Name: DNS Spikes, Strikes, and The Like
Start: 2015-04-19T12:00:00-0700
End: 2015-04-19T13:00:00-0700

DNS Spikes, Strikes, and The Like

Analyzing traffic patterns for trends can be a rich source of information for investigating potential malicious domains. This talk will be an examination of spikes in DNS queries and how they can be used to find potentially new threats. Malicious domains that appear as spiked domains usually belong to Domain Generation Algorithm (DGA) or exploit kit families. However, not all domains that spike are necessarily malicious. One challenge is sifting through the large data set and extracting the potentially harmful spikes. To accomplish this goal we rely on unsupervised learning methods such as clustering to help us explore and eventually classify the data.

Speakers

Thomas Mathew

Security Research - Data, Cisco Umbrella

Thomas Mathew is a Senior Security Researcher at Cisco Umbrella (OpenDNS) where he works on implementing pattern recognition algorithms to classify malware and botnets. His main interest lies in using various time series techniques on network sensor data to identify malicious threats... Read More →

Sunday April 19, 2015 12:00pm - 1:00pm PDT
OpenDNS

Track One

BSidesSF

Thomas Mathew

Attendees (1)

BSidesSF

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Thomas Mathew

Attendees (1)