Detecting DNS fast-flux anomalies
US8260914B1 · kind B1 · utility
Assignee
Inventor
Key dates
| Filing date | Jun 22, 2010 |
| Grant date | Sep 4, 2012 |
| Priority date | — |
| Expiry date | Mar 17, 2031 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2463/144
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method for detecting automatically generated malicious domain names in a network. The method includes identifying a plurality of domain name service (DNS) queries in the network, wherein the plurality of DNS queries share a common attribute, analyzing, using a central processing unit (CPU) of a computer, the plurality of DNS queries to identify a plurality of alphanumeric elements embedded in a set of domain names associated with the plurality of DNS queries, analyzing, using the CPU, the plurality of alphanumeric elements to determine a distribution metric of the set of domain names, and generating an alert based on the distribution metric according to a pre-determined criterion.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.