Invention Grant
- Patent Title: Identifying and using DNS contextual flows
-
Application No.: US16669831Application Date: 2019-10-31
-
Publication No.: US11303664B2Publication Date: 2022-04-12
- Inventor: David McGrew , Blake Harrell Anderson , Daniel G. Wing , Flemming Andreasen
- Applicant: Cisco Technology, Inc.
- Applicant Address: US CA San Jose
- Assignee: Cisco Technology, Inc.
- Current Assignee: Cisco Technology, Inc.
- Current Assignee Address: US CA San Jose
- Agency: Behmke Innovation Group LLC
- Agent James M. Behmke; Jonathon P. Western
- Main IPC: H04L29/06
- IPC: H04L29/06 ; H04L29/12 ; H04L61/4511

Abstract:
In one embodiment, a device in a network captures domain name system (DNS) response data from a DNS response sent by a DNS service to a client in the network. The device captures session data for an encrypted session of the client. The device makes a determination that the encrypted session is malicious by using the captured DNS response data and the captured session data as input to a machine learning-based or rule-based classifier. The device performs a mediation action in response to the determination that the encrypted session is malicious.
Public/Granted literature
- US20200067972A1 IDENTIFYING AND USING DNS CONTEXTUAL FLOWS Public/Granted day:2020-02-27
Information query