利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

2 条记录 (耗时 0.007 秒)

    APPARATUS AND METHOD FOR IDENTIFYING DOMAIN NAME SYSTEM TUNNELING, EXFILTRATION AND INFILTRATION
    2.
    发明公开
    APPARATUS AND METHOD FOR IDENTIFYING DOMAIN NAME SYSTEM TUNNELING, EXFILTRATION AND INFILTRATION 审中-公开
    用于识别域名系统隧道,出口和入侵的装置和方法

    公开(公告)号:EP3204857A1

    公开(公告)日:2017-08-16

    申请号:EP15849113.4

    申请日:2015-10-05

    申请人: Cloudmark, Inc.

    发明人: COOK, Neil LEMARIE, Olivier STEMM, Mark Richard

    IPC分类号: G06F11/00

    CPC分类号: H04L43/08 H04L47/2425 H04L61/1511 H04L63/0272 H04L63/1416 H04L63/1466

    摘要: A machine includes a processor and a memory connected to the processor. The memory stores instructions executed by the processor to preserve a second level domain, track requests for subdomains of the second level domain, determine the size of encoded subdomain data and determine the size of response data for subdomain requests. When the ratio of the number of unique subdomains versus the number of subdomain requests is over a first threshold a first satisfied condition is established. It is determined, in response to the first satisfied condition, when the size of the subdomain data exceeds a second threshold and the size of response data exceeds a third threshold to establish a second satisfied condition corresponding to deemed domain name system tunnel activity. It is determined, in response to the first satisfied condition, when the size of the subdomain data exceeds the second threshold to establish a third satisfied condition corresponding to deemed domain name system data exfiltration activity.

    摘要翻译: 机器包括处理器和连接到处理器的存储器。 存储器存储由处理器执行的指令,以保留第二级域,跟踪对第二级域的子域的请求,确定编码子域数据的大小并确定子域请求的响应数据的大小。 当唯一子域的数量与子域请求的数量的比率超过第一阈值时,建立第一满足条件。 响应于第一满足条件,确定子域数据的大小何时超过第二阈值并且响应数据的大小超过第三阈值以建立对应于所认定的域名系统隧道活动的第二满足条件。 响应于第一满足条件,确定子域数据的大小何时超过第二阈值以建立对应于认定的域名系统数据泄漏活动的第三满足条件。