
Nominum Domain Correlation - pjf
https://www.nominum.com/tech-blog/domain-correlation-just-let-malware-beat/
======
lolc
Unfortunately the piece is light on the technical details.

~~~
minsight
If you're anywhere near France, and free in December, there's
[https://www.botconf.eu/2017/math-gpu-dns-cracking-locky-
seed...](https://www.botconf.eu/2017/math-gpu-dns-cracking-locky-seeds-in-
real-time-without-analyzing-samples/)

------
nine_k
Tl;dr: correlation of great many DNS queries allows to discover malware c&c
networks, and block them. Works without prior knowledge, using just stats /
ML.

------
bdamm
Fascinating. They don't mention but I can't help but wonder if time and source
also are fed into the correlation net.

