Invention Grant
- Patent Title: Identifying and using DNS contextual flows
-
Application No.: US17715284Application Date: 2022-04-07
-
Publication No.: US11611579B2Publication Date: 2023-03-21
- Inventor: David Mcgrew , Blake Harrell Anderson , Daniel G. Wing , Flemming Andreasen
- Applicant: Cisco Technology, Inc.
- Applicant Address: US CA San Jose
- Assignee: Cisco Technology, Inc.
- Current Assignee: Cisco Technology, Inc.
- Current Assignee Address: US CA San Jose
- Agency: Behmke Innovation Group LLC
- Agent James M. Behmke; Jonathon P. Western
- Main IPC: H04L9/40
- IPC: H04L9/40 ; H04L61/4511
Abstract:
In one embodiment, a device in a network captures domain name system (DNS) response data from a DNS response sent by a DNS service to a client in the network. The device captures session data for an encrypted session of the client. The device makes a determination that the encrypted session is malicious by using the captured DNS response data and the captured session data as input to a machine learning-based or rule-based classifier. The device performs a mediation action in response to the determination that the encrypted session is malicious.
Public/Granted literature
- US20220232034A1 IDENTIFYING AND USING DNS CONTEXTUAL FLOWS Public/Granted day:2022-07-21
Information query
