Systems And Methods For Identifying Malicious Domains Using Internet-wide Dns Lookup Patterns

Files
8713676.pdf (688.3 KB)
Author(s)
Advisor(s)
Editor(s)
Associated Organization(s)
Organizational Unit
Series
Series
Collections
Research Publications
Supplementary to:
Permanent Link
http://hdl.handle.net/1853/56880
Abstract
Systems and methods are disclosed for identifying domains as malicious based on Internet-wide DNS lookup patterns. Disclosed embodiments look for variance in the servers that look up a domain and also look at the popularity growth (quantity of queries from unique addresses) of a domain after registration to identify malicious domains. Other disclosed embodiments measure the similarity of servers that query a domain and cluster domains based on the similarity of those servers. Disclosed embodiments may use such temporal and spatial lookup patterns as input to a blacklist process to more effectively and quickly blacklist domains based on their Internet-wide lookup patterns.
Sponsor
Date
4/29/2014
Extent
Resource Type
Text
Resource Subtype
Patent
Rights Statement
Rights URI