klotz: rca* + intrusion detection* + autoencoder* + machine learning* + log analysis*

0 bookmark(s) - Sort by: Date ↓ / Title / - Bookmarks from other users for this tag

  1. This article explains how Palo Alto Networks uses autoencoders to profile DNS traffic and detect malicious domains based on unique patterns and characteristics.

    Problem: Malicious DNS traffic often exhibits unique patterns that can be used for detection. However, analyzing raw DNS data is complex and computationally.

    An autoencoder is used to transform dynamic DNS traffic data into lower-dimensional vectors called DNS profiles, efficiently capturing the characteristics of the traffic.

    - Classification: Identifies malicious domains based on their profiles.
    - Clustering: Groups malicious domains with similar traffic patterns, revealing attack types (e.g., DDNS, tunneling, heartbeats).
    - Anomaly Detection: Identifies unusual traffic patterns that may indicate malicious activity or unintentional issues.

Top of the page

First / Previous / Next / Last / Page 1 of 0 SemanticScuttle - klotz.me: Tags: rca + intrusion detection + autoencoder + machine learning + log analysis

About - Propulsed by SemanticScuttle