发明名称 |
Systems and methods for detecting similarities in network traffic |
摘要 |
A system, computer-readable medium, and method for identifying similarities in network traffic are provided. Hash values are calculated from Internet Protocol (IP) addresses in a group of IP addresses that request a domain name, a hash signature is generated from the hash values and paired with the domain name, and the domain name is then clustered with another domain name having a paired hash of the same value. The clustered domain names are then extracted and used in a similarity calculation. |
申请公布号 |
US8745737(B2) |
申请公布日期 |
2014.06.03 |
申请号 |
US201113340523 |
申请日期 |
2011.12.29 |
申请人 |
Verisign, Inc |
发明人 |
Thomas Matthew;Jawalkar Nipun |
分类号 |
G06F11/00;G06F12/14;G06F12/16;G08B23/00 |
主分类号 |
G06F11/00 |
代理机构 |
|
代理人 |
|
主权项 |
1. A computer-implemented method for detecting similar network activity, the method being carried out by a computer system having at least one processor, the method comprising:
receiving records comprising groups of Internet Protocol (IP) addresses and a plurality of domains, a first group of the groups of IP addresses being associated with a first domain of the plurality of domains; applying, by the at least one processor, a first hash function to compute a first plurality of hash values for the first group, the first plurality of hash values including hash values for IP addresses in the first group; selecting a first hash value of the first plurality of hash values to determine a hash signature, wherein the hash signature represents the first group; outputting the hash signature and the first domain as a first pair; grouping the first pair with a second pair based on the second pair comprising a second hash signature having a same value as the first hash signature, wherein the second pair comprises a second domain; and outputting the first domain and the second domain as a set of domains for use as candidates in a similarity computation.
|
地址 |
Reston VA US |