Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


DNS DGA Detection Overview

Domain Name System (DNS) Domain Generation Algorithm (DGA) generates seemingly random domain names that are used as rendezvous points with potential C&C servers. DNS DGA detection uses machine learning models as well as known pre-computed DGA domain names and provides domain verdicts, which helps in-line blocking and sinkholing of DNS queries on Juniper Secure Edge.

Juniper ATP Cloud provides a machine learning-based DGA detection model. Juniper Secure Edge acts as a collector of security metadata and streams the metadata to Juniper ATP Cloud for DGA analysis. We use both ATP Cloud service and security-metadata-streaming framework to conduct DGA Inspection in the cloud.

DNS DGA detection is available only with a Secure Edge Advanced or higher license.

To view DNS DGA detections, navigate to Monitor > ATP > DNS. The DGA detections are displayed as shown in Figure 1.

Figure 1: DNS DGA Page DNS DGA Page