Patent · US Active

Identification of malicious domain campaigns using unsupervised clustering

US12132752B2 · kind B2 · utility

0Cited by

5References

20Claims

0Family size

Assignee

Palo Alto Networks, Inc. · US

Inventors

Michael Weber · Penfield, US
Jun Wang · Sunnyvale, US
Yuchen Zhou · San Jose, US
Wei Xu · Santa Clara, US

Key dates

Filing date	Oct 5, 2023
Grant date	Oct 29, 2024
Priority date	—
Expiry date	Oct 5, 2043

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1441
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

The technology presented herein enables the use of a clustering algorithm to identify additional malicious domains based on known malicious domains. A domain identifier system identifies a first plurality of domain names associated with a malicious domain campaign and seeding a first clustering algorithm with the first plurality of domain names. After seeding the first clustering algorithm, the domain identifier system uses the first clustering algorithm to process passive domain name system (DNS) records to identify and group a second plurality of domain names associated with the malicious domain campaign.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.