

Exercise to Detect Algorithmically Generated Domain Names - boyd
http://nbviewer.ipython.org/github/ClickSecurity/data_hacking/blob/master/dga_detection/DGA_Domain_Detection.ipynb

======
kenny_r
In the output of line 85 there two punycoded[1] domain names: xn--g5t518j
which is actually 微風 and xn--42cgk1gc8crdb1htg3d which is actually
มอไซค์มือสอง.

As a result of the encoding, the domain names look junky while perhaps they
aren't.

[1]:
[https://en.wikipedia.org/wiki/Punycode](https://en.wikipedia.org/wiki/Punycode)

~~~
mbenjaminsmith
มอไซค์มือสอง is, informally, second-hand motorcycles (or parts).

------
AlyssaRowan
Awesome. Statistics are fun.

One little issue is that's assuming techniques like this aren't used to
_generate_ the domains, which is not only an obvious 'next step', but thanks
to the 'weird' domains and the find-web-online-lol.info type results which
look _incredibly_ spammy, is probably already happening and has probably been
happening for years (wouldn't surprise me with the amount of spam wielding
Markov chain generators out there). That's definitely what I'd do if I was in
the position of the VXer, if I was determined to use DNS at all.

Wonder if any of those are 'fast-flux'?

------
nightcracker
Really cool presentation.

