-
公开(公告)号:US20240179164A1
公开(公告)日:2024-05-30
申请号:US18072485
申请日:2022-11-30
发明人: Zhanhao Chen , Daiping Liu , Wanjin Li , Fan Fei
IPC分类号: H04L9/40
CPC分类号: H04L63/1425 , H04L63/1416 , H04L63/1483
摘要: Detection of strategically aged domains is detected. A list of aged dormant domains is determined, including by evaluating passive Domain Name System (DNS) information. The list of aged dormant domains is monitored for a change by an aged dormant domain from a dormant domain status to an active status. In response to determining the change to active status of the aged dormant domain, an action is taken with respect to the aged dormant domain.
-
公开(公告)号:US11973800B2
公开(公告)日:2024-04-30
申请号:US17408054
申请日:2021-08-20
发明人: Zhanhao Chen , Jun Wang , Daiping Liu
IPC分类号: H04L9/40 , H04L61/5046 , H04L61/5076
CPC分类号: H04L63/1483 , H04L61/5046 , H04L61/5076 , H04L63/0236 , H04L63/0263
摘要: Detection of squatting domains is disclosed. A set of new fully qualified domain names (FQDNs) is received. The set of new FQDNs is analyzed to detect domain squatting by identifying a subset of the new FQDNs as candidate squatting domains. The candidate squatting domains are distributed to a security device/service.
-
公开(公告)号:US12034745B2
公开(公告)日:2024-07-09
申请号:US18077516
申请日:2022-12-08
发明人: Zihang Xiao , Zhanhao Chen
IPC分类号: H04L9/40
CPC分类号: H04L63/1416 , H04L63/1441
摘要: Domain Name System (DNS) security using process information is provided. An application accessing an internet service using a domain name is determined. Process information associated with the application along with an associated DNS query to identify an IP address associated with the domain name are identified. The process information and the associated DNS query to a DNS security service are sent. An action based on a response from the DNS security service is performed.
-
公开(公告)号:US20230057438A1
公开(公告)日:2023-02-23
申请号:US17408054
申请日:2021-08-20
发明人: Zhanhao Chen , Jun Wang , Daiping Liu
摘要: Detection of squatting domains is disclosed. A set of new fully qualified domain names (FQDNs) is received. The set of new FQDNs is analyzed to detect domain squatting by identifying a subset of the new FQDNs as candidate squatting domains. The candidate squatting domains are distributed to a security device/service.
-
公开(公告)号:US20230069731A1
公开(公告)日:2023-03-02
申请号:US17462230
申请日:2021-08-31
发明人: Zhanhao Chen , Jun Wang , Wei Xu
IPC分类号: H04L29/06
摘要: Automatic generation of network signatures is disclosed. Network profiles for malware samples are generated. Network signature candidates are selected based on the network profiles. The network signature candidates are automatically evaluated to automatically generate a new set of network signatures. The new set of network signatures is distributed to a security device/service to enforce the new set of network signatures to detect malware.
-
公开(公告)号:US11444977B2
公开(公告)日:2022-09-13
申请号:US16659917
申请日:2019-10-22
发明人: Oleksii Starov , Zhanhao Chen , Yuchen Zhou , Fang Liu
IPC分类号: H04L9/40 , G06F16/23 , G06F16/958 , G06F16/951 , G06F21/56
摘要: Web sites are crawled using multiple browser profiles to avoid malicious cloaking. Based on web page content returned from HTTP requests using the multiple browser profiles, web sites returning substantively different content to HTTP requests for different browser profiles are identified. Web sites are further filtered by common cloaking behavior, and redirect scripts are extracted from web page content that performed cloaking. Signatures comprising tokenized versions of the redirect scripts are generated and compared to a database of known cloaking signatures. URLs corresponding to signatures having approximate matches with signatures in the database are flagged for recrawling. Recrawled URLs are verified for malicious cloaking again using HTTP requests from multiple browser profiles.
-
公开(公告)号:US11582247B1
公开(公告)日:2023-02-14
申请号:US17724130
申请日:2022-04-19
发明人: Zihang Xiao , Zhanhao Chen
IPC分类号: H04L9/40
摘要: Domain Name System (DNS) security using process information is provided. An application accessing an internet service using a domain name is determined. Process information associated with the application along with an associated DNS query to identify an IP address associated with the domain name are identified. The process information and the associated DNS query to a DNS security service are sent. An action based on a response from the DNS security service is performed.
-
公开(公告)号:US20220345487A1
公开(公告)日:2022-10-27
申请号:US17812137
申请日:2022-07-12
发明人: Oleksii Starov , Zhanhao Chen , Yuchen Zhou , Fang Liu
IPC分类号: H04L9/40 , G06F16/23 , G06F16/958 , G06F16/951 , G06F21/56
摘要: Web sites are crawled using multiple browser profiles to avoid malicious cloaking. Based on web page content returned from HTTP requests using the multiple browser profiles, web sites returning substantively different content to HTTP requests for different browser profiles are identified. Web sites are further filtered by common cloaking behavior, and redirect scripts are extracted from web page content that performed cloaking. Signatures comprising tokenized versions of the redirect scripts are generated and compared to a database of known cloaking signatures. URLs corresponding to signatures having approximate matches with signatures in the database are flagged for recrawling. Recrawled URLs are verified for malicious cloaking again using HTTP requests from multiple browser profiles.
-
公开(公告)号:US20210120034A1
公开(公告)日:2021-04-22
申请号:US16659917
申请日:2019-10-22
发明人: Oleksii Starov , Zhanhao Chen , Yuchen Zhou , Fang Liu
IPC分类号: H04L29/06 , G06F16/951 , G06F16/23 , G06F16/958 , G06F21/56
摘要: Web sites are crawled using multiple browser profiles to avoid malicious cloaking. Based on web page content returned from HTTP requests using the multiple browser profiles, web sites returning substantively different content to HTTP requests for different browser profiles are identified. Web sites are further filtered by common cloaking behavior, and redirect scripts are extracted from web page content that performed cloaking. Signatures comprising tokenized versions of the redirect scripts are generated and compared to a database of known cloaking signatures. URLs corresponding to signatures having approximate matches with signatures in the database are flagged for recrawling. Recrawled URLs are verified for malicious cloaking again using HTTP requests from multiple browser profiles.
-
公开(公告)号:US20240323206A1
公开(公告)日:2024-09-26
申请号:US18734883
申请日:2024-06-05
发明人: Zihang Xiao , Zhanhao Chen
IPC分类号: H04L9/40
CPC分类号: H04L63/1416 , H04L63/1441
摘要: Domain Name System (DNS) security using process information is provided. An application accessing an internet service using a domain name is determined. Process information associated with the application along with an associated DNS query to identify an IP address associated with the domain name are identified. The process information and the associated DNS query to a DNS security service are sent. An action based on a response from the DNS security service is performed.
-
-
-
-
-
-
-
-
-
搜索结果
14 条记录 (耗时 0.035 秒)
