The Domain Name System (DNS) protocol is a core component of the Internet, which is primarily used to translate human-memorable domain names to Internet-routable IP addresses. Almost every flow on the Internet involves the DNS protocol, therefore establishing the importance of analyzing DNS logs for tracking and identifying threats. In recent years, the process of identifying threats in DNS logs becomes more challenging due to the growth in Internet communication, and emerging attacks such as input poisoning using adversarial learning. In this talk, we'll start with an overview of the DNS protocol, its use for extracting threat intelligence and the gaps resulted by the change of the threat landscape and data volumes. Then, we'll explore emerging threats and their solutions, namely adversarial learning for botnet communication and low throughput DNS data exfiltration. Lastly, we will conclude and discuss possibilities for future works.
Asaf Nadler is a principal researcher lead at Akamai Technologies Inc. and a PhD student under the supervision of Prof. Asaf Shabtai. His research focuses on analyzing large-scale DNS traffic to extract new and emerging threats using machine learning techniques, and design scalable security solutions. Asaf was involved in the writing of several academic publications (Computers & Security, CIKM, IEEE Access, etc.), issuing patents, writing security blogs and talking at top industry security conferences (RSA, BHUSA, BotConf). Asaf is also a PC member of the BotConf EU conference.