problem statement:-
i have a nx2 matrix with n rows and 2 columns. one of the columns is having hostnames, i.e www.google.com , www.facebook.com etc...the matrix has been derived out of the DNS queries in a network. so its a huge number of DNS queries or queried hostnames.
momentarily leave all the previous stuff aside , now i get a list of hostnames that are malware affected or blacklisted or infected. and what i need to do is to find whether any of the blacklisted domain(i get from a different source , say an antivirus compay) is there in the DNS queries of my network log or not.
say for example : – ww w .ma thworks . com (space intentionally left)
is an infected site and i want to look into my DNS traffic that is there any hostname queried that matches with mathworks.com ? and that would let me an insight into if i my network is a part of a botnet or a victim of a trojan or something like that.
so i was planning that if i sort out the words like mathworks in above case and matching the strings in the network traffic log or DNS log . for that i need to get all the keywords between two dots in a hostname , say we have to get (google and co) from www.google.co.inand if we get the keywords between dots then we can match it with the original DNS log file to get whether my network is infected or not.
i seriously think i am pretty bad at explaining things 🙁
Best Answer