×

METHOD AND SYSTEM FOR DETECTING DGA-BASED MALWARE

  • US 20130191915A1
  • Filed: 01/24/2013
  • Published: 07/25/2013
  • Est. Priority Date: 01/25/2012
  • Status: Active Grant
First Claim
Patent Images

1. A method for detecting a domain generation algorithm (DGA), comprising:

  • performing processing associated with clustering, utilizing a name-based features clustering module accessing information from an electronic database of NX domain information, the randomly generated domain names based on the similarity in the make-up of the randomly generated domain names;

    performing processing associated with clustering, utilizing a graph clustering module, the randomly generated domain names based on the groups of assets that queried the randomly generated domain names;

    performing processing associated with determining, utilizing a daily clustering correlation module and a temporal clustering correlation module, which clustered randomly generated domain names are highly correlated in daily use and in time; and

    performing processing associated with determining the DGA that generated the clustered randomly generated domain names.

View all claims
  • 12 Assignments
Timeline View
Assignment View
    ×
    ×