Invention Grant
- Patent Title: Identifying DNS tunneling domain names by aggregating features per subdomain
-
Application No.: US16816797Application Date: 2020-03-12
-
Publication No.: US11595357B2Publication Date: 2023-02-28
- Inventor: David Brandon Rodriguez , Thomas Manianghat Mathew , Gilad Rainer , Dhia Mahjoub , Jingchuan Chen , Christian Neufeld
- Applicant: Cisco Technology, Inc.
- Applicant Address: US CA San Jose
- Assignee: Cisco Technology, Inc.
- Current Assignee: Cisco Technology, Inc.
- Current Assignee Address: US CA San Jose
- Agency: Behmke Innovation Group LLC
- Agent Kenneth J. Heywood; Jonathon P. Western
- Main IPC: H04L9/40
- IPC: H04L9/40 ; G06N20/00 ; H04L61/4511
Abstract:
In one embodiment, a service computes a plurality of features of a subdomain for which a Domain Name System (DNS) query was issued. The service aggregates the plurality of computed features into a feature vector. The service uses the feature vector as input to a machine learning classifier, to determine whether the subdomain is a DNS tunneling domain name. The service provides an indication that the subdomain is a DNS tunneling domain name, when the machine learning classifier determines that the subdomain is a DNS tunneling domain name.
Public/Granted literature
- US20210126901A1 IDENTIFYING DNS TUNNELING DOMAIN NAMES BY AGGREGATING FEATURES PER SUBDOMAIN Public/Granted day:2021-04-29
Information query
