Hacker News new | comments | show | ask | jobs | submit login
Nominum Domain Correlation (nominum.com)
32 points by pjf on Nov 13, 2017 | hide | past | web | favorite | 4 comments



Unfortunately the piece is light on the technical details.


If you're anywhere near France, and free in December, there's https://www.botconf.eu/2017/math-gpu-dns-cracking-locky-seed...


Tl;dr: correlation of great many DNS queries allows to discover malware c&c networks, and block them. Works without prior knowledge, using just stats / ML.


Fascinating. They don't mention but I can't help but wonder if time and source also are fed into the correlation net.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: