Splunk Tech Talks
Deep-dives for technical practitioners.

ML in Security: Elevate Your DGA Detection Game

WhitneySink
Splunk Employee
Splunk Employee

Threat research shows that a large percentage of organizations experience DNS attacks. Often, adversaries dynamically generate domain names using Domain Generation Algorithms (DGA) to create C2 infrastructure not prone to static analysis disruption.

The DGA Deep Learning pre-trained model, recently developed by the Splunk Machine Learning for Security team, processes complex domain patterns along with custom features capturing characteristics of a domain. The detection, used with a simple “apply” command, identifies DGA domains with 99.37% accuracy.

Highlights:

  • The complexity of DGA threats
  • The motivation for a Deep Learning based detection
  • Differentiation in performance accuracy
  • Deployment of DGA detection in Splunk
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...