Artificial Intelligence

AWS Deploying ‘Mithra’ Neural Network to Predict and Block Malicious Domains

AWS says a massive neural network graph model with 3.5 billion nodes and 48 billion edges is speeding up the prediction and detection of malicious domains.

AWS says a massive neural network graph model with 3.5 billion nodes and 48 billion edges is speeding up the prediction and detection of malicious domains.

 Cloud computing giant AWS says it is using a massive neural network graph model with 3.5 billion nodes and 48 billion edges to speed up the detection of malicious domains crawling around its infrastructure.

The homebrewed system, codenamed Mithra after a mythological rising sun, uses algorithms for threat intelligence and provides AWS with a reputation scoring system designed to identify malicious domains floating around its sprawling infrastructure.

“We observe a significant number of DNS requests per day — up to 200 trillion in a single AWS Region alone — and Mithra detects an average of 182,000 new malicious domains daily,” the technology giant said in a note describing the tool.

“By assigning a reputation score that ranks every domain name queried within AWS on a daily basis, Mithra’s algorithms help AWS rely less on third parties for detecting emerging threats, and instead generate better knowledge, produced more quickly than would be possible if we used a third party,” said Amazon CISO CJ Moses.

Moses said the Mithra supergraph system is also capable of predicting malicious domains days, weeks, and sometimes even months before they show up on threat intel feeds from third parties.

By scoring domain names, AWS said Mithra generates a high-confidence list of previously unknown malicious domain names that can be used in security services like GuardDuty to help protect AWS cloud customers.

Advertisement. Scroll to continue reading.

The Mithra capabilities is being promoted alongside an internal threat intel decoy system called MadPot that has been used by AWS to successfully to trap malicious activity, including nation state-backed APTs like Volt Typhoon and Sandworm.

MadPot, the brainchild of AWS software engineer Nima Sharifi Mehr, is described as “a sophisticated system of monitoring sensors and automated response capabilities” that entraps malicious actors, watches their movements, and generates protection data for multiple AWS security products.

AWS said the honeypot system is designed to look like a huge number of plausible innocent targets to pinpoint and stop DDoS botnets and proactively block high-end threat actors like Sandworm from compromising AWS customers.

Related: AWS Using MadPot Decoy System to Disrupt APTs, Botnets

Related: Chinese APT Caught Hiding in Cisco Router Firmware

Related: Chinese .Gov Hackers Targeting US Critical Infrastructure

Related: Russian APT Caught Infecgting Ukrainian Military Android Devices

Related Content

Application Security

After validating stolen credentials using TruffleHog, the hacking group started AWS services enumeration and lateral movement activities.

Cloud Security

Two AWS data centers in the United Arab Emirates were “directly struck” and another facility in Bahrain was also damaged after a drone landed...

Cloud Security

The AWS Security Hub Extended plan aims to reduce security tool sprawl by correlating findings across multiple security domains.

Network Security

Threat actors relying on AI have been exploiting exposed ports and weak credentials to take over FortiGate devices.

Cybercrime

Using fake accounts and synthetic data to lure the hackers, the researchers gathered information on their servers.

Cloud Security

AWS and cybersecurity vendors have made several announcements at the cloud giant’s re:Invent 2025 event. 

Cloud Security

AWS has addressed a vulnerability that could have been leveraged to bypass Trusted Advisor’s S3 bucket permissions check.

ICS/OT

Many of the industrial control system (ICS) instances seen in internet scanning are likely or possibly honeypots, not real devices.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version