Page 80 - CSI - Cisco Security Instroduction - BT
P. 80

Cisco Umbrella


          Co-occurrence models
                                                                    Domains guilty by inference


















                             time -                                                                                                                          time +







                                     a.com             b.com                  c.com          x.com          d.com                  e.com             f.com





                                           Possible malicious domain                                           Possible malicious domain


                                                                             Known malicious domain

                                           Co-occurrence of domains means that a statistically significant number of identities

                                                       have requested both domains consecutively in a short timeframe




          83
   75   76   77   78   79   80   81   82   83   84   85