公开(公告)号：US09363282B1

公开(公告)日：2016-06-07

申请号：US14257902

申请日：2014-04-21

Applicant: Infoblox Inc.

Inventor： Bin Yu ,  Les Smith ,  Mark Threefoot

IPC: H04L29/06 ,  H04L29/12

CPC classification number: H04L63/0263 ,  H04L61/1511 ,  H04L63/0218 ,  H04L63/1425 ,  H04L63/1441 ,  H04L2463/144

Abstract: Flux domain is generally an active threat vector, and flux domain behaviors are continually changing in an attempt to evade existing detection measures. Accordingly, new and improved techniques are disclosed for flux domain detection. In some embodiments, an online platform implementing an analytics framework for DNS security is provided for facilitating flux domain detection. For example, the online platform can implement an analytics framework for DNS security based on passive DNS traffic analysis, disclosed herein with respect to various embodiments.

Abstract translation: 通量域通常是一个主动的威胁载体，通量域行为正在不断变化，试图逃避现有的检测措施。 因此，公开了用于磁通量域检测的新的和改进的技术。 在一些实施例中，提供了实现用于DNS安全性的分析框架的在线平台，用于促进通量域检测。 例如，在线平台可以实现基于被动DNS流量分析的DNS安全性分析框架，这里涉及各种实施例。

公开(公告)号：US20180091479A1

公开(公告)日：2018-03-29

申请号：US15696023

申请日：2017-09-05

Applicant: Infoblox Inc.

Inventor： Bin Yu ,  Les Smith ,  Mark Threefoot

IPC: H04L29/06 ,  H04L29/12

Abstract: Flux domain is generally an active threat vector, and flux domain behaviors are continually changing in an attempt to evade existing detection measures. Accordingly, new and improved techniques are disclosed for flux domain detection. In some embodiments, an online platform implementing an analytics framework for DNS security is provided for facilitating flux domain detection. For example, the online platform can implement an analytics framework for DNS security based on passive DNS traffic analysis, disclosed herein with respect to various embodiments.

公开(公告)号：US09794229B2

公开(公告)日：2017-10-17

申请号：US14870822

申请日：2015-09-30

Applicant: Infoblox Inc.

Inventor： Bin Yu ,  Les Smith ,  Mark Threefoot

IPC: H04L29/06

CPC classification number: H04L63/029 ,  H04L63/1425 ,  H04L63/1441

Abstract: New and improved techniques for a behavior analysis based DNS tunneling detection and classification framework for network security are disclosed. In some embodiments, a platform implementing an analytics framework for DNS security is provided for facilitating DNS tunneling detection. For example, an online platform can implement an analytics framework for DNS security based on passive DNS traffic analysis.

公开(公告)号：US20160080216A1

公开(公告)日：2016-03-17

申请号：US14689823

申请日：2015-04-17

Applicant: Infoblox Inc.

Inventor： Bin Yu ,  Les Smith ,  Mark Threefoot

IPC: H04L12/26

CPC classification number: H04L41/147 ,  H04L41/0604 ,  H04L41/142 ,  H04L43/045 ,  H04L43/08 ,  H04L61/1511 ,  H04L61/2015

Abstract: Techniques for an exponential moving maximum (EMM) filter for predictive analytics in network reporting are disclosed. In some embodiments, a process for predictive analytics in network reporting using an EMM filter includes pre-processing network-related data by performing exponential moving maximum (EMM) filtering on the network-related data; and determining predictive analytics based on the EMM filtered network-related data.

Abstract translation: 公布了用于网络报告中预测分析的指数移动最大值（EMM）滤波器的技术。 在一些实施例中，使用EMM过滤器的网络报告中的预测分析过程包括通过对网络相关数据执行指数移动最大值（EMM）过滤来预处理网络相关数据; 以及基于所述EMM滤波的网络相关数据来确定预测分析。

公开(公告)号：US11153176B2

公开(公告)日：2021-10-19

申请号：US15995061

申请日：2018-05-31

Applicant: Infoblox Inc.

Inventor： Bin Yu ,  Les Smith ,  Mark Threefoot

IPC: H04L12/26 ,  H04L29/12 ,  H04L12/24

Abstract: Techniques for an exponential moving maximum (EMM) filter for predictive analytics in network reporting are disclosed. In some embodiments, a process for predictive analytics in network reporting using an EMM filter includes pre-processing network-related data by performing exponential moving maximum (EMM) filtering on the network-related data; and determining predictive analytics based on the EMM filtered network-related data.

公开(公告)号：US10270744B2

公开(公告)日：2019-04-23

申请号：US15705118

申请日：2017-09-14

Applicant: Infoblox Inc.

Inventor： Bin Yu ,  Les Smith ,  Mark Threefoot

IPC: H04L29/06

Abstract: New and improved techniques for a behavior analysis based DNS tunneling detection and classification framework for network security are disclosed. In some embodiments, a platform implementing an analytics framework for DNS security is provided for facilitating DNS tunneling detection. For example, an online platform can implement an analytics framework for DNS security based on passive DNS traffic analysis.

公开(公告)号：US20180351972A1

公开(公告)日：2018-12-06

申请号：US15721210

申请日：2017-09-29

Applicant: Infoblox Inc.

Inventor： Bin Yu ,  Mark Threefoot

IPC: H04L29/06 ,  H04L29/12

Abstract: Various techniques for providing inline DGA detection with deep networks are disclosed. In some embodiments, a system, process, and/or computer program product for inline DGA detection with deep networks includes receiving a DNS data stream, in which the DNS data stream includes a DNS query and a DNS response for resolution of the DNS query; determining whether the DNS query is associated with a potentially malicious network domain based on the inline DGA detection model; and performing a mitigation action if it is determined that the DNS query is associated with a potentially malicious network domain based on the inline DGA detection model.

公开(公告)号：US20170149622A1

公开(公告)日：2017-05-25

申请号：US15423118

申请日：2017-02-02

Applicant: Infoblox Inc.

Inventor： Bin Yu ,  Les Smith ,  Mark Threefoot

IPC: H04L12/24 ,  H04L12/26 ,  H04L29/12

CPC classification number: H04L41/147 ,  H04L41/0604 ,  H04L41/142 ,  H04L43/045 ,  H04L43/08 ,  H04L61/1511 ,  H04L61/2015

Abstract: Techniques for an exponential moving maximum (EMM) filter for predictive analytics in network reporting are disclosed. In some embodiments, a process for predictive analytics in network reporting using an EMM filter includes pre-processing network-related data by performing exponential moving maximum (EMM) filtering on the network-related data; and determining predictive analytics based on the EMM filtered network-related data.

公开(公告)号：US10425383B2

公开(公告)日：2019-09-24

申请号：US15696023

申请日：2017-09-05

Applicant: Infoblox Inc.

Inventor： Bin Yu ,  Les Smith ,  Mark Threefoot

IPC: H04L29/06 ,  H04L29/12

Abstract: Flux domain is generally an active threat vector, and flux domain behaviors are continually changing in an attempt to evade existing detection measures. Accordingly, new and improved techniques are disclosed for flux domain detection. In some embodiments, an online platform implementing an analytics framework for DNS security is provided for facilitating flux domain detection. For example, the online platform can implement an analytics framework for DNS security based on passive DNS traffic analysis, disclosed herein with respect to various embodiments.

公开(公告)号：US20180343172A1

公开(公告)日：2018-11-29

申请号：US15995061

申请日：2018-05-31

Applicant: Infoblox Inc.

Inventor： Bin Yu ,  Les Smith ,  Mark Threefoot

IPC: H04L12/24 ,  H04L29/12 ,  H04L12/26

Abstract: Techniques for an exponential moving maximum (EMM) filter for predictive analytics in network reporting are disclosed. In some embodiments, a process for predictive analytics in network reporting using an EMM filter includes pre-processing network-related data by performing exponential moving maximum (EMM) filtering on the network-related data; and determining predictive analytics based on the EMM filtered network-related data.