Patent · US Active

System and method for locating DGA compromised IP addresses

US12126639B2 · kind B2 · utility

1Cited by

1References

12Claims

0Family size

Assignee

Palo Alto Networks, Inc. · US

Inventors

Weihan Jiang · San Jose, US
David Q. He · Cupertino, US
Xuya Jiang · San Jose, US

Key dates

Filing date	May 3, 2022
Grant date	Oct 22, 2024
Priority date	—
Expiry date	Sep 27, 2042

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1416
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A system and method for locating DGA compromised IP addresses is provided. A domain name system (DNS) stream is received. The DNS stream is classified into DGA generated domains using a machine learning classifier to generate a classification output. User behavior profiling is performed to enhance the classification output. A verdict is generated based on the user behavior profiling of the classification output including identifying a compromised source IP address associated with a detected DGA malware attack.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.