Invention Grant
- Patent Title: Detecting DGA-based malicious software using network flow information
-
Application No.: US14448637Application Date: 2014-07-31
-
Publication No.: US09654484B2Publication Date: 2017-05-16
- Inventor: Martin Grill , Ivan Nikolaev
- Applicant: Cisco Technology, Inc.
- Applicant Address: US CA San Jose
- Assignee: Cisco Technology, Inc.
- Current Assignee: Cisco Technology, Inc.
- Current Assignee Address: US CA San Jose
- Agency: Hickman Palermo Becker Bingham LLP
- Agent Malgorzata A. Kulczycka
- Main IPC: H04L29/00
- IPC: H04L29/00 ; H04L29/06 ; H04L29/08 ; H04L29/12
Abstract:
Detecting DGA-based malware is disclosed. In an embodiment, a number of domain name server requests originating from a particular host among a plurality of hosts is determined. The number of domain name server requests are directed to one or more domain name servers. A number of internet protocol addresses contacted by the particular host is determined. Based on the number of domain name server requests and the number of internet protocol addresses contacted existence of malware on the particular host is determined.
Public/Granted literature
- US20160036836A1 Detecting DGA-Based Malicious Software Using Network Flow Information Public/Granted day:2016-02-04
Information query
