The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Apr. 25, 2017
Filed:
Mar. 31, 2015
Detection of suspicious domains through graph inference algorithm processing of host-domain contacts
Emc Ip Holding Company Llc, Hopkinton, MA (US);
Alina M. Oprea, Arlington, MA (US);
Zhou Li, Malden, MA (US);
Sang H. Chin, Cambridge, MA (US);
Ting-Fang Yen, Sunnyvale, CA (US);
EMC IP Holding Company LLC, Hopkinton, MA (US);
The Charles Stark Draper Laboratory, Inc., Cambridge, MA (US);
Abstract
A processing device comprises a processor coupled to a memory and is configured to obtain data relating to communications initiated by host devices of a computer network of an enterprise, and to process the data to identify external domains contacted by the host devices. A graph inference algorithm is applied to analyze contacts of the host devices with the external domains in order to characterize one or more of the external domains as suspicious domains. The host devices are configured to counteract malware infection from the suspicious domains. The graph inference algorithm in some embodiments comprises a belief propagation algorithm, which may be initiated with one or more seeds corresponding to respective known suspicious domains or to respective ones of the external domains determined to be associated with command and control behavior. The processing device may be implemented in the computer network or an associated network security system.