About Damballa Labs

Damballa Labs is a team of recognized authorities in cyber threats, malware analysis, and applied scientific research that collaborate with some of the best minds in the academic community to discover new and innovative ways to stay ahead of cyber crime activity. Specifically, Damballa Labs retains some of the most knowledgeable experts on DNS, machine learning technologies and criminal command-and-control infrastructure.

Damballa Labs also maintains close ties to the leading academic professors and researchers in the areas of cyber crime infrastructure and DNS analytics. Damballa was founded out of Georgia Tech and several of the patents and scientific research initiatives have been coordinated with the Georgia Tech Information Security Center (GTISC), where research in DNS-based monitoring for building defenses for criminal attacks has been supported by funding from the National Science Foundation, the Department of Homeland Security, the Office of Naval Research, the Air Force Research Labs, the Army Research Office, and Google.

No one understands the threat better than Damballa, and no other company has better technology or intelligence capable of detecting and terminating cyber attacks.



Characterizing Malicious Traffic on Cellular Networks: A Retrospective.
RSA Conference 2015, San Francisco, CA; April 22, 2015.
Charles Lever, Damballa, Inc.

DNS Noise: Measuring the Pervasiveness of Disposable Domains in Modern DNS Traffic.
International Conference on Dependable Systems and Networks (DSN), 2014
Yizheng Chen, Manos Antonakakis, Roberto Perdisci, Yacin Nadji, David Dagon, Wenke Lee.

Beheading Hydras: Performing Effective Botnet Takedowns.
Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2013
Yacin Nadji, Manos Antonakakis, Roberto Perdisci, David Dagon, Wenke Lee.

Connected Colors: Unveiling the Structure of Criminal Networks.
Research in Attacks, Intrusions and Defenses (RAID), 2013.
Yacin Nadji, Manos Antonakakis, Roberto Perdisci, Wenke Lee.

ExecScent: Mining for New C&C Domains in Live Networks with Adaptive Control Protocol Templates
Proceedings of the 22nd USENIX Security Symposium, Washington, D.C., USA
Terry Nelms, Damballa, Inc. and Georgia Institute of Technology; Roberto Perdisci, University of Georgia and Georgia Institute of Technology; Mustaque Ahamad, Georgia Institute of Technology and New York University Abu Dhabi

Unveiling The Latest Variant of Pushdo Mv20

A case study on the new Pushdo-DGA

The Core of the Matter: Analyzing Malicious Traffic in Cellular Carriers

In Proceedings of The 20th Annual Network and Distributed System Security Symposium (NDSS 2013), San Diego, CA, February 24-27, 2013.
Charles Lever, Manos Antonakakis, Bradley Reaves, Patrick Traynor and Wenke Lee.

Unveiling the Network Criminal Infrastructure of TDSS/TDL4 – DGAv14: A case study on a new TDSS/TDL4 variant

Manos Antonakakis, Jeremy Demar, Kevin Stevens and David Dagon, Damballa Inc., Georgia Institute of Technology, GTISC

From Throw-Away Traffic to Bots: Detecting the Rise of DGA-Based Malware

21st USENIX Security Symposium, Bellevue, WA; August 8-10, 2012.
Manos Antonakakis, Roberto Perdisci, Yacin Nadji, Nikolaos Vasiloglou, Saeed Abu-Nimeh, Wenke Lee and David Dagon

Understanding the Prevalence and Use of Alternative Plans in Malware with Network Games

In Proceedings of The 27th Annual Computer Security Applications Conference (ACSAC 2011), Orlando, FL, December 2011.
Y. Nadji, M. Antonakakis, R. Perdisci, W. Lee.

Detecting Malware Domains at the Upper DNS Hierarchy

In the 20th USENIX Security Symposium, San Francisco, CA, August 8-12, 2011.
M. Antonakakis, Roberto Perdisci, Wenke Lee, Nikolaos Vasiloglou, David Dagon.

The IMDDOS Botnet: Discovery and Analysis

Damballa Threat Research
Manos Antonakakis, Christopher Elisan, Aldrich de Mata, Erik Wu

Building a Dynamic Reputation System for DNS

In Proceedings of the 19th USENIX Security Symposium, Washington D.C., August 11, 2010.
Manos Antonakakis, Roberto Perdisci, David Dagon, Wenke Lee and Nick Feamster.

Behavioral Clustering of HTTP-based Malware and Signature Generation using Malicious Network Traces

7th USENIX Symposium on Networked Systems Design and Implementation (NSDI ’10), San Jose, CA, April 28–30, 2010.
Roberto Perdisci, Wenke Lee, Nick Feamster.