August 5, 2024 at 05:06PM
AWS is utilizing a massive neural network graph model named Mitra, comprising 3.5 billion nodes and 48 billion edges, to detect malicious domains within its infrastructure. This system generates reputation scores for domain names and aids in predicting potential threats before they appear on third-party feeds, complemented by an internal decoy system called MadPot to ensnare and disrupt malicious activity.
From the provided meeting notes, the key takeaways include:
1. AWS is utilizing a massive neural network graph model called Mitra to detect malicious domains within its infrastructure.
2. Mitra processes up to 200 trillion DNS requests per day and identifies an average of 182,000 new malicious domains daily.
3. It assigns a reputation score to each domain name queried in AWS, reducing reliance on third-party threat detection.
4. The Mitra system is capable of predicting malicious domains days, weeks, or even months before they appear in third-party threat intel feeds.
5. AWS also employs an internal threat intel decoy system called MadPot, designed by Nima Sharifi Mehr, to trap malicious activity and provide protection data for AWS security products.
6. MadPot is used to monitor and block DDoS botnets and prevent high-end threat actors from compromising AWS customers.
These are the key points distilled from the meeting notes.