Cisco Systems’ (CSCO) OpenDNS has developed new predictive security technology based on concepts typically used to analyze sound waves to help identify threats to a network before they happen.

Elizabeth Montalbano

November 30, 2015

2 Min Read
Dan Hubbard CTO of OpenDNS
Dan Hubbard, CTO of OpenDNS

Cisco Systems’ (CSCO) OpenDNS has developed new predictive security technology based on concepts typically used to analyze sound waves to help identify threats to a network before they happen.

Under the direction of OpenDNS CTO Dan Hubbard, who introduced the idea of using data science to monitor network security, OpenDNS has unveiled two new detection models—Spike Rank (SPRank) and Predictive IP Space Monitoring—to expand the company’s applied artificial intelligence system for blocking online attacks, according to a blog post by Communications Manager Stephen Lynch.

SPRank is a detection system that utilizes mathematical concepts commonly used to analyze sound waves in real time, while Predictive IP Space Monitoring uses the clues uncovered by SPRank to anticipate attacks before they happen, Lynch said.

OpenDNS extends the Domain Name System by adding features such as phishing protection and optional content filtering to traditional recursive DNS services. Cisco purchased the company, which was founded in 2005, in August.

OpenDNS data scientists Dhia Mahjoub and Thomas Mathew developed the new models by looking for patterns in network requests for compromised websites, according to the post. They realized that some domains have consistent high-volume incoming traffic, while others have sudden spikes in traffic at regular intervals or follow completely different patterns.

By examining how traffic patterns changed after they became malicious, the researchers realized that these patterns resembled sound waves. This inspired the creation of the SPRank technology, which can identify these malware attack patterns with a high degree of accuracy, according to the post.

“There’s already lots of mathematical theory that exists to describe sounds,” Mathew said in the post. “Domains like Google and Yahoo! will have a similar ‘sound wave’ because they get lots of regular traffic. The domains used in these attacks are only alive for a certain amount of time, so their patterns are much faster and shorter. To continue the analogy, these attacks sound like ghost noises–short beeps or chirps. Imagine a sound that appears for just a second and then is gone. You need to build a system that can match that pattern and identify those sounds as quickly as possible.”

But identifying patterns is just half the battle, so Mahjoub and Mathew set out to develop technology that could actually predict the attacks before they occur.

Hence the development of Predictive IP Space Monitoring, which starts by analyzing the clues found by the SPRank model, and then uses eight major patterns in how servers are hosted to determine which domains will be the source of future malicious activity, according to the post.

“With this system, SPRank finds the clues, but analyzing the overall hosting infrastructure with Predictive IP Space Monitoring cracks open the case,” Mahjoub said in Lynch’s post.

The two technologies are now in use at OpenDNS and are constantly adapting and evolving as hackers find new ways to elude prediction systems, he added.

Read more about:

AgentsMSPsVARs/SIs

About the Author(s)

Elizabeth Montalbano

Elizabeth Montalbano is a freelance writer who has written about technology and culture for more than 15 years. She has lived and worked as a professional journalist in Phoenix, San Francisco, and New York City. In her free time she enjoys surfing, traveling, music, yoga, and cooking. She currently resides in a small village on the southwest coast of Portugal.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like