ExtraHop® open sources machine learning dataset to help security teams detect malware and botnet operations faster

ExtraHop, a pioneer in cloud-native network detection and response (NDR), announced it is open-sourcing its expansive 16 million-row dataset, one of the most robust available to help defend against domains generated by algorithm (DGAs).

This is to level the playing field for defenders and empower businesses of all sizes to better secure their organisations by strengthening defenses against malware and botnet operations.

Cyber landscape

Amid a widening cybersecurity skills gap (up 26% in 2022) and dwindling resources, the cyber landscape is rapidly evolving. 

As new threats rapidly appear, open-sourced research and datasets are a solution to overcoming the challenges security teams face daily.

Addressing the cybersecurity gap

Collaboration among the cybersecurity community is invaluable, coming together to share our best work"

“The challenges we face in security are formidable and dynamic, and, with this initiative, we’re democratising the tools needed for threat research detection for security teams of all sizes, backgrounds, and industries,” said Raja Mukerji, Chief Scientist and Co-Founder, ExtraHop.

Raja Mukerji adds, “Collaboration among the cybersecurity community is invaluable, coming together to share our best work is the only way to remain on the offense and put attackers at a disadvantage. Our research will be a game-changer for the community and we encourage other teams to open source their insights that will similarly benefit the industry at large.”

DGA detector dataset

Striving for industry collaboration, ExtraHop is releasing its DGA detector dataset, made up of more than 16 million rows of data, on GitHub to help security teams identify malicious activity in their environments before it becomes a business problem.

DGAs are used by threat actors to maintain control within an organisation’s environment upon making their entrance onto a network, making attacks difficult to detect and stop.

Reveal(x)

Originally built for ExtraHop’s award-winning NDR platform, Reveal(x), this research can be used by any security researcher to construct their machine learning (ML) classifier model to more quickly identify DGAs and intervene in attacks with greater speed and precision. 

Since its implementation in Reveal(x), the ExtraHop DGA model has demonstrated more than 98% accuracy.

Detect DGAs swiftly

“Giving threat actors the ability to operate undetected and an uptick in these types of attacks, DGAs are increasingly considered a major threat to businesses today,” said Todd Kemmerling, Director of Data Science, at ExtraHop.

Todd Kemmerling adds, “As we began developing a model for detecting DGAs, it became apparent there was a lack of public datasets accessible to security teams with a wide-ranging set of resources. With this dataset, we are filling that gap, giving any security team access to the pivotal data needed to detect DGAs swiftly.”