AI threat detection

To clarify, it's not on DNS request. Which I thought it was.

"We use passive logs to detect new domains and we are constantly crawling millions of domains for detection in order to have a timely response."

That's a direct quote, and as for why they don't do it.

"Detection is not done on the DNS server itself at request time if it is your question. That would not scale and would impact performance."

So, not what I was hoping for but wanted to clarify asap as I don't want to spread misinformation.

I wouldn't lie if I said I would have been extremely happy if it was based on request though, and the behavior of it catching a few hour old reports from lesser known sites for me implied that it did. So it still works quite amazingly, but it would have been nice to have request based detection but, in terms of how they said it would impact the performance and speed, it's the right move.

I'd also like to say that I tried to explain that I was assuming in the first comment, if I haven't made it clear sorry about that. Made a mistake with my assumption, so if I didn't explain properly sorry about that gotta own upto my mistakes.

I'd also add that, with how quick it picks it up and how it made me think that it was doing these live, its still a great layer and I'd still recommend turning it on.

It would have been better for it do it on request basis as if a domain just went live, until it was found somewhere it could be a threat. So it's not perfect and I'd have liked to see it that way.

But on that note if it was going to impact anything such as Price, Speed, Length and add processing and complications etc. With how qucik it picks up threats that were reported 30 minutes or less. They are still doing it well to a point where I would keep saying that it's amazing.

Sohan Ray The basic function of the AI is to, well detect unknown threats and also be trained on the basis of bad sites and good sites so it can slowly figure out what's good and what's bad. So I'd say that, there is a machine learning layer ofc.

For how much they update it, that part I don't know about, but compared to DNSFilter a company focused on it, it was pulling ahead, even if It wasn't a huge percentile in terms of pure AI capabilities.

At the bottom of the page, I've also re quoted a new reply as it makes far more sense, what they do is, constantly monitor for new Domains and use Crawlers to find and blacklist domains as fast as possible, that worked out in my mind because I knew most of the domains I've tested against DNSFilter were less than 30 minutes old and had, new domains that were registered on that day.

So it would seem as they are all using a similar method, not live on the sport but scanning actively for malware.

The only question I have is, are you sure about the DNSFilter making a blacklist part, when I was trying to visit malicious pages, nearly every time there would be a loading page beforehand, after that it would show why it was blocked as if it was running the scan live on the spot.

For their activeness, they aren't super active on the forums but in terms of problems and backend stuff seems quick, when the .co.uk thing happened, I thought someone was having a issue instead of the entire service having one because by the time it was reported and I got to see the thread that day, they fixed the problem. So it would seem that they monitor the service quite often, so that hopefully applies to their functions, but I don't know about it exactly.

"DNSFilter is the only DNS threat protection providing real-time domain analysis" seems as if DNSFilter does it real-time. That's actually interesting as, on my testing, it had a lower detection ratio. So what NextDNS said about it being better than a live system would hold true.

That's why the loading screen was popping up on the DNSFilters end I guess. I'm surprised that, a better made scanner/crawler outperforms real-time.

I guess there are optimizations, seems like the whole Apple having less ram but keeping more apps than an Android device with double the ram scenario. I'm honestly surprised but it makes sense.

Sohan Ray I'd really like to look into the date of the publication as there was no clear comparison of the AI capabilities as if it doesn't have it. So I think it might be an older report before NextDNS announced its AI. They also didn't compare against real world malware.

Sohan Ray I didn't do an older test as of right now, but from the easy test by a script, out of the 823 Domains that were blocked 562 were blocked With AI-Driven-Threat detection. That gives a solid detection ratio of 68.29 so that purely by the AI would incline me to say its doing a pretty great job.

They explained that instead of on lookup they check the domains when they come out and use crawlers and generally keep it up to date by regularly scanning them.

My initial thought when I learned it wasn't live was how is it outperforming a on request result, it would seem as a better made system that auto scans new domains and keeps them scanned outperforms a live one. I really wish I could compare against DNSFilter, I'll try to get access from a friend if possible.

Sohan Ray A friend graciously gave me a DNSFilter account, thanks to him and his purchase lol. Currency exchanges man, things get rough sometimes. Anyways I also have results from their analysis.

Sohan Ray 49.8%+5% (Different categories) so 54.8% blocked by their Entire process, they don't specify AI exactly but I'm guessing it is, the rest is Blocked By their Newly Registered Domains. So a nearly clean sheet on both ends but without Newly Registered domain blocking, it would have missed quite a lot. They also missed 5 but not bad honestly out of 823 that's more than acceptable and quite amazing to see both perform highly. This should answer your AI concerns. I'll dm you and anyone else who sends a dm the results of Quad9 and Clean browsing as I don't want to fill the forums.

Sohan Ray I can't comment on those details about the AI since I honestly don't know, I'd guess so but I'd rather not ask a ton of questions to them.