Fast-flux detection utilizing domain name system information
US9426168B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Aug 28, 2014 |
| Grant date | Aug 23, 2016 |
| Priority date | — |
| Expiry date | Dec 27, 2034 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2463/144
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A processing device comprises a processor coupled to a memory and is configured to determine a first set of features from domain name system (DNS) information, the first set of features being defined over a domain, and to determine a second set of features from the DNS information, the second set of features being defined over internet protocol (IP) addresses returned for the domain. The processing device is further configured to compute a fast-flux score based on the first and second sets of features, and to utilize the fast-flux score to characterize fast-flux activity relating to the domain. For example, the processing device can be configured to compare the fast-flux score to a threshold, and to generate an indicator of the presence or absence of fast-flux activity based on a result of the comparison. The processing device may be implemented in a computer network or network security system.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.