CN104219200B - A kind of apparatus and method for taking precautions against DNS cache attack - Google Patents
A kind of apparatus and method for taking precautions against DNS cache attack Download PDFInfo
- Publication number
- CN104219200B CN104219200B CN201310209362.7A CN201310209362A CN104219200B CN 104219200 B CN104219200 B CN 104219200B CN 201310209362 A CN201310209362 A CN 201310209362A CN 104219200 B CN104219200 B CN 104219200B
- Authority
- CN
- China
- Prior art keywords
- response messages
- domain name
- dns response
- address
- dns
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The present invention provides a kind of apparatus and method for taking precautions against DNS cache attack, applies on Network Security Device, and the device performs following handling process:Step A, the resolved domain name for obtaining from the DNS response messages received its carrying, and the resolved domain name is judged whether in default domain name watch-list, if it is, B is gone to step, if it is not, then going to step C;Whether step B, the parsing IP address corresponding with the resolved domain name for judging that the DNS response messages carry are all in white list, if it is, allowing the DNS response messages to pass through;Whether step C, the parsing IP address corresponding with the resolved domain name for judging that the DNS response messages carry have the unusual IP addresses belonged in blacklist, if it is not, then allowing the DNS response messages to pass through.By technical scheme, the ability that Network Security Device takes precautions against DNS caching attack is effectively improved, network security is further ensure that.
Description
Technical field
The present invention relates to network security technology, more particularly to a kind of apparatus and method for taking precautions against DNS cache attack.
Background technology
DNS is domain name system(Domain Name System)Abbreviation, it is made up of resolver and name server
's.Name server(DNS Server)Refer to preserve the domain name of All hosts and correspondence IP address in the network, and have
Translate domain names into as the server of IP address function.Fig. 1 is refer to, the flow of dns resolution domain name is substantially as follows:First by client
Domain name analysis request is initiated at end, and local dns server is received after the request, can be searched in local and caching, if do not looked for
Arrive, then can initiate analysis request to upper level dns server, analysis result can be passed through back message by upper level dns server
Local dns server is returned to, now, the analysis result is stored in and cached by local dns server, so as to subsequent client again
When the secondary request analysis domain name, analysis result can be directly returned to, while analysis result can be returned to this to be solved
Analyse the client of the domain name.
DNS attacks occur repeatedly in recent years, and the behavior attacked currently for DNS cache is also very common.DNS
Caching attack mainly has two classes:
The first kind, dns server can regularly update the caching of oneself., it is necessary to which superior server is sent during buffer update
Request, and attacker then sends the back message constructed meticulously to dns server.Such as, if dns server updates
During www.google.com domain names, attacker sends back message to dns server, it is possible to success attack, will
The corresponding IP address of www.google.com domain names makes the IP address that attacker specifies into.
Equations of The Second Kind, attacker deliberately sends request, such DNS using the second level domain of a non-existent certain domain name
Server due to can not parse will superior dns server send domain name analysis request, this when, attacker sends out to DNS
Send back message, it is possible to success attack.Such as, attacker wants to attack www.google.com, and it can just send
aa.google.com(Only example, it is assumed that the domain name is simultaneously not present)To dns server, this when, attacker sends back
Message is answered, this message is replied aa.google.com domain names and is not present, but wherein by www.google.com in additional resource
Make the IP address that attacker specifies into, so DNS cache success attack.
The content of the invention
In view of this, the present invention provides a kind of apparatus and method for taking precautions against DNS cache attack, to solve prior art presence
Deficiency.
Specifically, described device is applied on Network Security Device, and the device includes:
Domain name judge module, for obtaining the resolved domain name of its carrying from the DNS response messages received, and judges
Whether the resolved domain name is in default domain name watch-list, if it is, advice range detection module, if it is not, then
Notification filter protection module;
Range detection module, for the parsing IP corresponding with the resolved domain name that judge that the DNS response messages carry
Whether address is all in white list, if it is, allowing the DNS response messages to pass through;
Filter protection module, for the parsing IP corresponding with the resolved domain name that judge that the DNS response messages carry
Whether address has the unusual IP addresses belonged in blacklist, if it is not, then allowing the DNS response messages to pass through.
It the described method comprises the following steps:
Step A, the resolved domain name for obtaining from the DNS response messages received its carrying, and judge described resolved
Whether domain name is in default domain name watch-list, if it is, B is gone to step, if it is not, then going to step C;
All whether step B, the parsing IP address corresponding with the resolved domain name for judging that the DNS response messages carry
In white list, if it is, allowing the DNS response messages to pass through;
Whether step C, the parsing IP address corresponding with the resolved domain name for judging that the DNS response messages carry have category
Unusual IP addresses in blacklist, if it is not, then allowing the DNS response messages to pass through.
From above technical scheme, the present invention realizes the prison to parsing IP address by setting black, white list
Control, and can Exception Filter IP address, effectively guarded against attack of the attacker to DNS cache.
Brief description of the drawings
Fig. 1 is typical DNS request process chart;
Fig. 2 is the method flow diagram of one embodiment of the present invention;
Fig. 3 is the device logic chart of one embodiment of the present invention.
Embodiment
In the prior art, the Network Security Device between DNS request side and parsing side is receiving DNS request message
Afterwards, source port and TID can be changed according to random algorithm, then again forwarded DNS request message, while record modification
Front and rear source port and TID mapping relations.After DNS response messages are received, contrast source port and TID it is errorless after, will
Source port and the TID reduction, is then forwarded again.Although this method substantially reduces the success of tradition caching attack
Rate, but in extreme circumstances, if attacker discretely sends the response message for certain domain name, or by source port
Attack message is sent after being reduced the scope with TID, still there is certainly possible meeting success attack in theory.The present invention provides a kind of
The apparatus and method for taking precautions against DNS cache attack, are applied on Network Security Device, it is intended to increased substantially from another angle
The difficulty that attacker is attacked DNS cache so that DNS service is safer.In order that the purpose of the present invention, technical scheme and excellent
Point is clearer, and the present invention will be described in detail with specific embodiment below in conjunction with the accompanying drawings.
Fig. 2 and Fig. 3 are refer to, in the present invention is a kind of preferred embodiment, the present invention provides a kind of strick precaution DNS cache
Device is attacked, the device includes:Domain name judge module, range detection module, filter protection module and list maintenance module.Should
Device performs following handling process in the process of running:
Step 101, the resolved domain name for obtaining from the DNS response messages received its carrying, and judge described solved
Domain name is analysed whether in default domain name watch-list.This step is performed by domain name judge module.
In internet at this stage, DNS cache attack often has targetedly, and most attacker can select
The specific well-known website of attack, the present invention is obtained using this behavioral characteristic of attacker by the monitoring to a small number of well-known websites
Know the identity of more attackers, generally many attackers may attack these well-known websites.It is described default in this step
Domain name monitor table by administrator configurations, generally include the high well-known website domain name of clicking rate and other pregnable websites
Domain name.By monitoring table to default domain name, attacker can not only be known in subsequent treatment, can more importantly be protected
The domain name of these well-known websites is not attacked, and these well-known websites have accumulated the most flowing of access in internet after all.
Safety means can receive various messages, and it can utilize some ripe mechanism, such as the side such as ACL
Formula, DNS response messages are filtered out and do special processing.After DNS response messages are received, it can be fixed from DNS response messages
Field in obtain its carrying resolved domain name, judge the resolved domain name whether in the default domain name watch-list
In, if it is, the explanation resolved domain name, which is emphasis, needs the domain name of monitoring, go to step 102;If it is not, then turning step
Rapid 103.
Whether step 102, the parsing IP address corresponding with the resolved domain name for judging that the DNS response messages carry are complete
Portion is in white list, if it is, allowing the DNS response messages to pass through.This step is performed by range detection module.
The white list is used to record legal IP address.One website would generally to that should have multiple legal IP address,
For example such as Google, Sina's large-scale website, can dispose very multiple servers, every server is with can all having a private network IP
Location, it is contemplated that the property in short supply of IP address, in IPv4 networks, these servers can share multiple public network IP address, and for upper
For network users, the service provided on these public network IP address is consistent, therefore just occurs that a domain name correspondence is multiple
The situation of IP address.Although each domain name may correspond to multiple IP address, many times its corresponding all IP address
Will be at one or in several scopes specified, so the IP models that the present invention can be specified according to this or several
Enclose(Such as IP address section)To formulate white list.
If the parsing IP address all in white list, illustrates that these parsing IP address are that dns server is parsed
The legitimate ip address come, it is allowed to which the DNS response messages pass through.If the parsing IP address is not exclusively in white list, this
When not can determine that the parsing IP address is exactly illegal because these well-known websites be likely to increase newly more public network IPs
Address resource;Therefore in fact such case may need to determine whether, and then go to step 103, and report daily record to webmaster.
Webmaster periodically checks the parsing IP address not in white list in the daily record reported, if the parsing IP
Location is strictly the newly-increased IP address in the website itself, then can notify list maintenance module by parsing IP by network management path
Location increases in white list, so that the next parsing IP address can be passed through.If the parsing IP address is abnormal IP
Address, then it is the IP address that attacker attempts to use to illustrate this, can now notify list maintenance module by the parsing IP address
Increase in blacklist, so that next time can directly filter out the IP address.The blacklist is used for what records manager was assert
Unusual IP addresses or the IP address range for characterizing multiple unusual IP addresses, these IP address are led to from the perspective of domain name mapping
Often it can be appreciated that illegal IP address.Specifically, the unusual IP addresses or IP address range are probably that attacker wants
The address for guiding user to access, now, it is possible to be set to the abnormal IP of the overall situation;The unusual IP addresses or IP address
Scope is also likely to be that the address that attacker wants attack, i.e. attacker are wanted by guiding user is substantial amounts of to access the address,
And then cause the server crash of the address, now it is necessary to by the unusual IP addresses or IP address range and some domain names
It is corresponding, so can security from attacks person misguidance, will not also prevent the normal access of other users.
Step 103, judge whether the parsing IP address that the DNS response messages are carried has the abnormal IP belonged in blacklist
Address.This step is performed by filter protection module.
The setting of this step primarily to avoid the domain name not in domain name watch-list from not attacked as far as possible, although no
Domain name in domain name watch-list would generally be some rates of people logging in than relatively low non-well-known website, but it may also be attacked
Hit, that is to say, that this step can also determine the parsing IP address not in white list in monitoring step 102.Specifically, DNS is checked
Whether the parsing IP address that response message is carried has the unusual IP addresses belonged in blacklist, and the blacklist is except including known
Illegal IP outside, according to user the need for, can also configure including:Private network IP address, multicast address and broadcast address etc. are different
Normal IP address, generally such IP address should not be appeared in DNS response messages as analysis result.If described
IP address is parsed not in blacklist, then can largely illustrate that parsing IP address is a legitimate ip address, now
The DNS response messages can be allowed to pass through, if the parsing IP address there are the unusual IP addresses belonged in blacklist, said
This bright DNS response message is particularly likely that what attacker sent, at this point it is possible to directly lose this message.
In actual applications, also occur that the existing legitimate ip address of parsing IP address in some DNS response message has again
The situation of unusual IP addresses, so, in a preferred embodiment, filter protection module finds that DNS responses are reported through judging
It is not merely to lose the message when there are unusual IP addresses in the parsing IP address of text, but deletes abnormal solution therein
IP address is analysed, if the parsing IP address after deleting in the DNS response messages is not sky, allows the DNS response messages to lead to
Cross.So ensure that legitimate ip address therein can normally be sent to the server for asking the dns resolution or client
End.
By above description as can be seen that the present invention can know big portion by the monitoring to a small number of well-known website domain names
Point unusual IP addresses used in attacker, again can will be used in attacker extremely while realizing the protection of emphasis domain name
IP address is added in blacklist, then realizes the filtering to unusual IP addresses using blacklist, and the filtering of blacklist
Can be attacked towards whole domain names, therefore strengthen the safeguard function of DNS cache on the whole again.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all essences in the present invention
God is with principle, and any modification, equivalent substitution and improvements done etc. should be included within the scope of protection of the invention.
Claims (8)
1. a kind of device for taking precautions against DNS cache attack, is applied on Network Security Device, the device includes:
Domain name judge module, the resolved domain name for obtaining its carrying from the DNS response messages received, and judge described
Whether resolved domain name is in default domain name watch-list, if it is, advice range detection module, if it is not, then notifying
Filter protection module;
Range detection module, for the parsing IP address corresponding with the resolved domain name that judges that the DNS response messages carry
Whether all in white list, if it is, allowing the DNS response messages to pass through;
Filter protection module, for the parsing IP address corresponding with the resolved domain name that judges that the DNS response messages carry
Whether the unusual IP addresses that belong in blacklist are had, if it is not, then allowing the DNS response messages to pass through.
2. device according to claim 1, it is characterised in that
Range detection module is further used for judging that the parsing IP address that the DNS response messages are carried is incomplete in white list
When middle, notification filter protection module handles and reports daily record to webmaster.
3. device according to claim 1, it is characterised in that described device also includes:
List maintenance module, for updating the white and black list according to the instruction of webmaster.
4. device according to claim 1, it is characterised in that filter protection module is further used for when DNS responses
When the parsing IP address that message is carried there are the unusual IP addresses belonged in blacklist, delete abnormal in the DNS response messages
IP address is parsed, if the parsing IP address carried after deleting in the DNS response messages is not sky, allows the DNS to respond
Message passes through.
5. a kind of method for taking precautions against DNS cache attack, is applied on Network Security Device, this method includes:
Step A, the resolved domain name for obtaining from the DNS response messages received its carrying, and judge the resolved domain name
Whether in default domain name watch-list, if it is, B is gone to step, if it is not, then going to step C;
Whether step B, the parsing IP address corresponding with the resolved domain name for judging that the DNS response messages carry are all white
In list, if it is, allowing the DNS response messages to pass through;
Step C, whether the parsing IP address corresponding with the resolved domain name for judging that the DNS response messages carry has belongs to black
Unusual IP addresses in list, if it is not, then allowing the DNS response messages to pass through.
6. method according to claim 5, it is characterised in that step B further comprises:Judging the DNS responses report
When the parsing IP address that text is carried is not exclusively in white list, goes to step C and report daily record to webmaster.
7. method according to claim 5, it is characterised in that this method further comprises:
Step D, the white and black list updated according to the instruction of webmaster.
8. method according to claim 5, it is characterised in that step C further comprises:When the DNS response messages are taken
When the parsing IP address of band there are the unusual IP addresses belonged in blacklist, the abnormal parsing IP in the DNS response messages is deleted
Address, if the parsing IP address carried after deleting in the DNS response messages is not sky, allows the DNS response messages to lead to
Cross.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310209362.7A CN104219200B (en) | 2013-05-30 | 2013-05-30 | A kind of apparatus and method for taking precautions against DNS cache attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310209362.7A CN104219200B (en) | 2013-05-30 | 2013-05-30 | A kind of apparatus and method for taking precautions against DNS cache attack |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104219200A CN104219200A (en) | 2014-12-17 |
| CN104219200B true CN104219200B (en) | 2017-10-17 |
Family
ID=52100340
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310209362.7A Active CN104219200B (en) | 2013-05-30 | 2013-05-30 | A kind of apparatus and method for taking precautions against DNS cache attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104219200B (en) |
Families Citing this family (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103685318B (en) * | 2013-12-31 | 2017-09-12 | 山石网科通信技术有限公司 | Data processing method and device for network safety prevention |
| CN106385395B (en) * | 2015-07-15 | 2020-10-16 | 阿里巴巴(中国)有限公司 | Network attack judgment method, safe network data transmission method and corresponding device |
| US10574673B2 (en) | 2015-07-15 | 2020-02-25 | Guangzhou Ucweb Computer Technology Co., Ltd. | Network attack determination method, secure network data transmission method, and corresponding apparatus |
| US9264399B1 (en) * | 2015-08-18 | 2016-02-16 | Farsight Security, Inc. | Lock-free updates to a domain name blacklist |
| CN105592046B (en) * | 2015-08-25 | 2019-04-12 | 新华三技术有限公司 | A kind of authentication-exempt access method and device |
| CN106612239B (en) * | 2015-10-22 | 2020-03-20 | 中国电信股份有限公司 | DNS query flow control method, equipment and system |
| CN107632990B (en) * | 2016-07-19 | 2021-06-29 | 北京京东尚科信息技术有限公司 | Information display method and device |
| CN107769940A (en) * | 2016-08-17 | 2018-03-06 | 深圳市优朋普乐传媒发展有限公司 | A kind of method and device for determining failure web server |
| CN106470214B (en) * | 2016-10-21 | 2020-03-06 | 杭州迪普科技股份有限公司 | Attack detection method and device |
| CN106559420A (en) * | 2016-11-07 | 2017-04-05 | 杭州迪普科技股份有限公司 | A kind of filter method and device of message |
| CN106685951A (en) * | 2016-12-26 | 2017-05-17 | 北京奇虎科技有限公司 | Network flow filtering system and method based on domain name rules |
| CN108667782B (en) * | 2017-04-01 | 2021-03-23 | 贵州白山云科技股份有限公司 | DDoS attack defense method and system for DNS service |
| CN108809891B (en) * | 2017-04-27 | 2019-12-20 | 贵州白山云科技股份有限公司 | Server intrusion detection method and device |
| CN107295006A (en) * | 2017-07-28 | 2017-10-24 | 上海斐讯数据通信技术有限公司 | Authentication-exempt accesses URL method and system |
| CN111131126B (en) * | 2018-10-30 | 2022-02-08 | 中国电信股份有限公司 | Attack detection method and device |
| CN110266684B (en) * | 2019-06-19 | 2022-06-24 | 北京天融信网络安全技术有限公司 | Domain name system safety protection method and device |
| CN112311722B (en) * | 2019-07-26 | 2023-05-09 | 中国移动通信有限公司研究院 | Access control method, device, equipment and computer readable storage medium |
| CN110535719B (en) * | 2019-08-19 | 2021-07-27 | 福建天晴在线互动科技有限公司 | Game plug-in behavior monitoring method based on DNS flow characteristics |
| CN111131337B (en) * | 2020-03-31 | 2020-06-26 | 北京安博通科技股份有限公司 | UDP Flood attack detection method and device |
| CN114726566A (en) * | 2021-01-05 | 2022-07-08 | 中国移动通信有限公司研究院 | Website filtering method, device and node |
| CN113556342A (en) * | 2021-07-21 | 2021-10-26 | 江南信安(北京)科技有限公司 | DNS cache server prefix change attack protection method and device |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101272407A (en) * | 2008-04-28 | 2008-09-24 | 杭州华三通信技术有限公司 | Caching detecting method, caching detecting device and detection responding device for domain name system |
| CN101483648A (en) * | 2009-02-20 | 2009-07-15 | 杭州华三通信技术有限公司 | Method, system, apparatus and DNS server for DNS buffer probe |
| CN101827136A (en) * | 2010-03-30 | 2010-09-08 | 联想网御科技(北京)有限公司 | Defense method for domain name system server buffer infection and network outlet equipment |
| CN101924776A (en) * | 2010-09-16 | 2010-12-22 | 网宿科技股份有限公司 | Method and system for domain name resolution server to resist flooding attacks of DNS (Domain Name System) request reports |
| CN102035809A (en) * | 2009-09-29 | 2011-04-27 | 成都市华为赛门铁克科技有限公司 | Method, equipment and system for defending cache poison |
| CN102301682A (en) * | 2011-04-29 | 2011-12-28 | 华为技术有限公司 | Method and system for network caching, domain name system redirection sub-system thereof |
| CN102404317A (en) * | 2011-10-31 | 2012-04-04 | 杭州迪普科技有限公司 | Method and device for preventing DNS (domain name system) cache attack |
| CN102404318A (en) * | 2011-10-31 | 2012-04-04 | 杭州迪普科技有限公司 | Method and device for prevention of DNS (Domain Name Server) cathe attack |
| US8312125B1 (en) * | 2010-03-12 | 2012-11-13 | Local Corporation | System and method for bulk web domain generation and management |
| CN102932348A (en) * | 2012-10-30 | 2013-02-13 | 常州大学 | Real-time detection method and system of phishing website |
| CN102957693A (en) * | 2012-10-25 | 2013-03-06 | 北京奇虎科技有限公司 | Method and device for judging phishing websites |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8489637B2 (en) * | 2009-11-19 | 2013-07-16 | International Business Machines Corporation | User-based DNS server access control |
-
2013
- 2013-05-30 CN CN201310209362.7A patent/CN104219200B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101272407A (en) * | 2008-04-28 | 2008-09-24 | 杭州华三通信技术有限公司 | Caching detecting method, caching detecting device and detection responding device for domain name system |
| CN101483648A (en) * | 2009-02-20 | 2009-07-15 | 杭州华三通信技术有限公司 | Method, system, apparatus and DNS server for DNS buffer probe |
| CN102035809A (en) * | 2009-09-29 | 2011-04-27 | 成都市华为赛门铁克科技有限公司 | Method, equipment and system for defending cache poison |
| US8312125B1 (en) * | 2010-03-12 | 2012-11-13 | Local Corporation | System and method for bulk web domain generation and management |
| CN101827136A (en) * | 2010-03-30 | 2010-09-08 | 联想网御科技(北京)有限公司 | Defense method for domain name system server buffer infection and network outlet equipment |
| CN101924776A (en) * | 2010-09-16 | 2010-12-22 | 网宿科技股份有限公司 | Method and system for domain name resolution server to resist flooding attacks of DNS (Domain Name System) request reports |
| CN102301682A (en) * | 2011-04-29 | 2011-12-28 | 华为技术有限公司 | Method and system for network caching, domain name system redirection sub-system thereof |
| CN102404317A (en) * | 2011-10-31 | 2012-04-04 | 杭州迪普科技有限公司 | Method and device for preventing DNS (domain name system) cache attack |
| CN102404318A (en) * | 2011-10-31 | 2012-04-04 | 杭州迪普科技有限公司 | Method and device for prevention of DNS (Domain Name Server) cathe attack |
| CN102957693A (en) * | 2012-10-25 | 2013-03-06 | 北京奇虎科技有限公司 | Method and device for judging phishing websites |
| CN102932348A (en) * | 2012-10-30 | 2013-02-13 | 常州大学 | Real-time detection method and system of phishing website |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104219200A (en) | 2014-12-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104219200B (en) | A kind of apparatus and method for taking precautions against DNS cache attack | |
| US9762543B2 (en) | Using DNS communications to filter domain names | |
| US11323469B2 (en) | Entity group behavior profiling | |
| US10298610B2 (en) | Efficient and secure user credential store for credentials enforcement using a firewall | |
| US10425387B2 (en) | Credentials enforcement using a firewall | |
| Whyte et al. | DNS-based Detection of Scanning Worms in an Enterprise Network. | |
| US9363269B2 (en) | Zero day threat detection based on fast flux detection and aggregation | |
| US9003518B2 (en) | Systems and methods for detecting covert DNS tunnels | |
| US8413239B2 (en) | Web security via response injection | |
| US7899849B2 (en) | Distributed security provisioning | |
| US8413238B1 (en) | Monitoring darknet access to identify malicious activity | |
| US8286239B1 (en) | Identifying and managing web risks | |
| US8561187B1 (en) | System and method for prosecuting dangerous IP addresses on the internet | |
| US20150373043A1 (en) | Collaborative and Adaptive Threat Intelligence for Computer Security | |
| CN102137111A (en) | Method and device for preventing CC (Challenge Collapsar) attack and content delivery network server | |
| US20140013435A1 (en) | Social Network Protection System | |
| US9385993B1 (en) | Media for detecting common suspicious activity occurring on a computer network using firewall data and reports from a network filter device | |
| Špaček et al. | Current issues of malicious domains blocking | |
| Atighetchi et al. | Attribute-based prevention of phishing attacks | |
| Raftopoulos et al. | Understanding network forensics analysis in an operational environment | |
| US11683337B2 (en) | Harvesting fully qualified domain names from malicious data packets | |
| US10951583B1 (en) | Methods and apparatus for controlling internet access | |
| Selvaraj et al. | Enhancing intrusion detection system performance using firecol protection services based honeypot system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building Applicant after: Hangzhou Dipu Polytron Technologies Inc Address before: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building Applicant before: Hangzhou Dipu Technology Co., Ltd. |
|
| COR | Change of bibliographic data | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20181105 Address after: 310051 05, room A, 11 floor, Chung Cai mansion, 68 Tong Xing Road, Binjiang District, Hangzhou, Zhejiang. Patentee after: Hangzhou Depp Information Technology Co., Ltd. Address before: 310051, 6 floor, Chung Cai mansion, 68 Tong he road, Binjiang District, Hangzhou, Zhejiang. Patentee before: Hangzhou Dipu Polytron Technologies Inc |
|
| TR01 | Transfer of patent right |