Real-time cloud-based detection and mitigation of DNS data exfiltration and DNS tunneling
US10230760B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Oct 24, 2016 |
| Grant date | Mar 12, 2019 |
| Priority date | — |
| Expiry date | Mar 3, 2037 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2463/144
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Various embodiments of the invention disclosed herein provide techniques for managing a domain name system (DNS) based attack. An exfiltration and tunneling mitigation platform receives a first DNS request directed to a first domain name. The exfiltration and tunneling mitigation platform determines that a first characteristic associated with a first fully qualified domain name (FQDN) included in the first DNS request exceeds a first threshold value. In response, the exfiltration and tunneling mitigation platform computes a distance between the first FQDN and a second FQDN included in a second DNS request also directed to the first domain name. The exfiltration and tunneling mitigation platform increments a first count value associated with the first domain name based on the distance. At least one advantage of the disclosed techniques is that a DNS-based attack can be detected and mitigated before a significant amount of DNS exfiltration or DNS tunneling has occurred.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.