Identifying and predicting spammer domains through DNS reputation system lookups and DNS query volumes

Identifying and predicting spammer domains through DNS reputation system lookups and DNS query volumes

The methodology for detecting spammer domains includes storing a plurality of DNS requests, wherein each DNS request comprises a combination of a higher level domain name and a lower level domain name, and wherein the higher level domain name corresponds to a blacklist server and the lower level dom...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Reuille, Thibault Gilbert, Scarfo, Andrea Michelle, Rodriguez, David Brandon, Dohrmann, Jakob Josa Matthias
Format: Patent
Sprache:eng
Schlagworte:
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The methodology for detecting spammer domains includes storing a plurality of DNS requests, wherein each DNS request comprises a combination of a higher level domain name and a lower level domain name, and wherein the higher level domain name corresponds to a blacklist server and the lower level domain name is a domain name that is to be used as a query directed towards the blacklist server, filtering the DNS requests to obtain a plurality of lower level domains, calculating a popularity score for each unique lower level domain name of the plurality of lower level domain names, determining whether a given unique lower level domain name is suspicious based on the popularity score, and when the given unique lower level domain name is determined to be suspicious based on the popularity score, adding the given unique lower level domain name to a blocklist.