Graphic display of security threats based on indications of access to newly registered domains
First Claim
Patent Images
1. A method, comprising:
- retrieving data from one or more events in a data store having time stamps that fall within an identified time period, each of the one or more events including information relating to an access to a domain name;
displaying a visual representation of the retrieved data in a scatter plot for the identified time period that includes selectable points, each selectable point representing a domain name, each selectable point in the scatter plot is positioned to reflect (i) an age since a registration time with a registrar for the domain name represented by that selectable point, and (ii) an access count indicating how many times the domain name was accessed;
determining one or more domain names represented by a selectable point in the scatter plot that is a potential security threat based at least in part on both (i) a number of accesses to each of the domain names determined from the one or more events, and (ii) how recently each of the domain names was registered with a registrar;
wherein the method is performed by one or more computing devices.
1 Assignment
0 Petitions
Accused Products
Abstract
Domain names are determined for each computational event in a set, each event detailing requests or posts of webpages. A number of events or accesses associated with each domain name within a time period is determined. A registrar is further queried to determine when the domain name was registered. An object is generated that includes a representation of the access count and an age since registration for each domain names. A client can interact with the object to explore representations of domain names associated with high access counts and recent registrations. Upon determining that a given domain name is suspicious, a rule can be generated to block access to the domain name.
132 Citations
26 Claims
-
1. A method, comprising:
-
retrieving data from one or more events in a data store having time stamps that fall within an identified time period, each of the one or more events including information relating to an access to a domain name; displaying a visual representation of the retrieved data in a scatter plot for the identified time period that includes selectable points, each selectable point representing a domain name, each selectable point in the scatter plot is positioned to reflect (i) an age since a registration time with a registrar for the domain name represented by that selectable point, and (ii) an access count indicating how many times the domain name was accessed; determining one or more domain names represented by a selectable point in the scatter plot that is a potential security threat based at least in part on both (i) a number of accesses to each of the domain names determined from the one or more events, and (ii) how recently each of the domain names was registered with a registrar; wherein the method is performed by one or more computing devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. An apparatus, comprising:
-
a subsystem, implemented at least partially in hardware, that retrieves data from one or more events in a data store having time stamps that fall within an identified time period, each of the one or more events including information relating to an access to a domain name; a subsystem, implemented at least partially in hardware, that displays a visual representation of the retrieved data in a scatter plot for the identified time period that includes selectable points, each selectable point representing a domain name, each selectable point in the scatter plot is positioned to reflect (i) an age since a registration time with a registrar for the domain name represented by that selectable point, and (ii) an access count indicating how many times the domain name was accessed; a subsystem, implemented at least partially in hardware, that determines one or more domain names represented by a selectable point in the scatter plot that is a potential security threat based at least in part on both (i) a number of accesses to each of the domain names determined from the one or more events, and (ii) how recently each of the domain names was registered with a registrar. - View Dependent Claims (21, 22, 23)
-
-
24. A non-transitory computer-readable medium storing one or more sequences of instructions, wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform:
-
retrieving data from one or more events in a data store having time stamps that fall within an identified time period, each of the one or more events including information relating to an access to a domain name; displaying a visual representation of the retrieved data in a scatter plot for the identified time period that includes selectable points, each selectable point representing a domain name, each selectable point in the scatter plot is positioned to reflect (i) an age since a registration time with a registrar for the domain name represented by that selectable point, and (ii) an access count indicating how many times the domain name was accessed; determining one or more domain names represented by a selectable point in the scatter plot that is a potential security threat based at least in part on both (i) a number of accesses to each of the domain names determined from the one or more events, and (ii) how recently each of the domain names was registered with a registrar. - View Dependent Claims (25, 26)
-
Specification