Detecting Botnets via DNS Traffic Analysis Using Machine Learning

Explore a comprehensive conference talk from HITB2024BKK that delves into an innovative machine learning approach for detecting botnets through DNS traffic analysis. Learn how to distinguish between algorithmically generated and human-created domain names using natural language processing combined with whitelist techniques. Discover the implementation of Random Forest models for anomaly detection in DNS traffic, with a focus on leveraging multicore CPU processing for enhanced detection capabilities. Gain insights from a team of experts including Withawat Tangtrongpairoj's network security expertise, Pirawat Watanapongse's neural network background, Surasak Sanguanpong's networking knowledge, and Korrawit Chaikangwan's academic perspective as they present a methodology to combat sophisticated botnet threats that employ advanced evasion techniques for their command and control servers.