Identification of malware sites using unknown URL sites and newly registered DNS addresses

Assignee

• Palo Alto Networks, Inc. · US

Inventors

• Nir Zuk · Menlo Park, US
• Renzo Lazzarato · Pleasanton, US
• Huagang Xie · Pleasanton, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/2111
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

In some embodiments, identification of malware sites using unknown URL sites and newly registered DNS addresses includes performing a heuristic analysis for information associated with a network site; and assigning a score based on the heuristic analysis, in which the score indicates whether the network site is potentially malicious. In some embodiments, the system includes a security appliance that is in communication with the Internet. In some embodiments, the network site is associated with a network domain and/or a network uniform resource locator (URL). In some embodiments, performing a heuristic analysis for information associated with a network site further includes determining if a network site has recently been registered. In some embodiments, performing a heuristic analysis for information associated with a network site further includes determining if a network site is associated with recently changed DNS information. In some embodiments, performing a heuristic analysis for information associated with a network site further includes determining geographical information as well as an IP network location associated with the network site.