Brandon J. Niemczyk Hewlett-Packard
Jonathan Andersson Hewlett-Packard
The ubiquity of the DNS protocol combined with the fact that it is rarely encrypted can provide a unique view into the activity of a network. Our hypothesis is that the usage of DNS by a malicious program will be identifiably different from cases of legitimate use. Fast-flux and pseudo-random domain generation can provide two immediate examples of where typical DNS usage by malware diverges from legitimate uses.
This presentation will cover the following key points:
VB2013 takes place 2-4 October 2013 in Berlin, Germany.
The full programme for VB2013, including abstracts for each paper, can be viewed here.