Using aggregated DNS information originating from multiple sources to detect anomalous DNS name resolutions

A technology for detecting anomalies and name resolution, applied to electrical components, transmission systems, data exchange through path configuration, etc., can solve problems such as difficult addressing, inappropriate DNS attacks, and difficult detection of client DNS record control

Active Publication Date: 2012-11-07
CA TECH INC
View PDF3 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In many cases, it is difficult for client-based security software to detect that client DNS records have been manipulated
In practice, many DNS attacks are not local to the client, and thus cannot actually be addressed on that client alone
On the other hand, a lot of DNS attacks are local to individual clients and thus not easily addressable by network security solutions alone

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Using aggregated DNS information originating from multiple sources to detect anomalous DNS name resolutions
  • Using aggregated DNS information originating from multiple sources to detect anomalous DNS name resolutions
  • Using aggregated DNS information originating from multiple sources to detect anomalous DNS name resolutions

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0014] figure 1 The block diagram of , illustrates an exemplary network architecture 100 in which a DNS security system 101 can be implemented. The illustrated network architecture 100 includes multiple clients 103A, 103B, and 103N, and multiple servers 105A and 105N. exist figure 1 , DNS security system 101 is shown residing on server 105A and clients 103A, 103B, and 103N. It should be understood that this is only one example, and that in various embodiments the various functions of the system 101 can be instantiated on the client 103, the server 105, the network computing device 313, or can be distributed among as many clients 103 as desired and / or server 105.

[0015] as in figure 2 Computer system 210 shown in and described below may be used to implement client 103 and server 105 . The client 103 and the server 105 are communicatively connected to the network 107, for example through a combination of figure 2 A network interface 248 or modem 247 is depicted. Clien...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

A DNS security system collects and uses aggregated DNS information originating from a plurality of client computers to detect anomalous DNS name resolutions. A server DNS security component receives multiple transmissions of DNS information from a plurality of client computers, each transmission of DNS information concerning a specific instance of a resolution of a specific DNS name. The server component aggregates the DNS information from the multiple client computers. The server component compares DNS information received from a specific client computer concerning a specific DNS name to aggregated DNS information received from multiple client computers concerning the same DNS name to identify anomalous DNS name resolutions. Where an anomaly concerning received DNS information is identified, a warning can be transmitted to the specific client computer from which the anomalous DNS information was received.

Description

technical field [0001] The present disclosure relates generally to computer security, and more particularly to detecting anomalous DNS name resolution using aggregated DNS information from multiple sources. Background technique [0002] Malicious parties use many different types of Domain Name Service ("DNS") attacks to unwittingly direct users to malicious servers. Attacks such as DNS buffer poisoning, fast pass and double pass techniques, local master file modification, local WinSock / WinInet proxy configuration modification, and others are used to modify attempts to resolve legitimate hostnames in order to redirect resolutions to malicious servers. In many cases, it is difficult for client-based security software to detect that client DNS records have been manipulated. In fact, many DNS attacks are not local to the client and thus cannot actually be addressed on that client alone. On the other hand, many DNS attacks are local to individual clients and thus not easily add...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/28
CPCH04L29/12066H04L63/1425H04L61/1511H04L63/1441H04L61/4511
Inventor P·加德纳
Owner CA TECH INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap