Methods and apparatus for identifying and characterizing computer network infrastructure involved in malicious activity
US10044736B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Sep 21, 2016 |
| Grant date | Aug 7, 2018 |
| Priority date | — |
| Expiry date | Mar 10, 2037 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/107
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
In some embodiments, an apparatus includes a memory and a processor operatively coupled to the memory. The processor is configured to receive a set of domain name resolutions associated with a domain. Each domain name resolution from the set of domain name resolutions includes a mapping between a domain name and an Internet Protocol (IP) address. The processor is then configured to determine, based on the set of domain name resolutions, a set of resolution metrics associated with a first geolocation and a set of resolution metrics associated with a second geolocation. The processor is also configured to compare and identify a role of an adversary infrastructure at the first geolocation and a role of an adversary infrastructure at the second geolocation, and subsequently send a signal such that a remedy response associated with at least one of the set of IP addresses or the domain name is initiated.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.