Title:
Systems And Methods For Identifying Malicious Domains Using Internet-wide Dns Lookup Patterns
Systems And Methods For Identifying Malicious Domains Using Internet-wide Dns Lookup Patterns
Files
Author(s)
Advisor(s)
Editor(s)
Collections
Supplementary to
Permanent Link
Abstract
Systems and methods are disclosed for identifying domains as malicious based on Internet-wide DNS lookup patterns. Disclosed embodiments look for variance in the servers that look up a domain and also look at the popularity growth (quantity of queries from unique addresses) of a domain after registration to identify malicious domains. Other disclosed embodiments measure the similarity of servers that query a domain and cluster domains based on the similarity of those servers. Disclosed embodiments may use such temporal and spatial lookup patterns as input to a blacklist process to more effectively and quickly blacklist domains based on their Internet-wide lookup patterns.
Sponsor
Date Issued
4/29/2014
Extent
Resource Type
Text
Resource Subtype
Patent