公开(公告)号：EP2569711A1

公开(公告)日：2013-03-20

申请号：EP11781340.2

申请日：2011-05-13

申请人： VeriSign, Inc. ,  Georgia Tech Research Corporation

发明人： PANDRANGI, Ramakant ,  FEAMSTER, Nicholas G. ,  HAO, Shuang

IPC分类号： G06F15/173

CPC分类号： H04L63/1425 ,  H04L63/1416

摘要： Systems and methods are disclosed for identifying domains as malicious based on Internet-wide DNS lookup patterns. Disclosed embodiments look for variance in the servers that look up a domain and also look at the popularity growth (quantity of queries from unique addresses) of a domain after registration to identify malicious domains. Other disclosed embodiments measure the similarity of servers that query a domain and cluster domains based on the similarity of those servers. Disclosed embodiments may use such temporal and spatial lookup patterns as input to a blacklist process to more effectively and quickly blacklist domains based on their Internet-wide lookup patterns.