Patent · US Active

Identification of malicious domain campaigns using unsupervised clustering

US11818151B2 · kind B2 · utility

0Cited by

2References

20Claims

0Family size

Assignee

Palo Alto Networks, Inc. · US

Inventors

Michael Weber · Penfield, US
Jun Wang · Sunnyvale, US
Yuchen Zhou · San Jose, US
Wei Xu · Santa Clara, US

Key dates

Filing date	Jul 12, 2018
Grant date	Nov 14, 2023
Priority date	—
Expiry date	Jan 13, 2041

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1441
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

The technology presented herein enables the use of a clustering algorithm to identify additional malicious domains based on known malicious domains. A domain identifier system identifies a first plurality of domain names associated with a malicious domain campaign and seeding a first clustering algorithm with the first plurality of domain names. After seeding the first clustering algorithm, the domain identifier system uses the first clustering algorithm to process passive domain name system (DNS) records to identify and group a second plurality of domain names associated with the malicious domain campaign.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.