Skip to Main Content

Sonar for Network Security

Posted on 11.18.2015

OpenDNS Security Labs has released research that applies sound wave technology to network traffic. If that doesn't blow your mind, nothing will.

The company introduced two new threat detection models that can predict malicious behavior based on analysis of network traffic patterns.

The first model, Spike Rank (SPRank), functions like a sonar system for network security, detecting the 'sound waves' of malicious attacks. By examining changes in traffic patterns when malicious campaigns are launched, SPRank can essentially 'hear' the malicious traffic patterns, detecting malicious attack patterns - identifying hundreds of compromised domains every hour -- over a third of which (according to third party sources) are not detected by any other antivirus or anti-malware scanner.

The second model, Predictive IP Space Monitoring, predicts attacks before they happen. Starting with the compromised domains identified through SPRank as initial 'clues', this model analyzes eight major patterns in how criminals set up their technology infrastructure (e.g. how the servers deployed are hosted) to determine which domains will be the source of future malicious activity.

By focusing on specific "unchangeable" characteristics, Predictive IP Space Monitoring is able to ignore individual evasion techniques that criminals typically employ and hone in on identifying the overall pattern that precedes malicious activity. This model, according to OpenDNS, identifies over 300 new domains every hour that would be used to host malware in the future...and blocks them before they are ever used in an attack campaign.


 SUBSCRIBE to Website Magazine - 12 Issues FREE


Leave Your Comment

Login to Comment

Become a Member

Not already a part of our community?
Sign up to participate in the discussion. It's free and quick.

Sign Up

 

Leave a comment
    Load more comments
    New code
  •    
      

    The Ultimate Guide to Personalization

    Kibo