Method and system for detecting malicious domain names at an upper DNS hierarchy
First Claim
Patent Images
1. A method for detecting a malicious domain name, comprising:
- collecting statistical information about a domain name from at least one non-recursive domain name system name server (RDNS NS), wherein the domain name statistical information comprises at least one of requester diversity information and requester profile information;
wherein the requester diversity information identifies each RDNS NS that queries the domain name as either localized or globally distributed, and wherein the requester profile information identifies each RDNS NS as being associated with one of internet service provider networks and enterprise networks; and
utilizing the collected domain name statistical information to determine the reputation of a domain name and whether a domain name is malicious or benign.
12 Assignments
0 Petitions
Accused Products
Abstract
A method and system for detecting a malicious domain name, comprising: collecting domain name statistical information from a non-recursive domain name system name server (RDNS NS); and utilizing the collected domain name statistical information to determine if a domain name is malicious or benign.
-
Citations
22 Claims
-
1. A method for detecting a malicious domain name, comprising:
-
collecting statistical information about a domain name from at least one non-recursive domain name system name server (RDNS NS), wherein the domain name statistical information comprises at least one of requester diversity information and requester profile information; wherein the requester diversity information identifies each RDNS NS that queries the domain name as either localized or globally distributed, and wherein the requester profile information identifies each RDNS NS as being associated with one of internet service provider networks and enterprise networks; and utilizing the collected domain name statistical information to determine the reputation of a domain name and whether a domain name is malicious or benign. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for detecting a malicious domain name, comprising:
-
a processor configured for; collecting statistical information about a domain name from at least one non-recursive domain name system name server (RDNS NS), wherein the domain name statistical information comprises at least one of requester diversity information and requester profile information; wherein the requester diversity information identifies each RDNS NS that queries the domain name as either localized or globally distributed, and wherein the requester profile information identifies each RDNS NS as being associated with one of internet service provider networks and enterprise networks; and utilizing the collected domain name statistical information to determine the reputation of a domain name and whether a domain name is malicious or benign. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification