithms but in the intelligent networking of people, processes and systems working together toward a safer, more resilient cyber ecosystem.
EURid is the registry for the .eu domain name, one of the world’s ten most popular web extensions. Its aim is to provide a secure and trusted digital identity to over 450 million people across 30 European countries. Supporting all official European scripts, .eu (Latin), .ею (Cyrillic), and .ευ (Greek), EURid enables a multilingual and inclusive online presence across Europe.
Picture 1: Philip Struyf
Picture 2: Philippe Massonet
