Guus Bosman

software executive and technologist

You are here


Paper: From Throw-away Traffic to Bots: detecting the rise of DGA-based malware

Well-written paper that outlines the Pleiades system which tries detect infected computers by looking at DNS traffic at the network-level. Pleiades combines a cluster of failed DNS lookups (NXDOMAIN results) with a cluster of nodes that tried to resolve failed DNS names. It filters out "well-known" domain names and is able to achieve high detection rates with very low false positive rates. Pretty cool.

It was funny that the system also detected (and got confused by) Chrome's "DNS hijacking detection" feature.

I read the paper as part of an online course I'm taking, Malicious Software and its Underground Economy: Two Sides to Every Story.

Recent comments

Recently read

Books I've recently read: