A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


DNS Spikes, Strikes, and The Like - thomas mathew BSides San Francisco 2015 (Hacking Illustrated Series InfoSec Tutorial Videos)

DNS Spikes, Strikes, and The Like
thomas mathew

BSides San Francisco 2015

Analyzing traffic patterns for trends can be a rich source of information for investigating potential malicious domains. This talk will be an examination of spikes in DNS queries and how they can be used to find potentially new threats. Malicious domains that appear as spiked domains usually belong to Domain Generation Algorithm (DGA) or exploit kit families. However, not all domains that spike are necessarily malicious. One challenge is sifting through the large data set and extracting the potentially harmful spikes. To accomplish this goal we rely on unsupervised learning methods such as clustering to help us explore and eventually classify the data.

Thomas Mathew is a security researcher at OpenDNS Security Labs where he focusses on the implementation of malware, botnet, and threat actor classification techniques using a variety of machine learning methods. Prior to joining OpenDNS, Thomas served as a researcher at the University of California (Santa Cruz), the US Naval Postgraduate School, and as a Product and Test Engineer at handsfree streaming video camera company Looxcie, Inc.

Back to BSides San Francisco 2015 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast