Palo Alto Networks, Inc.
Finding malicious domains with DNS query pattern analysis

Abstract:

Malicious domain finding using DNS query pattern analysis is disclosed. A first DNS query signature and a second DNS query signature are generated, using a set of DNS query records. The first and second DNS query signatures are compared, and the second DNS query signature is identified as malicious based on a detected match between the first and second DNS query signatures.