| 发明名称 | Detecting network attacks based on network records | ||
| 摘要 | Techniques for analyzing access to a network-based resource may be provided. For example, a client record associated with the access to the network-based resource over a network may be compared to a provider record. The client record may indicate an address of the network based resource and can be received from a computing resource. The provider record can also indicate the address and can be received from a trusted computing resource. Based on the comparison, an issue associated with the access to the network-based resource over the network may be detected. | ||
| 申请公布号 | US9426171(B1) | 申请公布日期 | 2016.08.23 |
| 申请号 | US201414500869 | 申请日期 | 2014.09.29 |
| 申请人 | Amazon Technologies, Inc. | 发明人 | Jezorek Matthew Ryan;Van Horenbeeck Maarten;Lai Richie |
| 分类号 | H04L29/00;H04L29/06;H04L29/08;H04L29/12 | 主分类号 | H04L29/00 |
| 代理机构 | Kilpatrick Townsend & Stockton LLP | 代理人 | Kilpatrick Townsend & Stockton LLP |
| 主权项 | 1. A computer-implemented method, comprising: receiving, by a computer system and from a client device, a domain name system record associated with an access of the client device to a network-based resource, the domain name system record retrieved from data storage of an Internet service provider facilitating the access to the network-based resource, the domain name system record comprising at least one of a domain name or a host name of the network-based resource; accessing, by the computer system, a trusted domain name system record that comprises at least one of the domain name or the host name of the network-based resource, the trusted domain name system record accessed from a trusted computing resource other than the data storage of the Internet service provider; determining, by the computer system, a mismatch between the received domain name system record and the trusted domain name system record based at least in part on a comparison of at least one of: the domain name from the received domain name system record and the domain name from the trusted domain name system record, or the host name from the received domain name system record and the host name from the trusted domain name system record; detecting, by the computer system, that the access of the client device to the network-based resource comprises an unauthorized redirection based at least in part on an untrusted server associated with domain name system records stored at the data storage of the Internet service provider; and initiating a corrective action based at least in part on the unauthorized redirection, the corrective action comprising: generating a flag indicative of the unauthorized redirection through a network of the Internet service provider;determining that a number of unauthorized redirections through the network of the Internet service provider exceeds a threshold based at least in part on the flag; anddetecting that the domain name system records stored at the data storage of the Internet service provider have been altered based at least in part on the number of unauthorized redirections exceeding the threshold. | ||
| 地址 | Seattle WA US | ||