dga detection with machine learning

The various threat vectors which are growing exponentially have something called a Domain Generating Algorithm (DGA) in their arsenal.

DGA's are created to make precautionary defences weak. Threat actors use domain names to connect malware to their C2 Servers.

Domain names are easy to get blacklisted by security agencies.Therefore, threat actors use DGA to evade getting blacklisted by creatin random string which can be used as a domain name.

DGA can generate random string in bulk,based on seeds,dates and lexion.

The threat actor only needs to register a small portion of these random strings. on the victim's side,the malware will generate a similar DGA output and check if the domain name is alive. if yes it will choose that domain as the C2 Server,if not then it will generate and check another. To blacklist these domains becomes increasing difficult as the rate of dynamically generated domains increases.



Tesseract Global is helping organizations with Endpoint detection and response platform to defeat targeted attacks before damage with earliest response.