BSidesSF has ended
Back To Schedule
Sunday, April 19 • 12:00pm - 1:00pm
DNS Spikes, Strikes, and The Like

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Analyzing traffic patterns for trends can be a rich source of information for investigating potential malicious domains. This talk will be an examination of spikes in DNS queries and how they can be used to find potentially new threats. Malicious domains that appear as spiked domains usually belong to Domain Generation Algorithm (DGA) or exploit kit families. However, not all domains that spike are necessarily malicious. One challenge is sifting through the large data set and extracting the potentially harmful spikes. To accomplish this goal we rely on unsupervised learning methods such as clustering to help us explore and eventually classify the data.

avatar for Thomas Mathew

Thomas Mathew

Security Research - Data, Cisco Umbrella
Thomas Mathew is a Senior Security Researcher at Cisco Umbrella (OpenDNS) where he works on implementing pattern recognition algorithms to classify malware and botnets. His main interest lies in using various time series techniques on network sensor data to identify malicious threats... Read More →

Sunday April 19, 2015 12:00pm - 1:00pm PDT

Attendees (1)