Security

Reply

[Community Webinar Archive] Using Machine Learning to detect Malicious Dictionary DGA Domains

[ Edited ]
spenumaka
Adviser
Posts: 136

‎01-24-2018 01:48 PM - edited ‎02-09-2018 11:46 AM

5227     0

Infoblox Experts Community is excited to present a webinar on:

 

A Word Graph Approach for Dictionary Detection and Extraction in DGA Domain Names

 

Speaker - Mayana Pereira, Data Scientist, Infoblox

 

Watch the Archivehttps://community.infoblox.com/t5/Community-Blog/Community-Webinar-Archive-Using-Machine-Learning-in...


Automatic detection of algorithmically generated domains is a key element for detection of Botnet operation. Proposed machine learning methods exploit the fact that domains generated by Domain Generation Algorithms (DGAs) look linguistically different and a lot more random than those created by humans.

A recent kind of DGAs, called dictionary DGAs, are misleading such classifiers that rely on lexical analysis by generating domains based on wordlists (also called dictionaries). The resulting domains are seemingly benign to both human analysis and most of current DGA detection methods that receive as input solely the domain itself. In this webinar, Infoblox Data Scientist, Mayana Pereira will present a new method that learns the wordlists (dictionary) used by dictionary DGAs from domain names in DNS traffic. This immediately gives us an effective detection mechanism for detecting this elusive, new type of DGA, without any need for reverse engineering to extract dictionaries. To the best of our knowledge, this is the first method that can effectively catch dictionary DGA domain names in real traffic. Our technique relies on the domain name strings only and does not require any contextual information, such as IP addresses or timing related information. Our experimental results on data from a known dictionary DGA malware show that our method can extract dictionary information that is embedded in the malware code even when the fraction of DGA domains is much smaller than the fraction of legitimate domains or multiple dictionaries are present in the data. 

Speaker:
Mayana.png

Mayana Pereira
Data Scientist, Infoblox
https://www.mayanapereira.com/

 

Mayana is a data scientist engineer at Infoblox experienced in applying graph analytics and machine learning techniques to a range of problems in health care, social networks, and network security. You can learn more about Mayana at https://www.mayanapereira.com/

 

Don't miss the webinar. Watch the archive now!

 

--------------------------------------
Check out our new Tech docs website for latest documentation on Infoblox products.
Labels:
Reply
0 Kudos
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Recommended for You

Latest Annoucements

Infoblox Experts Community

You have reached the maximum number of topics allowed as a visitor. Please Login or Join the community to continue to read.

Join for free

TOPICS REMAINING

Register for unlimited browsing. Registration is FREE.

Join Community