Today, we are facing diverse, fast-changing and evolving threats. Hackers are trying to avoid being detected with methods such as changing the seed of the algorithm and switching between IPs and domains. It is important that we use threat intelligence to detect latest threats and defend them. Quad9 is a DNS platform that provides users security protection, high performance and privacy. Quad9 systems are distributed worldwide in more than 145 locations in 88 nations, with 160 locations on deck for 2019. Quad9 data can reflect the global threat changing thanks to the wide distribution and large scale of Quad9 system. With our machine learning and deep learning models, we can find valuable and actionable threat intelligence from Quad9 data. For example, we leverage the timestamp features of Quad9 data to do volumetric analysis and found that some malware campaigns have similar trend. The result can enrich our threat intelligence and help us defend more attacks. We'll deliver a session and share the AI technique we used, and the result we got.
I graduated from National Tsing Hua University and worked at IBM Security after graduation. I work in the DNS team on product development and AI application research. My research scope includes the use of Clustering, Tree-Based Model and Neural Network Model to analyze a large amount of DNS data and detect malware domains or phishing domains with high accuracy. The research results were once shared at the IBM internal Technical Leadership Exchange.