Patent · US Active

Malware domain detection using passive DNS

US9749336B1 · kind B1 · utility

49Cited by

9References

19Claims

0Family size

Assignee

Palo Alto Networks, Inc. · US

Inventors

Yanxin Zhang · Beijing, CN
Xinran Wang · San Ramon, US
Huagang Xie · Pleasanton, US
Wei Xu · Santa Clara, US

Key dates

Filing date	Feb 26, 2013
Grant date	Aug 29, 2017
Priority date	—
Expiry date	Feb 26, 2033

Classification

Technology area (CPC H)Electricity
CPC primaryH04L61/58
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Techniques for malware domain detection using passive Domain Name Service (DNS) are disclosed. In some embodiments, malware domain detection using passive DNS includes generating a malware association graph that associates a plurality of malware samples with malware source information, in which the malware source information includes a first domain; generating a reputation score for the first domain using the malware association graph and passive DNS information; and determining whether the first domain is a malware domain based on the reputation score for the first domain.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.