Hacker News new | comments | show | ask | jobs | submit login
Nominum Domain Correlation (nominum.com)
32 points by pjf 5 days ago | hide | past | web | 4 comments | favorite





Unfortunately the piece is light on the technical details.

If you're anywhere near France, and free in December, there's https://www.botconf.eu/2017/math-gpu-dns-cracking-locky-seed...

Tl;dr: correlation of great many DNS queries allows to discover malware c&c networks, and block them. Works without prior knowledge, using just stats / ML.

Fascinating. They don't mention but I can't help but wonder if time and source also are fed into the correlation net.



Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: