October 31, 2019 to November 1, 2019 AGM
JW Marriott Austin
America/Winnipeg timezone
OARC31 Presentation Videos available at https://youtube.com/DNS-OARC

Characterizing Certain DNS DDoS Attacks

Nov 1, 2019, 9:30 AM
Griffin Hall (JW Marriott Austin)

Griffin Hall

JW Marriott Austin

110 E 2nd St Austin TX 78701 USA
No longer available: Standard Presentation Public Workshop


Dr Andrea Urban (Infoblox)


In this talk, we focus on a Distributed Denial of Service (DDoS) attack known as Slow Drip, also referred to as Random Subdomain or Water Torture Attack. Studying data obtained via passive DNS collectors, we used machine learning to investigate the Slow Drip attack. First, we built a statistical classifier to identify these attack events. Then, using unsupervised learning we were able to group the events and investigate the malware that was used to create them. We discuss newly discovered features of Slow Drip and compare to past work. Using these new features, we can characterize the malware and describe its scope.

Talk Duration Lightning Talk 5 Minutes

Primary author

Dr Renee Burton (Infoblox)


Dr Andrea Urban (Infoblox)

Presentation materials