IN-LINE DETECTION OF ALGORITHMICALLY GENERATED DOMAINS

Detection of algorithmically generated domains is disclosed. A DNS query is received. Markov Chain analysis is performed on a domain included in the received query. A determination of whether the received query implicates an algorithmically generated domain is made based at least in part on a result of the Markov Chain analysis. 1. A system , comprising: receive a DNS query;', 'perform Markov Chain analysis on a domain included in the received query; and', 'determine whether the received query implicates an algorithmically generated domain based at least in part on a result of the Markov Chain analysis; and, 'a processor configured toa memory coupled to the processor and configured to provide the processor with instructions.2. The system of wherein determining whether the received query implicates an algorithmically generated domain includes evaluating historical resolution information.32. The system of wherein the historical resolution information comprises a count of resolutions.4. The system of wherein the historical resolution information comprises an interval between a first resolution and a last resolution.5. The system of wherein the Markov Chain model is trained at least in part using a set of known algorithmically generated domains.6. The system of wherein the Markov Chain model is trained at least in part using a set of known benign domains.7. The system of wherein the processor is further configured to determine whether the domain is associated with a family of algorithmically generated domains.8. The system of wherein determining whether the domain is associated with the family of algorithmically generated domains includes using a random forest trained using features extracted from algorithmically generated domain families.9. The system of wherein at least one feature comprises a domain suffix.10. The system of wherein at least one feature comprises a count of hyphens.11. The system of wherein at least one feature comprises a domain length.12. The system ...

AUTOMATED EXTRACTION AND CLASSIFICATION OF MALICIOUS INDICATORS

Techniques for generating actionable indicators of compromise (IOCs) are disclosed. A set of potential sources for IOCs are received. One or more candidate IOCs are extracted from at least one source included in the set of potential sources. An actionable IOC is automatically identified from the one or more candidate IOCs. The actionable IOC is provided to a security enforcement service. 1. A system , comprising: receive a set of potential sources for Indicators of Compromise (IOCs);', 'extract one or more candidate IOCs from at least one source included in the set of potential sources;', 'automatically identify an actionable IOC from the one or more candidate IOCs; and', 'provide the actionable IOC to a security enforcement service; and, 'a processor configured toa memory coupled to the processor and configured to provide the processor with instructions.2. The system of wherein the processor is further configured to identify a new potential source to add to the set of potential sources.3. The system of wherein extracting the one or more candidate IOCs includes is determining whether a URL was defanged.4. The system of wherein providing the actionable IOC includes reverse defanging the URL.5. The system of wherein extracting the one or more candidate IOCs includes performing optical character recognition on an image.6. The system of wherein the processor is configured to periodically crawl the set of potential sources.7. The system of wherein automatically identifying the actionable IOC includes analyzing the one or more candidate IOCs using a rule-based classification.8. The system of wherein automatically identifying the actionable IOC includes analyzing the one or more candidate IOCs using a machine learning-based classification.9. The system of wherein automatically identifying the actionable IOC includes excluding as a candidate IOC a whitelisted domain.10. The system of wherein the domain is whitelisted based at least in part on a popularity metric.11. The ...

REAL-TIME DETECTION OF DNS TUNNELING TRAFFIC

Detection of DNS tunneling traffic is disclosed. A DNS query comprising a subdomain portion and a root domain portion is received from a client device. A determination is made that the root domain portion received in the DNS query is associated with a malicious DNS tunneling root domain. A remedial action is taken in response to the determining. 1. A system , comprising: receive a DNS query comprising a subdomain portion and a root domain portion from a client device;', 'determine that the root domain portion received in the DNS query is associated with a malicious DNS tunneling root domain; and', 'take a remedial action in response to the determining; and, 'a processor configured toa memory coupled to the processor and configured to provide the processor with instructions.2. The system of wherein taking the remedial action includes preventing the client device from communicating with a malicious DNS server.3. The system of wherein claim 1 , in response to receiving the DNS query claim 1 , a feature vector associated with the root domain portion is updated.4. The system of wherein the feature vector maintains information for a sliding time window of DNS query information.5. The system of wherein a feature included in the feature vector represents a number of distinct fully qualified domain names associated with the root domain portion.6. The system of wherein a feature included in the feature vector represents an average DNS query count for each fully qualified domain name associated with the root domain portion.7. The system of wherein a feature included in the feature vector represents a Jeffrey distribution of DNS query counts for all fully qualified domain names associated with the root domain portion.8. The system of wherein a feature included in the feature vector represents an average length of fully qualified domain names associated with the root domain portion.9. The system of wherein a feature included in the feature vector represents a ratio of record ...

Inline package name based supply chain attack detection and prevention

Inline package name based supply chain attack detection and prevention is disclosed. An indication that a client device has made a request to a remote server for a package is received. A data appliance then performs an action responsive to the received indication. In an example implementation, the data appliance makes a determination of whether the request for the package is associated with a nonexisting package.

Automated extraction and classification of malicious indicators

Techniques for generating actionable indicators of compromise (IOCs) are disclosed. A set of potential sources for IOCs are received. One or more candidate IOCs are extracted from at least one source included in the set of potential sources. An actionable IOC is automatically identified from the one or more candidate IOCs. The actionable IOC is provided to a security enforcement service.

Automated extraction and classification of malicious indicators

Techniques for generating actionable indicators of compromise (IOCs) are disclosed. A set of potential sources for IOCs are received. One or more candidate IOCs are extracted from at least one source included in the set of potential sources. An actionable IOC is automatically identified from the one or more candidate IOCs. The actionable IOC is provided to a security enforcement service.

Inline package name based supply chain attack detection and prevention

Inline package name based supply chain attack detection and prevention is disclosed. An indication that a client device has made a request to a remote server for a package is received. A data appliance then performs an action responsive to the received indication. In an example implementation, the data appliance makes a determination of whether the request for the package is associated with a nonexisting package.

Identify and block domains used for nxns-based ddos attack

Techniques for identifying and blocking domains used for NXNS-based distributed denial of service (DDos) attacks are disclosed. An analysis of DNS data is performed to identify a candidate attack domain associated with an NXNS attack. The candidate attack domain is confirmed as a confirmed attack domain based at least in part on a validation.

In-line detection of algorithmically generated domains

Detection of algorithmically generated domains is disclosed. A DNS query is received. Markov Chain analysis is performed on a domain included in the received query. A determination of whether the received query implicates an algorithmically generated domain is made based at least in part on a result of the Markov Chain analysis.

Domain squatting detection

Detection of squatting domains is disclosed. A set of new fully qualified domain names (FQDNs) is received. The set of new FQDNs is analyzed to detect domain squatting by identifying a subset of the new FQDNs as candidate squatting domains. The candidate squatting domains are distributed to a security device/service.

Vulcanizing equipment

The present invention relates to the technical field of vulcanizing equipment, and in particular, to vulcanizing equipment, comprising: a vulcanizing mold in which a vulcanizing cavity is formed; a vulcanizing bladder suitable for being placed in the vulcanizing cavity; and a supporting assembly comprising a center rod and a clamping device arranged on the center rod, the clamping device being suitable for installing the curing bladder in the cavity in a sealed manner. The vulcanizing equipment further comprises: a heating assembly and a gas circulation assembly that are arranged in the curing bladder in a stacked manner in the axial direction of the center rod, the gas circulation assembly being suitable for circulating a heated heating medium in the curing bladder; and a driving assembly comprising a rotating shaft sleeve that is arranged on the outer side of the center rod in a clearance-fit manner and connected to the gas circulation assembly. The present invention provides vulcanizing equipment, which overcomes the defects in the prior art that the occupancy of too much space due to horizontal arrangement of curing bladder in equipment limits the processing specification of tires to be vulcanized, and is unfavorable to gas circulation in the curing bladder.

Strategically aged domain detection

Detection of strategically aged domains is detected. A list of aged dormant domains is determined, including by evaluating passive Domain Name System (DNS) information. The list of aged dormant domains is monitored for a change by an aged dormant domain from a dormant domain status to an active status. In response to determining the change to active status of the aged dormant domain, an action is taken with respect to the aged dormant domain.

Automated extraction and classification of malicious indicators

Techniques for generating actionable indicators of compromise (IOCs) are disclosed. A set of potential sources for IOCs are received. One or more candidate IOCs are extracted from at least one source included in the set of potential sources. An actionable IOC is automatically identified from the one or more candidate IOCs. The actionable IOC is provided to a security enforcement service.

Predictive dns cache to improve security and performance

The present application discloses a method, system, and computer system for predicting responses to DNS queries. The method includes receiving a DNS query comprising a subdomain portion and a root domain portion from a client device, determining whether to obtain target address information corresponding to the DNS from a predictive cache, in response to determining to obtain the target address information from the predictive cache, obtaining the target address information from the predictive cache, and providing the target address information to the client device.

Strategically aged domain detection

Detection of strategically aged domains is detected. A list of aged dormant domains is determined, including by evaluating passive Domain Name System (DNS) information. The list of aged dormant domains is monitored for a change by an aged dormant domain from a dormant domain status to an active status. In response to determining the change to active status of the aged dormant domain, an action is taken with respect to the aged dormant domain.

Inline package name based supply chain attack detection and prevention

Inline package name based supply chain attack detection and prevention is disclosed. An indication that a client device has made a request to a remote server for a package is received. A data appliance then performs an action responsive to the received indication. In an example implementation, the data appliance makes a determination of whether the request for the package is associated with a nonexisting package.

Detecting shadowed domains

A method and system for detecting shadowed domains is provided. New hostnames are collected for a predetermined period of time. Candidate shadowed domains are selected from the new hostnames. Classification of the candidate shadowed domains is performed based on a plurality of features relating to the candidate shadowed domains to output a set of identified shadowed domains. An action is performed based on the set of identified shadowed domains.

Equipos de vulcanizacion.

La presente invención se refiere al campo técnico de los equipos de vulcanización, y en particular, a los equipos de vulcanización, que comprende: un molde de vulcanización en el que se forma una cavidad de vulcanización; una cámara de aire de vulcanización adecuado para ser colocado en la cavidad de vulcanización; y un ensamble de soporte que comprende una varilla central y un dispositivo de sujeción dispuesto en la varilla central, el dispositivo de sujeción es adecuado para instalar la cámara de aire de curado en la cavidad de manera sellada. El equipo de vulcanización además comprende: un ensamble de calentamiento y un ensamble de circulación de gas que se disponen en la cámara de aire de curado de manera apilada en la dirección axial de la varilla central, siendo el ensamble de circulación de gas adecuado para la circulación de un medio de calentamiento calentado en la cámara de aire de curado; y un ensamble de accionamiento que que comprende un manguito de eje giratorio dispuesto en el lado exterior de la varilla central de una manera de holgura y conectado al ensamble de circulación de gas. La presente invención proporciona equipos de vulcanización, lo que supera los defectos en el arte previo de que la ocupación de demasiado espacio debido a la disposición horizontal de curado cámara de aire en equipos limita la especificación de procesamiento de los neumáticos a vulcanizar, y es desfavorable a la circulación de gas en la cámara de aire de curado.

Real-time detection of dns infiltration traffic

Real-time detection of DNS infiltration traffic is disclosed. A DNS response associated with a DNS query sent by a client device is received. An attempted DNS infiltration is detected based at least in part on an automated analysis of the DNS response. In response to the detection, a remedial action is performed.

Vulcanizing equipment

Predictive DNS cache to improve security and performance

The present application discloses a method, system, and computer system for predicting responses to DNS queries. The method includes receiving a DNS query comprising a subdomain portion and a root domain portion from a client device, determining whether to obtain target address information corresponding to the DNS from a predictive cache, in response to determining to obtain the target address information from the predictive cache, obtaining the target address information from the predictive cache, and providing the target address information to the client device.

Vulcanizing equipment

The present invention relates to the technical field of vulcanizing equipment, and in particular, to vulcanizing equipment, comprising: a vulcanizing mold in which a vulcanizing cavity is formed; a vulcanizing bladder suitable for being placed in the vulcanizing cavity; and a supporting assembly comprising a center rod and a clamping device arranged on the center rod, the clamping device being suitable for installing the curing bladder in the cavity in a sealed manner. The vulcanizing equipment further comprises: a heating assembly and a gas circulation assembly that are arranged in the curing bladder in a stacked manner in the axial direction of the center rod, the gas circulation assembly being suitable for circulating a heated heating medium in the curing bladder; and a driving assembly comprising a rotating shaft sleeve that is arranged on the outer side of the center rod in a clearance-fit manner and connected to the gas circulation assembly. The present invention provides vulcanizing equipment, which overcomes the defects in the prior art that the occupancy of too much space due to horizontal arrangement of curing bladder in equipment limits the processing specification of tires to be vulcanized, and is unfavorable to gas circulation in the curing bladder.

Automated extraction and classification of malicious indicators

Domain squatting detection

Detection of squatting domains is disclosed. A set of new fully qualified domain names (FQDNs) is received. The set of new FQDNs is analyzed to detect domain squatting by identifying a subset of the new FQDNs as candidate squatting domains. The candidate squatting domains are distributed to a security device/service.

Predictive dns cache to improve security and performance

The present application discloses a method, system, and computer system for predicting responses to DNS queries. The method includes receiving a DNS query comprising a subdomain portion and a root domain portion from a client device, determining whether to obtain target address information corresponding to the DNS from a predictive cache, in response to determining to obtain the target address information from the predictive cache, obtaining the target address information from the predictive cache, and providing the target address information to the client device.

Inline package name based supply chain attack detection and prevention

Inline package name based supply chain attack detection and prevention is disclosed. An indication that a client device has made a request to a remote server for a package is received. A data appliance then performs an action responsive to the received indication. In an example implementation, the data appliance makes a determination of whether the request for the package is associated with a nonexisting package.

Inline identify and block dangling dns records

The present application discloses a method, system, and computer system for identifying dangling records. The method includes obtaining a set of domains, determining whether a record associated with a domain comprised in the set of domains is dangling, and in response to determining that the record associated with the domain is dangling, providing, to a registrant, a notification that the record is dangling.