Nominum Domain Correlation (nominum.com)
32 points by pjf on Nov 13, 2017 | hide | past | web | favorite | 4 comments

Unfortunately the piece is light on the technical details.

If you're anywhere near France, and free in December, there's https://www.botconf.eu/2017/math-gpu-dns-cracking-locky-seed...

Tl;dr: correlation of great many DNS queries allows to discover malware c&c networks, and block them. Works without prior knowledge, using just stats / ML.

Fascinating. They don't mention but I can't help but wonder if time and source also are fed into the correlation net.

