Sonar for Network Security

OpenDNS Security Labs has released research that applies sound wave technology to network traffic. If that doesn't blow your mind, nothing will.

The company introduced two new threat detection models that can predict malicious behavior based on analysis of network traffic patterns.

The first model, Spike Rank (SPRank), functions like a sonar system for network security, detecting the 'sound waves' of malicious attacks. By examining changes in traffic patterns when malicious campaigns are launched, SPRank can essentially 'hear' the malicious traffic patterns, detecting malicious attack patterns - identifying hundreds of compromised domains every hour -- over a third of which (according to third party sources) are not detected by any other antivirus or anti-malware scanner.

The second model, Predictive IP Space Monitoring, predicts attacks before they happen. Starting with the compromised domains identified through SPRank as initial 'clues', this model analyzes eight major patterns in how criminals set up their technology infrastructure (e.g. how the servers deployed are hosted) to determine which domains will be the source of future malicious activity.

By focusing on specific "unchangeable" characteristics, Predictive IP Space Monitoring is able to ignore individual evasion techniques that criminals typically employ and hone in on identifying the overall pattern that precedes malicious activity. This model, according to OpenDNS, identifies over 300 new domains every hour that would be used to host malware in the future...and blocks them before they are ever used in an attack campaign.