| 发明名称 |
DOMAIN CLASSIFICATION BASED ON DOMAIN NAME SYSTEM (DNS) TRAFFIC |
| 摘要 |
Techniques are provided herein for classifying domains based on DNS traffic so that domains that are malicious or associated with malicious activity can be identified. Traffic between one or more domain name system (DNS) resolvers and one or more authoritative name servers hosted on the Internet is analyzed analyzing at a server having network connectivity. A mismatch between a hostname and Internet Protocol (IP) information for the hostname is detected in the traffic and domains included in the traffic are classified based on the detecting. |
| 申请公布号 |
US2017041333(A1) |
申请公布日期 |
2017.02.09 |
| 申请号 |
US201615226250 |
申请日期 |
2016.08.02 |
| 申请人 |
Cisco Technology, Inc. |
发明人 |
Mahjoub Dhia;Mathew Thomas M. |
| 分类号 |
H04L29/06;H04L29/12 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method comprising:
analyzing, at a server having network connectivity, traffic between one or more domain name system (DNS) resolvers and one or more authoritative name servers hosted on the Internet; detecting, in the traffic, a mismatch between a hostname and Internet Protocol (IP) information for the hostname; and classifying domains included in the traffic based on the detecting. |
| 地址 |
San Jose CA US |
