Patent · US Active

Autonomous domain generation algorithm (DGA) detector

US10979451B2 · kind B2 · utility

0Cited by

1References

20Claims

0Family size

Assignee

Cisco Technology, Inc. · US

Inventors

Lukas Machlica · Praha, CZ
Ivan Nikolaev · Praha, CZ
Karel Bartos · Praha, CZ
Martin Grill · Praha, CZ

Key dates

Filing date	Feb 14, 2018
Grant date	Apr 13, 2021
Priority date	—
Expiry date	Sep 14, 2038

Classification

Technology area (CPC H)Electricity
CPC primaryH04L2463/144
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

In one embodiment, a security device in a computer network detects potential domain generation algorithm (DGA) searching activity using a domain name service (DNS) model to detect abnormally high DNS requests made by a host attempting to locate a command and control (C&C) server in the computer network. The server device also detects potential DGA communications activity based on applying a hostname-based classifier for DGA domains associated with any server internet protocol (IP) address in a data stream from the host. The security device may then correlate the potential DGA searching activity with the potential DGA communications activity, and identifies DGA performing malware based on the correlating, accordingly.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.