Systems and methods for intelligent phishing threat detection and phishing threat remediation in a cyber security threat detection and mitigation platform
US-2024414198-A1 · Dec 12, 2024 · US
System, method, and computer program product for preventing a modification to a domain name system setting
US9294505B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9294505-B2 |
| Application number | US-201414518907-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 20, 2014 |
| Priority date | Aug 13, 2010 |
| Publication date | Mar 22, 2016 |
| Grant date | Mar 22, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A system, method, and computer program product are provided for preventing a modification to a domain name system setting. In use, an attempt to modify a domain name system setting is detected. Additionally, a source of the attempt and an attribute of the modification are verified. Further, the modification to the domain name system setting is prevented, based on the verification.
First claim
Opening claim text (preview).
What is claimed is: 1. A system, comprising: a processor; a memory configured to store a domain name system setting; and logic, wherein the logic is configured to: detect an attempt for modification of the domain name system setting stored within the memory; identify an attribute of the modification; verify a source of the attempt by generating a hash of the source in order to compare the source against a whitelist including predetermined non-malicious sources; verify the attribute of the modification by comparing the attribute of the modification against at least one of a whitelist including known good attributes and a blacklist including known at least potentially malicious attributes; and prevent the modification of the domain name system setting responsive to the verifying of the source of the attempt being indicative that the source is a potentially malicious source and the verifying of the attribute of the modification being indicative that the attribute of the modification is a potentially malicious attribute. 2. The system of claim 1 , wherein the logic is further configured to retrieve at least one of the whitelist including predetermined non-malicious sources, the whitelist including known good attributes, and the blacklist including known at least potentially malicious attributes from the memory. 3. The system of claim 1 , wherein the logic is further configured to retrieve at least one of the whitelist including predetermined non-malicious sources, the whitelist including known good attributes, and the blacklist including known at least potentially malicious attributes from a database. 4. The system of claim 1 , wherein the logic is further configured to retrieve at least one of the whitelist including predetermined non-malicious sources, the whitelist including known good attributes, and the blacklist including known at least potentially malicious attributes from a server. 5. The system of claim 1 , wherein the domain name system setting includes a setting of a value in a registry. 6. The system of claim 1 , wherein the domain name system setting includes an Internet Protocol (IP) address setting. 7. The system of claim 1 , wherein the attempt for modification of the domain name system setting includes an attempt to change or replace an Internet Protocol (IP) address to a malicious IP address. 8. The system of claim 1 , wherein the attempt for modification of the domain name system setting includes an attempted write operation to the domain name system setting. 9. The system of claim 1 , wherein the attempt for modification of the domain name system setting includes an attempted create operation of the domain name system setting. 10. The system of claim 1 , wherein the logic is further configured to intercept the attempt for modification of the domain name system setting. 11. The system of claim 1 , wherein the source of the attempt includes a process. 12. The system of claim 1 , wherein the source of the attempt includes a file. 13. The system of claim 1 , wherein the source of the attempt is further verified by comparing the source of the attempt against a blacklist containing known at least potentially malicious sources. 14. The system of claim 1 , wherein the whitelist includes predetermined non-malicious sources including a list of hashes of the predetermined non-malicious sources. 15. The system of claim 14 , wherein the logic is further configured to verify the source of the attempt by comparing the hash of the source against the list of hashes of the predetermined non-malicious sources. 16. The system of claim 1 , wherein the source of the attempt is verified at a first server and the attribute of the modification is verified at a second server. 17. The system of claim 1 , wherein the source of the attempt and the attribute of the modification are verified at a single server. 18. The system of claim 1 , wherein preventing modification of the domain name system setting includes blocking the modification of the domain name system setting. 19. The system of claim 1 , wherein preventing modification of the domain name system setting includes undoing the modification of the domain name system setting. 20. The system of claim 1 , wherein preventing modification of the domain name system setting includes removing the source of the attempt.
Assignees
Inventors
Classifications
- G06F21/554Primary
involving event detection and direct action · CPC title
Event detection, e.g. attack signature detection · CPC title
Computer malware detection or handling, e.g. anti-virus arrangements · CPC title
- H04L63/1466Primary
Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks · CPC title
service impersonation, e.g. phishing, pharming or web spoofing (detection of rogue wireless access points H04W12/12) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9294505B2 cover?
- A system, method, and computer program product are provided for preventing a modification to a domain name system setting. In use, an attempt to modify a domain name system setting is detected. Additionally, a source of the attempt and an attribute of the modification are verified. Further, the modification to the domain name system setting is prevented, based on the verification.
- Who is the assignee on this patent?
- Mcafee Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/554. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Mar 22 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).