Please download the dossier by clicking on the dossier button x
×

Detecting network attacks based on network records

  • US 9,426,171 B1
  • Filed: 09/29/2014
  • Issued: 08/23/2016
  • Est. Priority Date: 09/29/2014
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method, comprising:

  • receiving, by a computer system and from a client device, a domain name system record associated with an access of the client device to a network-based resource, the domain name system record retrieved from data storage of an Internet service provider facilitating the access to the network-based resource, the domain name system record comprising at least one of a domain name or a host name of the network-based resource;

    accessing, by the computer system, a trusted domain name system record that comprises at least one of the domain name or the host name of the network-based resource, the trusted domain name system record accessed from a trusted computing resource other than the data storage of the Internet service provider;

    determining, by the computer system, a mismatch between the received domain name system record and the trusted domain name system record based at least in part on a comparison of at least one of;

    the domain name from the received domain name system record and the domain name from the trusted domain name system record, or the host name from the received domain name system record and the host name from the trusted domain name system record;

    detecting, by the computer system, that the access of the client device to the network-based resource comprises an unauthorized redirection based at least in part on an untrusted server associated with domain name system records stored at the data storage of the Internet service provider; and

    initiating a corrective action based at least in part on the unauthorized redirection, the corrective action comprising;

    generating a flag indicative of the unauthorized redirection through a network of the Internet service provider;

    determining that a number of unauthorized redirections through the network of the Internet service provider exceeds a threshold based at least in part on the flag; and

    detecting that the domain name system records stored at the data storage of the Internet service provider have been altered based at least in part on the number of unauthorized redirections exceeding the threshold.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×