search menu icon-carat-right cmu-wordmark

Detecting Malicious IPs and Domain Names by Fusing Threat Feeds and Passive DNS through Graph Inference

January 2018 Presentation
Emily Heath (Mitre), Eric Harley (Mitre)

In this presentation, the authors give security analysts a tool to connect the dots and uncover more malicious activity on their network faster and more accurately.

Abstract

Network security analysts routinely collect large volumes of network and application log data, but the analysis of this data is largely unsophisticated. Threat Feeds inundate analysts with tips on malicious IPs and domain names. In this presentation, we give security analysts a tool to connect the dots and uncover more malicious activity on their network faster and more accurately.