When Charles Givre, lead data scientist at Deutsche Bank, teaches security teams about the benefits of applying security data science techniques, he often focuses on a common malware tactic: domain-generation algorithms.
Used by malicious programs to establish contact with a command-and-control server, domain-generation algorithms, or DGAs, create a list of domain names as potential contact points using pseudo-random algorithms. The domains change often – usually daily – and can look random or use random words.
For humans, finding a single computer’s call to a random domain is a difficult problem. Yet data analysis can quickly call out the anomalous communications.