Detecting and remediating highly vulnerable domain names using passive DNS measurements
US10652271B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 24, 2017 |
| Grant date | May 12, 2020 |
| Priority date | — |
| Expiry date | Dec 21, 2037 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2101/35
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Some embodiments provide a technique for detecting highly-vulnerable domain names and remediating associated problems. The technique can include collecting DNS data representing a requests to the DNS over a period of time and determining a subset of the DNS data representing DNS-based service discovery requests to unregistered domains over the period of time. The technique can also include, for each of the unregistered domains, determining a query ratio and a persistence ratio. The technique can also include ranking the unregistered domains according to a metric that includes the query ratios and the persistence ratios, such that a ranked list of domain names is produced and outputting an initial segment of the ranked list of domain names as the highly-vulnerable domain names. The technique can also include remediating attacks on at least one of the highly-vulnerable domain names.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.