Botconf Author Listing

Josiah Hagen


Last known affiliation: Trend Micro

Date: 2015-12-03
Building a better botnet DGA mousetrap: separating mice, rats and cheese in DNS data
Josiah Hagen 🗣 | Miranda Mowbray 🗣 | Prasad Rao 🗣

Abstract (click to view)

Botnets and other malware are getting better and better at evading blacklisting in enterprise networks. This draft paper is about an approach for detecting such botnets or other entities, using Domain Name Service (DNS) data and machine learning. Three distinguishing features of this work are that we identify what family of blacklist-evading malware a host machine is infected with, not just that it is infected, using only DNS data as input; that we use syntactic rules in addition to machine learning; and that we currently deal with over two dozen malware families.

Slides Icon
PDF
Scroll to Top