Threat research shows that a large percentage of organizations experience DNS attacks. Often, adversaries dynamically generate domain names using Domain Generation Algorithms (DGA) to create C2 infrastructure not prone to static analysis disruption.
The DGA Deep Learning pre-trained model, recently developed by the Splunk Machine Learning for Security team, processes complex domain patterns along with custom features capturing characteristics of a domain. The detection, used with a simple “apply” command, identifies DGA domains with 99.37% accuracy.
Highlights:
- The complexity of DGA threats
- The motivation for a Deep Learning based detection
- Differentiation in performance accuracy
- Deployment of DGA detection in Splunk
