Also see: " "

"It builds models of known legitimate domains and malicious domains, and uses these models to compute a reputation score for a new domain indicative of whether the domain is malicious or legitimate," writes Manos Antonakakis, a researcher at GATech and co-author of the paper.

The other, Kopis, can detect changes across the DNS infrastructure of a company, Internet service provider or the global Internet, that is characteristic of malicious networks. The systems require about 5 days of training to begin to detect botnets, Holmes says.

"Kopis is a machine learning technology," he says. "It has been trained or can be trained to understand lookup patterns and periodicity and profiles ... based on the diversity of the lookups."

The systems used together have been able to detect botnets, such as the IMDDOS and those built on SpyEye. Many times, it can detect botnets weeks before they and start sending out malware, Holmes says.