This ML model is an optional component of the BlueCat Edge solution which runs within customer-specific instances of the BlueCat cloud infrastructure. This model retroactively analyzes each DNS query received from a client and looks for unique characteristics of that query that may indicate that a DGA was used to create the query target. This model is derived from an open source project and has been customized by BlueCat developers to more accurately detect DGA characteristics. As this model does not function in real time and has access to a larger data set of historical queries it is generally more accurate that the real-time detection model.
The training data for this model consists solely of publicly-available DNS query data. BlueCat does not use any customer-derived data to train this model.