Identification of a DNS packet as malicious based on a value
First Claim
Patent Images
1. A method, executable by a computing device, the method comprising:
- determining a number of hosts, within an enterprise, resolving a particular domain; and
identifying whether the particular domain is benign based on the number of hosts resolving the particular domain, wherein identifying whether the particular domain is benign based the number of hosts resolving the particular domain comprises;
identifying the domain as benign if the number of hosts resolving the particular domain is above a threshold; and
identifying the domain as malicious if the number of hosts resolving the particular domain is below the threshold.
2 Assignments
0 Petitions
Accused Products
Abstract
Examples determine a number of hosts, within an enterprise, which are resolving a particular domain. Based on the number of hosts within the enterprise resolving the particular domain, the examples identify whether the particular domain is benign.
-
Citations
16 Claims
-
1. A method, executable by a computing device, the method comprising:
-
determining a number of hosts, within an enterprise, resolving a particular domain; and identifying whether the particular domain is benign based on the number of hosts resolving the particular domain, wherein identifying whether the particular domain is benign based the number of hosts resolving the particular domain comprises; identifying the domain as benign if the number of hosts resolving the particular domain is above a threshold; and identifying the domain as malicious if the number of hosts resolving the particular domain is below the threshold. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitory machine-readable storage medium comprising instructions that when executed by a processing resource cause a computing device to:
-
determine a number of hosts resolving a particular domain; determine a number of resolutions corresponding to the particular domain; and identify whether the particular domain is benign based on the number of hosts and the number of resolutions, wherein to identify whether the particular domain is benign based on the number of hosts and the number of resolutions comprises instructions that when executed by the processing resource causes the computing device to; identify the particular domain as benign if the number of hosts and the number of resolutions are each above a threshold; and identify the domain as malicious if the number of hosts or the number of resolutions are below the threshold. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A networking system comprising:
- an appliance to;
process domain name system (DNS) traffic between a DNS server and hosts; determine a number of hosts, within an enterprise, resolving a particular domain; determine a number of resolutions corresponding to the particular domain; and
identify whether the particular domain is benign based on the number of hosts and the number of resolutions, wherein to identify whether the particular domain is benign, the appliance is to;identify the particular domain as benign if the number of hosts and the number of resolutions are above a threshold; and identify the particular domain as malicious if the number of hosts or the number of resolutions are below the threshold. - View Dependent Claims (13, 14, 15, 16)
- an appliance to;
Specification