Using aggregated DNS information originating from multiple sources to detect anomalous DNS name resolutions
US8321551B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Feb 2, 2010 |
| Grant date | Nov 27, 2012 |
| Priority date | — |
| Expiry date | Nov 21, 2030 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1441
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A DNS security system collects and uses aggregated DNS information originating from a plurality of client computers to detect anomalous DNS name resolutions. A server DNS security component receives multiple transmissions of DNS information from a plurality of client computers, each transmission of DNS information concerning a specific instance of a resolution of a specific DNS name. The server component aggregates the DNS information from the multiple client computers. The server component compares DNS information received from a specific client computer concerning a specific DNS name to aggregated DNS information received from multiple client computers concerning the same DNS name to identify anomalous DNS name resolutions. Where an anomaly concerning received DNS information is identified, a warning can be transmitted to the specific client computer from which the anomalous DNS information was received.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.