Network Protection Service

US 20130014253A1
Filed: 07/06/2011
Published: 01/10/2013
Est. Priority Date: 07/06/2011
Status: Active Grant

First Claim

Patent Images

1. A network protection method, the method comprising:

receiving a Domain Name System (DNS) request in a system including a DNS resolver;

logging the DNS request;

classifying the DNS request based on an analysis of a DNS name associated with the DNS request;

taking a security action based on the classification; and

analyzing network traffic and content.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network protection method is provided. The network protection method may include receiving a Domain Name System (DNS) request, logging the DNS request, classifying the DNS request based on an analysis of a DNS name associated with the DNS request, taking a security action based on the classification, analyzing network traffic after taking the security action, and providing substantially real-time feedback associated with the network traffic to improve future DNS request classifications. The method may further include receiving a DNS response and logging the DNS response. The analysis of the DNS name may include receiving DNS data related to the DNS name from a plurality of sources, receiving reputation data related to the plurality of sources, scoring each of the plurality of sources based on the reputation data, and aggregating the DNS data related to the DNS name based on the scoring.

133 Citations

21 Claims

1. A network protection method, the method comprising:
- receiving a Domain Name System (DNS) request in a system including a DNS resolver;
  
  logging the DNS request;
  
  classifying the DNS request based on an analysis of a DNS name associated with the DNS request;
  
  taking a security action based on the classification; and
  
  analyzing network traffic and content.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 20, 21)
- - 2. The method of claim 1, further comprising:
    - providing a feedback loop based on the analysis of the network traffic to improve future DNS request classifications.
  - 3. The method of claim 1, further comprising:
    - receiving the DNS response; and
      
      logging the DNS response.
  - 4. The method of claim 1, wherein the analysis of the DNS name includes:
    - receiving DNS data related to the DNS name from a plurality of sources;
      
      receiving reputation data related to the plurality of sources;
      
      scoring each of the plurality of sources based on the reputation data; and
      
      aggregating the DNS data related to the DNS name based on the scoring.
  - 5. The method of claim 4, wherein the analysis is further based on associations of the DNS name.
  - 6. The method of claim 4, wherein the aggregation includes averaging results of the scoring.
  - 7. The method of claim 4, wherein the analysis is prioritized based on popularity of the DNS name.
  - 8. The method of claim 4, wherein the analyzing includes determining whether the DNS request includes data related to another network protocol.
  - 9. The method of claim 4, further comprising periodically updating the plurality of sources.
  - 10. The method of claim 4, wherein the DNS data includes one or more of the following:
    - a domain owner associated with the DNS name, whether or not the DNS name has been associated with a malicious activity, whether or not the DNS name has been set up for future malicious activities, and reputation of an Internet Protocol (IP) address associated with the DNS name, and the name, IP address, and the reputation of the authoritative server used to lookup the answer for the DNS name.
  - 11. The method of claim 4, wherein the plurality of sources includes the network providing the real-time feedback associated with the network traffic.
  - 12. The method of claim 1, wherein classifying includes attributing one or more categories to the DNS request.
  - 13. The method of claim 12, wherein at least one of the categories is indicative of a misconfigured network resource.
  - 14. The method of claim 12, wherein at least one of the categories is indicative of a botnet.
  - 15. The method of claim 12, wherein at least one of the categories is indicative of an illegal site.
  - 16. The method of claim 1, wherein taking the security action includes generating a list of domains having an impact on traffic associated with the network.
  - 17. The method of claim 1, wherein the security action includes one or more of the following:
    - blocking the DNS request, providing a DNS response, providing a mitigated DNS response, and monitoring network traffic after serving a DNS response.
  - 18. The method of claim 17, wherein the blocking occurs based on a classification of the DNS name associated with the DNS request as malicious or unwanted.
  - 20. The method of claim 1, wherein the analysis is further based on information received from an agent residing on an end-user machine.
  - 21. The method of claim 1, wherein the analysis further includes the active gathering of unrecognized domain names.

19. The method of clam 17, wherein we blocking the DNS request is based on results of a security action that monitors the entire traffic.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Akamai Technologies, Inc.
Original Assignee
Nominum Incorporated (Akamai Technologies, Inc.)
Inventors
Neou, Vivian, Wilbourn, Robert S., Wu, Handong, Liu, Eileen, Shannon, Colleen, Bretheim, Sam

Granted Patent

US 9,185,127 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

H04L 2463/144 Detection or countermeasure...

H04L 63/1441 Countermeasures against mal...

Network Protection Service

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

133 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Network Protection Service

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

133 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links