Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
Mind-reading DNS security analysis offers early warning for APT attacks
(original headline)
http://www.theregister.co.uk/2015/03/06/precog_dns_security/
The application of predictive algorithms to DNS data may be able to spot malware sites before they serve up nasties.
Security firm OpenDNS is applying ideas from natural language processing to automatically identify malicious domains using a prototype tool called NLPRank, as a blog post by the firm explains.
Utilising natural language processing (NLP), the predictive model identifies potentially malicious typo-squatting/targeted phishing domains. APT groups often use spear-phishing techniques and legitimate domain spoofing as an obfuscation technique to carry out their criminal campaigns.
NLPRank is designed to detect these fraudulent branded domains that often serve as C2 domains for targeted attacks. Our system utilises heuristics such as NLP, ASN mappings and weightings, WHOIS data patterns, and HTML tag analysis to classify these type of attack domains.
more at link above