FR3101978B1 - Système et procédé de détection d’un algorithme de génération de domaine DGA - Google Patents
Système et procédé de détection d’un algorithme de génération de domaine DGA Download PDFInfo
- Publication number
- FR3101978B1 FR3101978B1 FR1911252A FR1911252A FR3101978B1 FR 3101978 B1 FR3101978 B1 FR 3101978B1 FR 1911252 A FR1911252 A FR 1911252A FR 1911252 A FR1911252 A FR 1911252A FR 3101978 B1 FR3101978 B1 FR 3101978B1
- Authority
- FR
- France
- Prior art keywords
- detecting
- generation algorithm
- dga
- client terminal
- domain generation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title abstract 3
- 238000005192 partition Methods 0.000 abstract 2
- 238000004220 aggregation Methods 0.000 abstract 1
- 230000002776 aggregation Effects 0.000 abstract 1
- 238000001514 detection method Methods 0.000 abstract 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/23—Clustering techniques
- G06F18/231—Hierarchical techniques, i.e. dividing or merging pattern sets so as to obtain a dendrogram
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N5/00—Computing arrangements using knowledge-based models
- G06N5/02—Knowledge representation; Symbolic representation
- G06N5/022—Knowledge engineering; Knowledge acquisition
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/144—Detection or countermeasures against botnets
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Evolutionary Computation (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Artificial Intelligence (AREA)
- Physics & Mathematics (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Mathematical Physics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Life Sciences & Earth Sciences (AREA)
- Computational Linguistics (AREA)
- Evolutionary Biology (AREA)
- Bioinformatics & Computational Biology (AREA)
- Medical Informatics (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Debugging And Monitoring (AREA)
Abstract
L’invention concerne un procédé et un dispositif de détection d’un algorithme de génération de domaine DGA dans un réseau de communication informatique (106) comprenant au moins un serveur de résolution de requêtes DNS (104) émanant d’au moins un terminal client (102). Le réseau de communication informatique (106) comprend en outre un module de détection (108) couplé au serveur de résolution (104) et configuré pour analyser les requêtes DNS selon les étapes suivantes : - pour chaque requête DNS , associer le nom de domaine demandé et l’identité du terminal client demandeur pour former un tuple ; - combiner en partitions homogènes les tuples congruents selon au moins une technique d’agrégation choisie ; et - en déduire pour chaque partition homogène l’ensemble des terminaux clients exploitant un même DGA. Figure 1
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR1911252A FR3101978B1 (fr) | 2019-10-10 | 2019-10-10 | Système et procédé de détection d’un algorithme de génération de domaine DGA |
FR2010294A FR3101977B1 (fr) | 2019-10-10 | 2020-10-08 | Système et procédé de détection d’un algorithme de génération de domaine DGA |
US17/065,752 US11777969B2 (en) | 2019-10-10 | 2020-10-08 | System and method for detecting a DGA domain generation algorithm |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR1911252 | 2019-10-10 | ||
FR1911252A FR3101978B1 (fr) | 2019-10-10 | 2019-10-10 | Système et procédé de détection d’un algorithme de génération de domaine DGA |
Publications (2)
Publication Number | Publication Date |
---|---|
FR3101978A1 FR3101978A1 (fr) | 2021-04-16 |
FR3101978B1 true FR3101978B1 (fr) | 2024-02-09 |
Family
ID=70613818
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
FR1911252A Active FR3101978B1 (fr) | 2019-10-10 | 2019-10-10 | Système et procédé de détection d’un algorithme de génération de domaine DGA |
FR2010294A Active FR3101977B1 (fr) | 2019-10-10 | 2020-10-08 | Système et procédé de détection d’un algorithme de génération de domaine DGA |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
FR2010294A Active FR3101977B1 (fr) | 2019-10-10 | 2020-10-08 | Système et procédé de détection d’un algorithme de génération de domaine DGA |
Country Status (2)
Country | Link |
---|---|
US (1) | US11777969B2 (fr) |
FR (2) | FR3101978B1 (fr) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20240037069A1 (en) * | 2022-07-29 | 2024-02-01 | Dell Products L.P. | Multi-domain and multi-tier scale-out architecture for clustered file systems |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8260914B1 (en) * | 2010-06-22 | 2012-09-04 | Narus, Inc. | Detecting DNS fast-flux anomalies |
US10198579B2 (en) * | 2014-08-22 | 2019-02-05 | Mcafee, Llc | System and method to detect domain generation algorithm malware and systems infected by such malware |
US10685295B1 (en) * | 2016-12-29 | 2020-06-16 | X Development Llc | Allocating resources for a machine learning model |
JP6912714B2 (ja) * | 2017-07-21 | 2021-08-04 | 富士通株式会社 | 情報処理装置、情報処理方法および情報処理プログラム |
-
2019
- 2019-10-10 FR FR1911252A patent/FR3101978B1/fr active Active
-
2020
- 2020-10-08 FR FR2010294A patent/FR3101977B1/fr active Active
- 2020-10-08 US US17/065,752 patent/US11777969B2/en active Active
Also Published As
Publication number | Publication date |
---|---|
FR3101977B1 (fr) | 2024-02-16 |
FR3101978A1 (fr) | 2021-04-16 |
US11777969B2 (en) | 2023-10-03 |
US20210112084A1 (en) | 2021-04-15 |
FR3101977A1 (fr) | 2021-04-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9246699B2 (en) | Method and system for testing multiple components of a multi-tenant, multi-domain, multi-tiered website | |
US8051207B2 (en) | Inferring server state in s stateless communication protocol | |
US8539068B2 (en) | Methods and systems for providing customized domain messages | |
US10810279B2 (en) | Content delivery network (CDN) providing accelerated delivery of embedded resources from CDN and third party domains | |
US20100138559A1 (en) | Systems and methods for direction of communication traffic | |
EP3270564A1 (fr) | Fourniture de sécurité répartie | |
US20030220998A1 (en) | Server site restructuring | |
US20130103784A1 (en) | Routing client requests | |
KR20090041752A (ko) | 네트워크상의 복수 단말을 검출하여 인터넷을 허용 및차단하는 방법 | |
WO2010090650A3 (fr) | Routage de demande basé sur des classes | |
US10992777B2 (en) | System and method for identifying OTT applications and services | |
CN101681340A (zh) | 收集通过网络传输的信息的非介入性方法和系统 | |
CN102047242A (zh) | 内容管理 | |
US20120220261A1 (en) | Service classification of web traffic | |
CN112261172A (zh) | 服务寻址访问方法、装置、系统、设备及介质 | |
CN108418847B (zh) | 一种网络流量缓存系统、方法及装置 | |
CN1878096A (zh) | 一种检测内部计算机网络中计算机用户数的方法 | |
Matic et al. | Pythia: a framework for the automated analysis of web hosting environments | |
CN113179187B (zh) | 一种cdn节点加速配置分发方法 | |
FR3101977B1 (fr) | Système et procédé de détection d’un algorithme de génération de domaine DGA | |
CN107704494B (zh) | 一种基于应用软件的用户信息收集方法和系统 | |
US20060168113A1 (en) | File transfer management systems and methods | |
CN105872082A (zh) | 基于容器集群负载均衡算法的细粒度资源响应系统 | |
Wullink et al. | ENTRADA: enabling DNS big data applications | |
CN115344455A (zh) | 日志处理方法、装置、电子设备及存储介质 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PLFP | Fee payment |
Year of fee payment: 2 |
|
PLSC | Publication of the preliminary search report |
Effective date: 20210416 |
|
PLFP | Fee payment |
Year of fee payment: 3 |
|
PLFP | Fee payment |
Year of fee payment: 4 |
|
PLFP | Fee payment |
Year of fee payment: 5 |