Invention Grant
US09270693B2 Detection of infected network devices and fast-flux networks by tracking URL and DNS resolution changes
有权
通过跟踪URL和DNS解析更改来检测受感染的网络设备和快速通量网络
- Patent Title: Detection of infected network devices and fast-flux networks by tracking URL and DNS resolution changes
- Patent Title (中): 通过跟踪URL和DNS解析更改来检测受感染的网络设备和快速通量网络
-
Application No.: US14031050Application Date: 2013-09-19
-
Publication No.: US09270693B2Publication Date: 2016-02-23
- Inventor: Aaron R. Davis , Timothy M. Aldrich
- Applicant: The Boeing Company
- Applicant Address: US IL Chicago
- Assignee: The Boeing Company
- Current Assignee: The Boeing Company
- Current Assignee Address: US IL Chicago
- Agency: McDonnell Boehnen Hulbert & Berghoff LLP
- Main IPC: H04L29/06
- IPC: H04L29/06 ; H04L29/12
Abstract:
A system and method for detecting Fast-Flux malware are presented. Domain name system (DNS) lookup requests to DNS servers from a local area network (LAN) to a wide area network (WAN) are monitored. The DNS lookup requests comprise requests to resolve uniform resource locators (URLs) to network addresses. The network addresses (IP) received from the DNS servers for the DNS lookup requests are monitored provide a URL-to-IP associations list. The DNS servers used for the DNS lookup requests for the URLs are monitored to provide a DNS Domain-to-DNS server associations list. A suspicious URL log based on the URL-to-IP associations list, and a suspicious DNS log based on the DNS Domain-to-DNS server associations list are generated.
Public/Granted literature
- US20150082431A1 DETECTION OF INFECTED NETWORK DEVICES AND FAST-FLUX NETWORKS BY TRACKING URL AND DNS RESOLUTION CHANGES Public/Granted day:2015-03-19
Information query
