Threat intelligence information access via a DNS protocol

Assignee

• International Business Machines Corporation · US

Inventors

• Markus Ludwig · Waltham, US
• Volker Vogeley · Witzenhausen, DE
• Marc Noske · Kassel, DE
• Matthias Bartelt · Kassel, DE
• Johannes Noll · Heringen (Werra), DE
• Marc-André Isenberg · Witzenhausen, DE
• Uwe Küllmar · Kassel, DE

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/20
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A network-accessible cyber-threat security analytics service is configured to receive and respond to requests that originate as name queries to a Domain Name System (DNS) service. Threat intelligence information provided by the service is organized into threat intelligence zones that correspond to zones exposed via the DNS service. Upon receipt of a DNS query, the query having been generated by an application seeking access to threat intelligence data exposed by the service, the query is translated into a DNS zone-specific API request based on the type of threat intelligence information sought. The zone-specific API request is then used to retrieve the requested threat intelligence information from a threat intelligence database. The requested threat intelligence information is then returned to the application by being encoded as part of a response to the DNS query. In this manner, the DNS protocol is leverage to facilitate highly-efficient access and retrieval of threat intelligence information.