Theme session: Detecting DGA related threats
To sustain their criminal activity, operators of botnets often employ so called Domain Generation Algorithms (DGAs) that rotate Command and Control (C2) domains at great pace. Blocking or seizing such dynamic and random looking C2 domains is a major challenge for defenders and law enforcement. In this joint theme session, EU research projects SAPPAN and SOCCRATES will explain the nature and magnitude of the DGA problem and present some of the novel techniques that they are pursuing to combat DGAs more effectively. The session will include a demonstration of the “DGA Detective” solution that was developed by the SOCCRATES project and an overview of both academic and operational (real life) impact that the projects have achieved to date.
1. Welcome and introduction
2. Brief introduction to SAPPAN and SOCCRATES projects
3. Understanding Domain Generation Algorithms (DGAs)
4. SAPPAN innovation in DGA detection
5. DGA detection and classification with the DGA Detective