DNS query analysis for detection of malicious software

DNS query analysis for detection of malicious software

A method and system are disclosed for detecting malicious software on host server computers or instances running on the host server computers. A pattern of behavior of how the malicious software makes Domain Name System (DNS) requests and/or responses can be used to detect the malicious software. Th...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
1. Verfasser: Williams Sean Reese
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title
container_volume
creator Williams Sean Reese
description A method and system are disclosed for detecting malicious software on host server computers or instances running on the host server computers. A pattern of behavior of how the malicious software makes Domain Name System (DNS) requests and/or responses can be used to detect the malicious software. The pattern of behavior can be based on actions that the tenants take in order to make the DNS requests, such as repeating the same requests at fixed time intervals, or requesting a plurality of DNS requests in batches, wherein at least a threshold percentage of which are not resolvable, or using statistically random domain names with the requests. The pattern of behavior can also be associated with responses to the DNS requests, such as when the response includes a text message, and the text message includes encrypted or statistically random data.
format Patent
fullrecord <record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_US9875355B1</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>US9875355B1</sourcerecordid><originalsourceid>FETCH-epo_espacenet_US9875355B13</originalsourceid><addsrcrecordid>eNrjZDBz8QtWKCxNLapUSMxLzKkszixWSMsvUkhJLUlNLsnMz1PIT1PITczJTM7MLy1WKM5PKylPLErlYWBNS8wpTuWF0twMCm6uIc4euqkF-fGpxQWJyal5qSXxocGWFuamxqamTobGRCgBAD9mLWw</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>DNS query analysis for detection of malicious software</title><source>esp@cenet</source><creator>Williams Sean Reese</creator><creatorcontrib>Williams Sean Reese</creatorcontrib><description>A method and system are disclosed for detecting malicious software on host server computers or instances running on the host server computers. A pattern of behavior of how the malicious software makes Domain Name System (DNS) requests and/or responses can be used to detect the malicious software. The pattern of behavior can be based on actions that the tenants take in order to make the DNS requests, such as repeating the same requests at fixed time intervals, or requesting a plurality of DNS requests in batches, wherein at least a threshold percentage of which are not resolvable, or using statistically random domain names with the requests. The pattern of behavior can also be associated with responses to the DNS requests, such as when the response includes a text message, and the text message includes encrypted or statistically random data.</description><language>eng</language><subject>CALCULATING ; COMPUTING ; COUNTING ; ELECTRIC COMMUNICATION TECHNIQUE ; ELECTRIC DIGITAL DATA PROCESSING ; ELECTRICITY ; PHYSICS ; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><creationdate>2018</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20180123&amp;DB=EPODOC&amp;CC=US&amp;NR=9875355B1$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,777,882,25545,76296</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20180123&amp;DB=EPODOC&amp;CC=US&amp;NR=9875355B1$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>Williams Sean Reese</creatorcontrib><title>DNS query analysis for detection of malicious software</title><description>A method and system are disclosed for detecting malicious software on host server computers or instances running on the host server computers. A pattern of behavior of how the malicious software makes Domain Name System (DNS) requests and/or responses can be used to detect the malicious software. The pattern of behavior can be based on actions that the tenants take in order to make the DNS requests, such as repeating the same requests at fixed time intervals, or requesting a plurality of DNS requests in batches, wherein at least a threshold percentage of which are not resolvable, or using statistically random domain names with the requests. The pattern of behavior can also be associated with responses to the DNS requests, such as when the response includes a text message, and the text message includes encrypted or statistically random data.</description><subject>CALCULATING</subject><subject>COMPUTING</subject><subject>COUNTING</subject><subject>ELECTRIC COMMUNICATION TECHNIQUE</subject><subject>ELECTRIC DIGITAL DATA PROCESSING</subject><subject>ELECTRICITY</subject><subject>PHYSICS</subject><subject>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2018</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNrjZDBz8QtWKCxNLapUSMxLzKkszixWSMsvUkhJLUlNLsnMz1PIT1PITczJTM7MLy1WKM5PKylPLErlYWBNS8wpTuWF0twMCm6uIc4euqkF-fGpxQWJyal5qSXxocGWFuamxqamTobGRCgBAD9mLWw</recordid><startdate>20180123</startdate><enddate>20180123</enddate><creator>Williams Sean Reese</creator><scope>EVB</scope></search><sort><creationdate>20180123</creationdate><title>DNS query analysis for detection of malicious software</title><author>Williams Sean Reese</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_US9875355B13</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>eng</language><creationdate>2018</creationdate><topic>CALCULATING</topic><topic>COMPUTING</topic><topic>COUNTING</topic><topic>ELECTRIC COMMUNICATION TECHNIQUE</topic><topic>ELECTRIC DIGITAL DATA PROCESSING</topic><topic>ELECTRICITY</topic><topic>PHYSICS</topic><topic>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</topic><toplevel>online_resources</toplevel><creatorcontrib>Williams Sean Reese</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Williams Sean Reese</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>DNS query analysis for detection of malicious software</title><date>2018-01-23</date><risdate>2018</risdate><abstract>A method and system are disclosed for detecting malicious software on host server computers or instances running on the host server computers. A pattern of behavior of how the malicious software makes Domain Name System (DNS) requests and/or responses can be used to detect the malicious software. The pattern of behavior can be based on actions that the tenants take in order to make the DNS requests, such as repeating the same requests at fixed time intervals, or requesting a plurality of DNS requests in batches, wherein at least a threshold percentage of which are not resolvable, or using statistically random domain names with the requests. The pattern of behavior can also be associated with responses to the DNS requests, such as when the response includes a text message, and the text message includes encrypted or statistically random data.</abstract><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier
ispartof
issn
language eng
recordid cdi_epo_espacenet_US9875355B1
source esp@cenet
subjects CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
title DNS query analysis for detection of malicious software
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-20T17%3A36%3A31IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=Williams%20Sean%20Reese&rft.date=2018-01-23&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3EUS9875355B1%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true