- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
[Community Webinar Archive] Using Machine Learning to detect Malicious Dictionary DGA Domains
[ Edited ]- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
01-24-2018 01:48 PM - edited 02-09-2018 11:46 AM
Infoblox Experts Community is excited to present a webinar on:
A Word Graph Approach for Dictionary Detection and Extraction in DGA Domain Names
Speaker - Mayana Pereira, Data Scientist, Infoblox
Watch the Archive - https://community.infoblox.com/t5/Community-Blog/Community-Webinar-Archive-Using-Machine-Learning-in...
Automatic detection of algorithmically generated domains is a key element for detection of Botnet operation. Proposed machine learning methods exploit the fact that domains generated by Domain Generation Algorithms (DGAs) look linguistically different and a lot more random than those created by humans.
A recent kind of DGAs, called dictionary DGAs, are misleading such classifiers that rely on lexical analysis by generating domains based on wordlists (also called dictionaries). The resulting domains are seemingly benign to both human analysis and most of current DGA detection methods that receive as input solely the domain itself. In this webinar, Infoblox Data Scientist, Mayana Pereira will present a new method that learns the wordlists (dictionary) used by dictionary DGAs from domain names in DNS traffic. This immediately gives us an effective detection mechanism for detecting this elusive, new type of DGA, without any need for reverse engineering to extract dictionaries. To the best of our knowledge, this is the first method that can effectively catch dictionary DGA domain names in real traffic. Our technique relies on the domain name strings only and does not require any contextual information, such as IP addresses or timing related information. Our experimental results on data from a known dictionary DGA malware show that our method can extract dictionary information that is embedded in the malware code even when the fraction of DGA domains is much smaller than the fraction of legitimate domains or multiple dictionaries are present in the data.
Speaker:
Mayana Pereira
Data Scientist, Infoblox
https://www.mayanapereira.com/
Mayana is a data scientist engineer at Infoblox experienced in applying graph analytics and machine learning techniques to a range of problems in health care, social networks, and network security. You can learn more about Mayana at https://www.mayanapereira.com/
Don't miss the webinar. Watch the archive now!
Check out our new Tech docs website for latest documentation on Infoblox products.