Patent · US Active

Classification of malware generated domain names

US9602525B2 · kind B2 · utility

7Cited by

22References

18Claims

0Family size

Assignee

Cisco Technology, Inc. · US

Inventors

Jiang Qian · Shanghai, CN
Adam J. O'Donnell · Philadelphia, US
Paul A. R. Frank · Columbia, US
Patrick Mullen · Columbia, US

Key dates

Filing date	Feb 27, 2015
Grant date	Mar 21, 2017
Priority date	—
Expiry date	Feb 27, 2035

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1466
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Techniques are presented herein that combine a host-based analysis of an executable file on a host computer with a network-based analysis, i.e., an analysis of domain names to detect malware generated domain names that are used by the malicious executable files to establish malicious network connections. A server receives information from a host computer about an executable file that, when executed on the host computer, initiates a network connection. The server also receives information about the network connection itself. The server analyzes the information about the executable file to determine whether the executable file has a malicious disposition. Depending on a disposition of the executable file, the server analyzes the information about the network connection and determines whether the network connection is malicious.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.