search menu icon-carat-right cmu-wordmark

Finding Malicious Activity in Bulk DNS Data

White Paper
In this paper, Ed Stoner describes techniques for detecting certain types of malicious traffic.

Software Engineering Institute


The Domain Name System is a vital component of the Internet, and nearly every transaction on the Internet uses it. It contains a wealth of Network Situational Awareness information that can be used to discover malicious traffic. This report describes specific techniques to detect certain types of malicious traffic. These techniques have been developed through analyzing a large amount of DNS traffic data. CERT has developed specific tools that apply these techniques in an ongoing way. Future research will include enhancing the developed tools, developing new techniques and tools to work with known malicious patterns, and discovering new malicious patterns.