×

Graph-based techniques for detecting coordinated network attacks

  • US 9,942,252 B1
  • Filed: 12/21/2015
  • Issued: 04/10/2018
  • Est. Priority Date: 09/08/2015
  • Status: Active Grant
First Claim
Patent Images

1. A system, comprising:

  • a processor; and

    a memory coupled with the processor, wherein the memory is configured to provide the processor with instructions which when executed cause the processor to;

    process one or more proxy logs in order to generate a graph of domains, wherein those domain pairs in the graph that are connected have low support in that the number of times the domain pairs are visited is lower than a predetermined support threshold and high confidence in that users accessing the domain pairs are redirected to another domain a greater number of times than a predetermined confidence threshold;

    identify one or more domains within the graph that are highly connected to other domains in the graph in that the one or more domains have a degree of connectivity to said other domains higher than a connectivity threshold; and

    flag the identified domains as suspicious domains, wherein processing the proxy logs includes;

    deciding whether to normalize domain names;

    in the event it is decided to normalize domain names, normalizing domain names so that all domain names are at a same level;

    deciding whether to filter domain names using a whitelist;

    in the event it is decided to filter domain names, filtering out whitelisted domains using the whitelist;

    filtering out invalid domain names;

    performing user-specific sessionization using a specified time window to create a plurality of buckets;

    calculating a support value and a confidence value for each possible domain pair from the overall plurality of buckets in the full dataset; and

    creating an edge in the graph between those domain pairs that have a support value that is less than a support threshold and a confidence value that is greater than a confidence threshold.

View all claims
  • 10 Assignments
Timeline View
Assignment View
    ×
    ×