Botconf Author Listing

Alexey Sarychev


Last known affiliation: Nominum

Date: 2017-12-08
Math + GPU + DNS = Cracking Locky Seeds in Real Time without Analyzing Samples
Yohai Einav 🗣 | Hongliang Liu | Alexey Sarychev

Abstract (click to view)

We propose and implement a sublinear hash-collision method on a GPU to search for dynamic Locky DGA seed in real-time DNS query traffic. By combining real-time DNS traffic and this fast search method, we successfully detected all dynamic Locky DGA seeds within seconds from their first appearance, and predicted all future C&C names from those seeds. These C&C names are distributed to production systems used by ISPs worldwide, where they’re blocked. They’re also shared with DGArchive and the security community.

Date: 2017-12-07
Augmented Intelligence to Scale Humans Fighting Botnets
Yuriy Yuzifovich 🗣 | Hongliang Liu | Alexey Sarychev | Amir Asiaee

Abstract (click to view)

We propose and implement a novel method of discovering botnet activities by identifying new core domains (domains that are directly below a TLD) that appear in real-time DNS query traffic as suspicious, and discovering botnet C&C groups using a domain correlation machine learning model. This method discovers botnet C&C groups before security list vendors which it is benchmarked against.

Video
Scroll to Top