Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Artificial Intelligence

AWS Deploying ‘Mithra’ Neural Network to Predict and Block Malicious Domains

AWS says a massive neural network graph model with 3.5 billion nodes and 48 billion edges is speeding up the prediction and detection of malicious domains.

 Cloud computing giant AWS says it is using a massive neural network graph model with 3.5 billion nodes and 48 billion edges to speed up the detection of malicious domains crawling around its infrastructure.

The homebrewed system, codenamed Mithra after a mythological rising sun, uses algorithms for threat intelligence and provides AWS with a reputation scoring system designed to identify malicious domains floating around its sprawling infrastructure.

“We observe a significant number of DNS requests per day — up to 200 trillion in a single AWS Region alone — and Mithra detects an average of 182,000 new malicious domains daily,” the technology giant said in a note describing the tool.

“By assigning a reputation score that ranks every domain name queried within AWS on a daily basis, Mithra’s algorithms help AWS rely less on third parties for detecting emerging threats, and instead generate better knowledge, produced more quickly than would be possible if we used a third party,” said Amazon CISO CJ Moses.

Moses said the Mithra supergraph system is also capable of predicting malicious domains days, weeks, and sometimes even months before they show up on threat intel feeds from third parties.

By scoring domain names, AWS said Mithra generates a high-confidence list of previously unknown malicious domain names that can be used in security services like GuardDuty to help protect AWS cloud customers.

The Mithra capabilities is being promoted alongside an internal threat intel decoy system called MadPot that has been used by AWS to successfully to trap malicious activity, including nation state-backed APTs like Volt Typhoon and Sandworm.

MadPot, the brainchild of AWS software engineer Nima Sharifi Mehr, is described as “a sophisticated system of monitoring sensors and automated response capabilities” that entraps malicious actors, watches their movements, and generates protection data for multiple AWS security products.

Advertisement. Scroll to continue reading.

AWS said the honeypot system is designed to look like a huge number of plausible innocent targets to pinpoint and stop DDoS botnets and proactively block high-end threat actors like Sandworm from compromising AWS customers.

Related: AWS Using MadPot Decoy System to Disrupt APTs, Botnets

Related: Chinese APT Caught Hiding in Cisco Router Firmware

Related: Chinese .Gov Hackers Targeting US Critical Infrastructure

Related: Russian APT Caught Infecgting Ukrainian Military Android Devices

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Janet Rathod has been named VP and CISO at Johns Hopkins University.

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

More People On The Move

Expert Insights