Automatically Detecting DNS Hijacking in Passive DNS

SUMMARY :

This article describes a machine learning-based pipeline for detecting DNS hijacking using passive DNS data. The system processes an average of 167 million new DNS records daily, extracting 74 features from over 169 terabytes of data. Between March and September 2024, it identified 6,729 hijacking incidents out of 29 billion processed records. Notable examples include the hijacking of a Hungarian political party's domain, the defacement of a utility company and ISP, and the use of university and research center domains for illicit gambling. The pipeline can now detect DNS hijacking in customer traffic within 10 minutes, providing crucial protection against this pervasive threat.

OPENCTI LABELS :

passive dns,network security,cybersecurity,machine learning,threat detection,dns hijacking,domain compromise


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Automatically Detecting DNS Hijacking in Passive DNS