Detecting network attacks based on network records
First Claim
Patent Images
1. A computer-implemented method, comprising:
- receiving, by a computer system and from a client device, a domain name system record associated with an access of the client device to a network-based resource, the domain name system record retrieved from data storage of an Internet service provider facilitating the access to the network-based resource, the domain name system record comprising at least one of a domain name or a host name of the network-based resource;
accessing, by the computer system, a trusted domain name system record that comprises at least one of the domain name or the host name of the network-based resource, the trusted domain name system record accessed from a trusted computing resource other than the data storage of the Internet service provider;
determining, by the computer system, a mismatch between the received domain name system record and the trusted domain name system record based at least in part on a comparison of at least one of;
the domain name from the received domain name system record and the domain name from the trusted domain name system record, or the host name from the received domain name system record and the host name from the trusted domain name system record;
detecting, by the computer system, that the access of the client device to the network-based resource comprises an unauthorized redirection based at least in part on an untrusted server associated with domain name system records stored at the data storage of the Internet service provider; and
initiating a corrective action based at least in part on the unauthorized redirection, the corrective action comprising;
generating a flag indicative of the unauthorized redirection through a network of the Internet service provider;
determining that a number of unauthorized redirections through the network of the Internet service provider exceeds a threshold based at least in part on the flag; and
detecting that the domain name system records stored at the data storage of the Internet service provider have been altered based at least in part on the number of unauthorized redirections exceeding the threshold.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for analyzing access to a network-based resource may be provided. For example, a client record associated with the access to the network-based resource over a network may be compared to a provider record. The client record may indicate an address of the network based resource and can be received from a computing resource. The provider record can also indicate the address and can be received from a trusted computing resource. Based on the comparison, an issue associated with the access to the network-based resource over the network may be detected.
-
Citations
20 Claims
-
1. A computer-implemented method, comprising:
-
receiving, by a computer system and from a client device, a domain name system record associated with an access of the client device to a network-based resource, the domain name system record retrieved from data storage of an Internet service provider facilitating the access to the network-based resource, the domain name system record comprising at least one of a domain name or a host name of the network-based resource; accessing, by the computer system, a trusted domain name system record that comprises at least one of the domain name or the host name of the network-based resource, the trusted domain name system record accessed from a trusted computing resource other than the data storage of the Internet service provider; determining, by the computer system, a mismatch between the received domain name system record and the trusted domain name system record based at least in part on a comparison of at least one of;
the domain name from the received domain name system record and the domain name from the trusted domain name system record, or the host name from the received domain name system record and the host name from the trusted domain name system record;detecting, by the computer system, that the access of the client device to the network-based resource comprises an unauthorized redirection based at least in part on an untrusted server associated with domain name system records stored at the data storage of the Internet service provider; and initiating a corrective action based at least in part on the unauthorized redirection, the corrective action comprising; generating a flag indicative of the unauthorized redirection through a network of the Internet service provider; determining that a number of unauthorized redirections through the network of the Internet service provider exceeds a threshold based at least in part on the flag; and detecting that the domain name system records stored at the data storage of the Internet service provider have been altered based at least in part on the number of unauthorized redirections exceeding the threshold. - View Dependent Claims (2, 3, 20)
-
-
4. One or more non-transitory computer-readable storage media storing computer-executable instructions that, when executed by one or more computing systems, configure the one or more computing systems to perform operations comprising:
-
accessing a client domain name system record associated with an access of a client device to a network-based resource, the client domain name system record retrieved from a computing resource of an Internet service provider facilitating the access to the network-based resource, the client domain name system record comprising at least one of a domain name or a host name of the network-based resource; accessing a trusted domain name system record that comprises at least one of the domain name or the host name of the network-based resource, the trusted domain name system record from a trusted computing resource; determining a mismatch between the client domain name system record and the trusted domain name system record based at least in part on a comparison of at least one of;
the domain name from the received domain name system record and the domain name from the trusted domain name system record, or the host name from the received domain name system record and the host name from the trusted domain name system record;detecting, based at least in part on the mismatch, that the access of the client device to the network-based resource comprises an unauthorized redirection; determining a number of unauthorized redirections of accesses of client devices to the network-based resource, the accesses based at least in part on domain name system records stored at the computing resource of the Internet service provider; and detecting that the domain name system records have been altered based at least in part on the number of unauthorized redirections exceeding a threshold. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system, comprising:
-
a memory configured to store computer-executable instructions; and a processor configured to access the memory and execute the computer-executable instructions to collectively at least; receive a client domain name system record associated with an access of a client device to a network-based resource of a provider, the client domain name system record provided from a computing resource of an Internet service provider to the client device and comprising at least one of a domain name or a host name of the network-based resource, the computing resource facilitating the access to the network-based resource; identify a trusted domain name system record of the network-based resource, the trusted domain name system record provided by a trusted computing resource and comprising at least one of the domain name or the host name of the network-based resource; determine a mismatch between the client domain name system record and the trusted domain name system record based at least in part on a comparison of at least one of;
the domain name from the client domain name system record and the domain name from the trusted domain name system record, or the host name from the client domain name system record and the host name from the trusted domain name system record; anddetect, based at least in part on the mismatch, that the access of the client device to the network-based resource comprises an unauthorized redirection; determine a number of unauthorized redirections of accesses of client devices to the network-based resource, the accesses based at least in part on domain name system records stored at the computing resource of the Internet service provider; and detect that the domain name system records have been altered based at least in part on the number of unauthorized redirections exceeding a threshold. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
Specification