Invention Grant
- Patent Title: Detection of DNS (domain name system) tunneling and exfiltration through DNS query analysis
-
Application No.: US17410261Application Date: 2021-08-24
-
Publication No.: US11777960B2Publication Date: 2023-10-03
- Inventor: Brad J. Antoniewicz
- Applicant: Cisco Technology, Inc.
- Applicant Address: US CA San Jose
- Assignee: CISCO TECHNOLOGY, INC.
- Current Assignee: CISCO TECHNOLOGY, INC.
- Current Assignee Address: US CA San Jose
- The original application number of the division: US15897141 2018.02.14
- Main IPC: H04L61/4511
- IPC: H04L61/4511 ; H04L9/40
Abstract:
In one embodiment, a method includes collecting DNS (Domain Name System) communications, analyzing the DNS communications, and identifying DNS tunneling or exfiltration based analysis of the DNS communications. Analyzing the DNS communications includes identifying a distinct query count for each of a plurality of clients over a specified time period and a data transfer direction between the clients and one or more servers, and categorizing the DNS communications based on session features associated with at least one of query type, transfer capability, and server response. An apparatus and logic are also disclosed herein.
Public/Granted literature
- US20210400061A1 DETECTION OF DNS (DOMAIN NAME SYSTEM) TUNNELING AND EXFILTRATION THROUGH DNS QUERY ANALYSIS Public/Granted day:2021-12-23
Information query
