In our ongoing mission to help make security practitioners faster and more effective at their jobs, we explored a series of machine learning techniques to help detect suspicious domains created via domain generation algorithms (DGAs). While indicative of a sophisticated and well-resourced adversary, these DGAs can be tricky to track and traditional methods require substantial time and effort to generate a lot of noise for very little signal. In addition to solving this problem, we wanted to improve the discourse across industry professionals and add some transparency beyond the buzzwords.
In that spirit, we’ve documented our analytical techniques and findings in the form of an academic-style whitepaper. This is to assist our peers in the security industry in understanding the veracity of our claims and assist the community in furthering research on this topic. For the “layman” — meaning those of us who are still interested in the problem, proposed solutions, and more importantly their applications — we’ve also released a blog post that sums up the key findings in a more digestible format. We invite you to check out whichever one suits your frame of mind, or even both, to reap the rewards of our research.