Automatic identification of algorithmically generated domain families
US12225029B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | May 9, 2022 |
| Grant date | Feb 11, 2025 |
| Priority date | — |
| Expiry date | Aug 28, 2042 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1425
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
According to the present disclosure, network security systems (e.g., network security algorithms) may uniquely identify an underlying algorithm and configuration used to produce domain names. For instance, network security techniques described herein may consider a collection of fully-qualified domain names (FQDNs) (e.g., taken from related network traffic data) and produce a value that can serve to uniquely identify the underlying generating algorithm and configuration used to produce the collection of FQDNs. In some examples, such may include implementation of statistical techniques to capture characteristic information about the amount of randomness, length, and distribution of characters in the collection of FQDNs. In some aspects, values of the characteristic information are adjusted based on a determined set of precision parameters. In some aspects, a single value may be produced, which can then be stored for later use in comparing with other values produced from some subsequent collection of FQDNs.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.