Patent · US Active

Systems and methods to detect and monitor DNS tunneling

US10432651B2 · kind B2 · utility

9Cited by

2References

17Claims

0Family size

Assignee

Zscaler, Inc. · US

Inventors

Sushil Pangeni · Fremont, US
Vladimir Stepanenko · Sunnyvale, US
Ravinder Verma · San Jose, US
Srikanth Devarajan · San Jose, US

Key dates

Filing date	Aug 17, 2017
Grant date	Oct 1, 2019
Priority date	—
Expiry date	Jan 30, 2038

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1466
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Systems and methods of detecting Domain Name System (DNS) tunnels for monitoring thereof include obtaining data related to DNS traffic between DNS nameservers and clients; determining a score for each DNS nameserver based on the data to characterize DNS queries over a period of time for each DNS nameserver, wherein the score incorporates all DNS queries associated with the associated DNS nameserver over the period of time; determining one or more DNS nameservers likely operating DNS tunnels based on the score; and performing one or more actions on the one or more DNS nameservers related to the DNS tunnels.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.