Detecting domain name system (DNS) tunneling based on DNS logs and network data
US10412107B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 22, 2017 |
| Grant date | Sep 10, 2019 |
| Priority date | — |
| Expiry date | Jun 7, 2037 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/0272
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A system to detect domain name server tunneling includes a processor and machine readable instructions stored on a tangible machine readable medium, which when executed by the processor, configure the processor to collect, during a predetermined time period, responses received from a domain name server to queries sent to the domain name server by a computing device, the responses including internet protocol (IP) addresses; collect IP addresses accessed by the computing device during the predetermined time period; compare the IP addresses received by the computing device in the responses from the domain name server to the IP addresses accessed by the computing device; and detect domain name server tunneling based on the comparison.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.