Traffic like NXDomains
First Claim
Patent Images
1. A method, implemented using a computer, of analyzing network traffic related to domain names, comprising:
- storing network traffic data associated with Domain Name System (DNS) requests for non-existent domains (NXDs);
receiving an analysis request associated with at least one domain name;
creating, using the computer and based on the stored network traffic data, an NXD list comprising NXDs that received at least one DNS request during a time period;
determining, using the computer and based on the stored network traffic data, a similarity metric that reflects a degree of similarity between the stored network traffic of the at least one domain name and the stored network traffic for an NXD listed in the NXD list; and
providing an analysis report identifying one or more potentially valuable NXDs based on the similarity metric.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems for analyzing network traffic related to domain names, including Non-Existent Domain names, comprise: storing network traffic data associated with DNS requests for NXDs; receiving an analysis request associated with a domain name; creating, based on the stored network traffic data, an NXD list comprising NXDs that received at least one DNS request during a specified time period; computing, based on the stored network traffic data, a similarity metric for each NXD listed in the NXD list; and providing an analysis report identifying potentially valuable NXDs based on the computed similarity metrics.
21 Citations
22 Claims
-
1. A method, implemented using a computer, of analyzing network traffic related to domain names, comprising:
-
storing network traffic data associated with Domain Name System (DNS) requests for non-existent domains (NXDs); receiving an analysis request associated with at least one domain name; creating, using the computer and based on the stored network traffic data, an NXD list comprising NXDs that received at least one DNS request during a time period; determining, using the computer and based on the stored network traffic data, a similarity metric that reflects a degree of similarity between the stored network traffic of the at least one domain name and the stored network traffic for an NXD listed in the NXD list; and providing an analysis report identifying one or more potentially valuable NXDs based on the similarity metric. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer system for analyzing network traffic related to domain names, comprising:
-
a processing system comprising one or more processors; and a memory system comprising one or more computer-readable media, wherein the computer readable media store instructions that, when executed by the processing system, cause the system to perform operations comprising; storing network traffic data associated with Domain Name System (DNS) requests for non-existent domains (NXDs); receiving an analysis request associated with at least one domain name; creating, based on the stored network traffic data, an NXD list comprising NXDs that received at least one DNS request during a time period; determining, based on the stored network traffic data, a similarity metric that reflects a degree of similarity between the stored network traffic of the at least one domain name and the stored network traffic of an NXD listed in the NXD list; and providing an analysis report identifying one or more potentially valuable NXDs based on the similarity metric. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification