This event has ended. Create your own event → Check it out
This event has ended. Create your own
View analytic
Sunday, April 19 • 12:00pm - 1:00pm
DNS Spikes, Strikes, and The Like

Sign up or log in to save this to your schedule and see who's attending!

Analyzing traffic patterns for trends can be a rich source of information for investigating potential malicious domains. This talk will be an examination of spikes in DNS queries and how they can be used to find potentially new threats. Malicious domains that appear as spiked domains usually belong to Domain Generation Algorithm (DGA) or exploit kit families. However, not all domains that spike are necessarily malicious. One challenge is sifting through the large data set and extracting the potentially harmful spikes. To accomplish this goal we rely on unsupervised learning methods such as clustering to help us explore and eventually classify the data.


Thomas Mathew

Security Research - Data, Cisco - OpenDNS
Thomas Mathew is a security researcher at OpenDNS Security Labs where he focusses on the implementation of malware, botnet, and threat actor classification techniques using a variety of machine learning methods. Prior to joining OpenDNS, Thomas served as a researcher at the University of California (Santa Cruz), the US Naval Postgraduate School, and as a Product and Test Engineer at handsfree streaming video camera company Looxcie, Inc.

Sunday April 19, 2015 12:00pm - 1:00pm

Attendees (22)