Using Anomaly Detection to find malicious domains

Applying unsupervised machine learning to find ‘randomly generated domains.

Authors: Ruud van Luijk and Anne Postma

At Fox-IT we perform a variety of research and investigation projects to detect malicious activity to improve the service of our Security Operations Center. One of these areas is applying data science techniques to real-world data in real-world production environments, such as anomalous SMB sequences, beaconing patterns, and other unexpected patterns. This blog entry will share an application of machine learning to detect random-like patterns, indicating possible malicious activity.

Source: Using Anomaly Detection to find malicious domains