Embedding contexts for on-line threats into response policy zones
First Claim
1. A computer-implemented method for providing contexts for on-line threats that are associated with domain names, the method comprising:
- determining, based on threat intelligence information, one or more threat values associated with an on-line threat that is associated with a first domain name;
generating, based on the first domain name and the one or more threat values, a first alias for the first domain name;
generating a first DNS resource record that maps the first domain name to the first alias; and
transmitting a response policy zone (RPZ) that includes the first DNS resource record to a DNS name server that implements the RPZ to mitigate on-line threats.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, a response policy zone (RPZ) application generates an RPZ that includes contexts for the on-line threats that are associated with domain names. For a domain name that is associated with an on-line threat, the RPZ application determines a threat specification that describes a characteristic of the on-line threat. The RPZ application then generates an alias based on the domain name and the threat specification. Subsequently, the RPZ application generates a domain name system (DNS) resource record that maps the domain name to the alias, includes the resource record in the RPZ, and transmits the RPZ to a DNS name server that implements the RPZ. Upon receiving a DNS query associated with the domain name, the DNS name server generates a DNS response based on the alias. Because the domain name and the threat specification is reflected in the alias, the DNS response automatically provides a relevant context.
7 Citations
20 Claims
-
1. A computer-implemented method for providing contexts for on-line threats that are associated with domain names, the method comprising:
-
determining, based on threat intelligence information, one or more threat values associated with an on-line threat that is associated with a first domain name; generating, based on the first domain name and the one or more threat values, a first alias for the first domain name; generating a first DNS resource record that maps the first domain name to the first alias; and transmitting a response policy zone (RPZ) that includes the first DNS resource record to a DNS name server that implements the RPZ to mitigate on-line threats. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. One or more non-transitory computer-readable storage media including instructions that, when executed by one or more processors, cause the one or more processors to perform the steps of:
-
determining, based on threat intelligence information, one or more threat values associated with an on-line threat that is associated with a first domain name; generating, based on the first domain name and the one or more threat values, a first alias for the first domain name; generating a first DNS resource record that maps the first domain name to the first alias; and transmitting a response policy zone (RPZ) that includes the first DNS resource record to a DNS name server that implements the RPZ to mitigate on-line threats. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A system comprising:
-
a memory storing a response policy zone (RPZ) application; and a processor that is coupled to the memory that executes the RPZ application to; determine, based on threat intelligence, one or more threat values an on-line threat that is associated with a first domain name; generate, on the first domain name and the one or more threat values, a first alias for the first domain name; generate a first DNS resource record that maps the first domain name to the first alias; and transmit an RPZ that includes the first DNS resource record to a DNS name server that implements the RPZ to mitigate on-line threats. - View Dependent Claims (18, 19, 20)
-
Specification