公开(公告)号：US20250106226A1

公开(公告)日：2025-03-27

申请号：US18753961

申请日：2024-06-25

Applicant: Infoblox Inc.

Inventor： Renée Carol Burton

IPC: H04L9/40 ,  G06F16/28 ,  G06F16/901

Abstract: Various techniques for detecting algorithmically generated domains in registered domain data are disclosed. In some embodiments, a system/process/computer program product for detecting algorithmically generated domains in registered domain data includes collecting registered domain names; generating a graph of the registered domain names and outlier substrings associated with each of the registered domain names; and generating a set of registered DGA domain clusters based on an automated analysis of the graph.

公开(公告)号：US20240380754A1

公开(公告)日：2024-11-14

申请号：US18784281

申请日：2024-07-25

Applicant: Infoblox Inc.

Inventor： Renée Carol Burton

IPC: H04L9/40 ,  H04L47/70 ,  H04L61/4511

Abstract: Techniques for smart whitelisting for Domain Name System (DNS) security are provided. In some embodiments, a system/process/computer program product for smart whitelisting for DNS security in accordance with some embodiments includes receiving a set of network related event data, wherein the set of network related event data includes Domain Name System (DNS) related event data; receiving a set of network related threat data, wherein the set of network related threat data includes DNS related threat data; and generating a whitelist using the set of network related event data and the set of network related threat data, wherein the whitelist includes a subset of network domains included in the DNS related event data based on a data driven model of the DNS related event data and the DNS related threat data.

公开(公告)号：US20240370511A1

公开(公告)日：2024-11-07

申请号：US18778607

申请日：2024-07-19

Applicant: Infoblox Inc.

Inventor： Laura Teixeira da Rocha ,  Renée Carol Burton

IPC: G06F16/9536 ,  G06F16/2457 ,  H04L61/4511

Abstract: Techniques for ranking services and top N rank lists are disclosed. In some embodiments, a system, process, and/or computer program product for ranking services and top N rank lists includes receiving a set of network related event data, wherein the set of network related event data includes Domain Name System (DNS) related event data; aggregating the DNS related event data over a period of time and rank order by popularity; and generating a top N rank list for ranking popularity over the period of time for a set of domains using the aggregated DNS related event data and rank order by popularity.

公开(公告)号：US20240163256A1

公开(公告)日：2024-05-16

申请号：US18410733

申请日：2024-01-11

Applicant: Infoblox Inc.

Inventor： Femi Olumofin

IPC: H04L9/40 ,  G06F40/30 ,  G06N3/04 ,  G06N3/08 ,  H04L61/4511

CPC classification number: H04L63/0263 ,  G06F40/30 ,  G06N3/04 ,  G06N3/08 ,  H04L61/4511 ,  H04L63/0236 ,  H04L2101/30

Abstract: Various techniques for detecting homographs of domain names are disclosed. In some embodiments, a system, process, and/or computer program product for detecting homographs of domain names includes receiving a DNS data stream, wherein the DNS data stream includes a DNS query and a DNS response for resolution of the DNS query; applying a homograph detector for each domain in the DNS data stream; and detecting a homograph of a domain name in the DNS data stream using the homograph detector.

公开(公告)号：US11916942B2

公开(公告)日：2024-02-27

申请号：US17366813

申请日：2021-07-02

Applicant: Infoblox Inc.

Inventor： Peter Boord

IPC: H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/1441 ,  H04L63/145

Abstract: Techniques for automated identification of false positives in DNS tunneling detectors are disclosed. In some embodiments, a system, process, and/or computer program product for automated identification of false positives in DNS tunneling detectors includes receiving a set of passive DNS data, wherein the set of passive DNS data includes a DNS query and a DNS response for resolution of the DNS query for each of a plurality of DNS queries; extracting a plurality of features associated with each domain in the set of passive DNS data; and classifying DNS tunneling activities and performing false positive reduction using the plurality of features associated with each domain in the set of passive DNS data to reduce false positive detections.

公开(公告)号：US20220182401A1

公开(公告)日：2022-06-09

申请号：US17366813

申请日：2021-07-02

Applicant: Infoblox Inc.

Inventor： Peter Boord

IPC: H04L29/06

Abstract: Techniques for automated identification of false positives in DNS tunneling detectors are disclosed. In some embodiments, a system, process, and/or computer program product for automated identification of false positives in DNS tunneling detectors includes receiving a set of passive DNS data, wherein the set of passive DNS data includes a DNS query and a DNS response for resolution of the DNS query for each of a plurality of DNS queries; extracting a plurality of features associated with each domain in the set of passive DNS data; and classifying DNS tunneling activities and performing false positive reduction using the plurality of features associated with each domain in the set of passive DNS data to reduce false positive detections.

公开(公告)号：US09973439B2

公开(公告)日：2018-05-15

申请号：US15140392

申请日：2016-04-27

Applicant: Infoblox Inc.

Inventor： Soheil Eizadi ,  Steven Whittle ,  Chuan Wang

IPC: H04L12/911 ,  G06F9/455 ,  H04L29/12 ,  H04L12/931 ,  H04L29/06 ,  G06F9/50

CPC classification number: H04L47/70 ,  G06F9/455 ,  G06F9/45558 ,  G06F9/5027 ,  G06F9/5072 ,  G06F2009/45562 ,  G06F2009/45579 ,  G06F2201/815 ,  H04L61/1511 ,  H04L63/00

Abstract: Processing infrastructure metadata information about a virtual resource of a virtual cloud is disclosed. Infrastructure metadata information is collected. The collected metadata information is about a virtual resource of a virtual cloud. A storage of infrastructure metadata information is updated. The updating of the storage of infrastructure metadata information is performed using the collected information.

公开(公告)号：US09424296B2

公开(公告)日：2016-08-23

申请号：US13929424

申请日：2013-06-27

Applicant: Infoblox Inc.

Inventor： Srinath Gutti ,  Stuart M. Bailey ,  Ivan W. Pulleyn

IPC: G06F17/30 ,  G06F7/00 ,  G06F17/00

CPC classification number: G06F17/30336 ,  G06F7/00 ,  G06F17/00 ,  G06F17/30457 ,  G06F17/30501

Abstract: Making data available from a database is disclosed. Making data available includes specifying a query function having a query function name, wherein the query function includes a structure and a member, determining the structure and the member included in the query function, wherein the query function has a query function name and includes the structure and the member, creating an index for the structure on the member, and compiling the query function to be available to a user by invoking the query function name without the user having to specify the structure and the member. Retrieving data from a database is disclosed. Retrieving includes invoking a query function that specifies a plurality of structures and a value, accessing a cross index of the plurality of structures, and using the cross index to access the data.

公开(公告)号：US09363282B1

公开(公告)日：2016-06-07

申请号：US14257902

申请日：2014-04-21

Applicant: Infoblox Inc.

Inventor： Bin Yu ,  Les Smith ,  Mark Threefoot

IPC: H04L29/06 ,  H04L29/12

CPC classification number: H04L63/0263 ,  H04L61/1511 ,  H04L63/0218 ,  H04L63/1425 ,  H04L63/1441 ,  H04L2463/144

Abstract: Flux domain is generally an active threat vector, and flux domain behaviors are continually changing in an attempt to evade existing detection measures. Accordingly, new and improved techniques are disclosed for flux domain detection. In some embodiments, an online platform implementing an analytics framework for DNS security is provided for facilitating flux domain detection. For example, the online platform can implement an analytics framework for DNS security based on passive DNS traffic analysis, disclosed herein with respect to various embodiments.

Abstract translation: 通量域通常是一个主动的威胁载体，通量域行为正在不断变化，试图逃避现有的检测措施。 因此，公开了用于磁通量域检测的新的和改进的技术。 在一些实施例中，提供了实现用于DNS安全性的分析框架的在线平台，用于促进通量域检测。 例如，在线平台可以实现基于被动DNS流量分析的DNS安全性分析框架，这里涉及各种实施例。

公开(公告)号：US09065857B2

公开(公告)日：2015-06-23

申请号：US14483499

申请日：2014-09-11

Applicant: Infoblox Inc.

Inventor： Frederic Andrew Voltmer ,  Thomas S. Clark ,  Barry Arlen Frew ,  Zhifeng Zhang ,  Sebastien Woirgard ,  Kugaprakash Visagamani ,  Wei Wang ,  Etienne M. Liu

IPC: G06F15/173 ,  H04L12/66 ,  H04L29/12

CPC classification number: H04L61/2007 ,  G06F15/173 ,  H04L12/66 ,  H04L41/042 ,  H04L41/22 ,  H04L61/2061

Abstract: Managing multiple IP address management systems is provided. In some embodiments, managing multiple IP address management systems includes providing an IP address management (IPAM) manager system for receiving a configuration command to manage a first IP address management system; receiving a configuration command to manage a second IP address management system; receiving a join request from the first IP address management system; and receiving a join request from the second IP address management system, in which the IP address management manager system is in communication with the first IP address management system and the second IP address management system for managing each of the first IP address management system and the second IP address management system.

Abstract translation: 提供管理多个IP地址管理系统。 在一些实施例中，管理多个IP地址管理系统包括提供用于接收管理第一IP地址管理系统的配置命令的IP地址管理（IPAM）管理器系统; 接收用于管理第二IP地址管理系统的配置命令; 从第一IP地址管理系统接收加入请求; 以及从第二IP地址管理系统接收加入请求，其中IP地址管理管理系统与第一IP地址管理系统通信，第二IP地址管理系统用于管理第一IP地址管理系统和 第二个IP地址管理系统。