Method and system for detecting DGA-based malware


Ontology type: sgo:Patent     


Patent Info

DATE

N/A

AUTHORS

Manos Antonakakis , Roberto PERDISCI , Wenke Lee , NIKOLAOS VASILOGLOU, II

ABSTRACT

System and method for detecting a domain generation algorithm (DGA), comprising: performing processing associated with clustering, utilizing a name-based features clustering module accessing information from an electronic database of NX domain information, the randomly generated domain names based on the similarity in the make-up of the randomly generated domain names; performing processing associated with clustering, utilizing a graph clustering module, the randomly generated domain names based on the groups of assets that queried the randomly generated domain names; performing processing associated with determining, utilizing a daily clustering correlation module and a temporal clustering correlation module, which clustered randomly generated domain names are highly correlated in daily use and in time; and performing processing associated with determining the DGA that generated the clustered randomly generated domain names. More... »

Related SciGraph Publications

  • 1996-08. Bagging predictors in MACHINE LEARNING
  • JSON-LD is the canonical representation for SciGraph data.

    TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

    [
      {
        "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
        "about": [
          {
            "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/2790", 
            "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
            "type": "DefinedTerm"
          }
        ], 
        "author": [
          {
            "name": "Manos Antonakakis", 
            "type": "Person"
          }, 
          {
            "name": "Roberto PERDISCI", 
            "type": "Person"
          }, 
          {
            "name": "Wenke Lee", 
            "type": "Person"
          }, 
          {
            "name": "NIKOLAOS VASILOGLOU, II", 
            "type": "Person"
          }
        ], 
        "citation": [
          {
            "id": "sg:pub.10.1007/bf00058655", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1002929950", 
              "https://doi.org/10.1007/bf00058655"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/bf00058655", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1002929950", 
              "https://doi.org/10.1007/bf00058655"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.1016/s0031-3203(02)00169-3", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1014676096"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.1145/1879141.1879148", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1018804401"
            ], 
            "type": "CreativeWork"
          }
        ], 
        "description": "

    System and method for detecting a domain generation algorithm (DGA), comprising: performing processing associated with clustering, utilizing a name-based features clustering module accessing information from an electronic database of NX domain information, the randomly generated domain names based on the similarity in the make-up of the randomly generated domain names; performing processing associated with clustering, utilizing a graph clustering module, the randomly generated domain names based on the groups of assets that queried the randomly generated domain names; performing processing associated with determining, utilizing a daily clustering correlation module and a temporal clustering correlation module, which clustered randomly generated domain names are highly correlated in daily use and in time; and performing processing associated with determining the DGA that generated the clustered randomly generated domain names.

    ", "id": "sg:patent.US-9922190-B2", "keywords": [ "method", "generation", "processing", "Cluster Analysis", "accessing information", "electronic database", "domain", "similarity", "make-up", "module", "asset", "correlation" ], "name": "Method and system for detecting DGA-based malware", "sameAs": [ "https://app.dimensions.ai/details/patent/US-9922190-B2" ], "sdDataset": "patents", "sdDatePublished": "2019-03-07T15:31", "sdLicense": "https://scigraph.springernature.com/explorer/license/", "sdPublisher": { "name": "Springer Nature - SN SciGraph project", "type": "Organization" }, "sdSource": "s3://com.uberresearch.data.dev.patents-pipeline/full_run_10/sn-export/5eb3e5a348d7f117b22cc85fb0b02730/0000100128-0000348334/json_export_0db08f31.jsonl", "type": "Patent" } ]
     

    Download the RDF metadata as:  json-ld nt turtle xml License info

    HOW TO GET THIS DATA PROGRAMMATICALLY:

    JSON-LD is a popular format for linked data which is fully compatible with JSON.

    curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/patent.US-9922190-B2'

    N-Triples is a line-based linked data format ideal for batch operations.

    curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/patent.US-9922190-B2'

    Turtle is a human-readable linked data format.

    curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/patent.US-9922190-B2'

    RDF/XML is a standard XML format for linked data.

    curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/patent.US-9922190-B2'


     

    This table displays all metadata directly associated to this object as RDF triples.

    53 TRIPLES      13 PREDICATES      27 URIs      19 LITERALS      2 BLANK NODES

    Subject Predicate Object
    1 sg:patent.US-9922190-B2 schema:about anzsrc-for:2790
    2 schema:author N0d2bc770b3b94af0801fc5d5740152da
    3 schema:citation sg:pub.10.1007/bf00058655
    4 https://doi.org/10.1016/s0031-3203(02)00169-3
    5 https://doi.org/10.1145/1879141.1879148
    6 schema:description <p id="p-0001" num="0000">System and method for detecting a domain generation algorithm (DGA), comprising: performing processing associated with clustering, utilizing a name-based features clustering module accessing information from an electronic database of NX domain information, the randomly generated domain names based on the similarity in the make-up of the randomly generated domain names; performing processing associated with clustering, utilizing a graph clustering module, the randomly generated domain names based on the groups of assets that queried the randomly generated domain names; performing processing associated with determining, utilizing a daily clustering correlation module and a temporal clustering correlation module, which clustered randomly generated domain names are highly correlated in daily use and in time; and performing processing associated with determining the DGA that generated the clustered randomly generated domain names.</p>
    7 schema:keywords Cluster Analysis
    8 accessing information
    9 asset
    10 correlation
    11 domain
    12 electronic database
    13 generation
    14 make-up
    15 method
    16 module
    17 processing
    18 similarity
    19 schema:name Method and system for detecting DGA-based malware
    20 schema:sameAs https://app.dimensions.ai/details/patent/US-9922190-B2
    21 schema:sdDatePublished 2019-03-07T15:31
    22 schema:sdLicense https://scigraph.springernature.com/explorer/license/
    23 schema:sdPublisher N1e05811926aa40fd8d0013efd6ae1bd5
    24 sgo:license sg:explorer/license/
    25 sgo:sdDataset patents
    26 rdf:type sgo:Patent
    27 N0d2bc770b3b94af0801fc5d5740152da rdf:first N303b9e11165645ebac016b705e4fb8a6
    28 rdf:rest Nde827e71da49419d9678975984987b4e
    29 N11a2dba5b0e44d0583e25154cfa0ef66 rdf:first Na2b39e78465c4910ae31b2f973a84282
    30 rdf:rest rdf:nil
    31 N1e05811926aa40fd8d0013efd6ae1bd5 schema:name Springer Nature - SN SciGraph project
    32 rdf:type schema:Organization
    33 N303b9e11165645ebac016b705e4fb8a6 schema:name Manos Antonakakis
    34 rdf:type schema:Person
    35 N84189f75671a44ab9b405252390ec7f6 schema:name Wenke Lee
    36 rdf:type schema:Person
    37 N887b5870463b429a815c85be289edfdd rdf:first N84189f75671a44ab9b405252390ec7f6
    38 rdf:rest N11a2dba5b0e44d0583e25154cfa0ef66
    39 N8abbe76e00364cd0aeff5e9e6c26973d schema:name Roberto PERDISCI
    40 rdf:type schema:Person
    41 Na2b39e78465c4910ae31b2f973a84282 schema:name NIKOLAOS VASILOGLOU, II
    42 rdf:type schema:Person
    43 Nde827e71da49419d9678975984987b4e rdf:first N8abbe76e00364cd0aeff5e9e6c26973d
    44 rdf:rest N887b5870463b429a815c85be289edfdd
    45 anzsrc-for:2790 schema:inDefinedTermSet anzsrc-for:
    46 rdf:type schema:DefinedTerm
    47 sg:pub.10.1007/bf00058655 schema:sameAs https://app.dimensions.ai/details/publication/pub.1002929950
    48 https://doi.org/10.1007/bf00058655
    49 rdf:type schema:CreativeWork
    50 https://doi.org/10.1016/s0031-3203(02)00169-3 schema:sameAs https://app.dimensions.ai/details/publication/pub.1014676096
    51 rdf:type schema:CreativeWork
    52 https://doi.org/10.1145/1879141.1879148 schema:sameAs https://app.dimensions.ai/details/publication/pub.1018804401
    53 rdf:type schema:CreativeWork
     




    Preview window. Press ESC to close (or click here)


    ...