In this presentation, the author describes cyber analysis of DNS traffic at the Internet peering points using a streaming data analysis platform and algorithms to create actionable reports in minutes. The implementation is a work in-process after a successfully field based Proof of Concept.
Attendees will learn how they could use streaming analysis at the network edge combined with a centralized Hadoop data processing center to detect threats, malicious behaviors and anomalies with DNS and report indicators to various stakeholders and minutes.
Attendees will learn some of the security issues seen with DNS at Internet peering. They will learn about machine learning for a detection algorithm and effective training of the model. They will learn that analysis of DNS can be effective and can scale quite large. They will also learn that there are alternative to simply building a bigger data center.