Abstract: Embodiments relate to systems, devices, and computing-implemented methods for providing DoS mitigation using a list of persistent clients generated using network flow data. Daily flow counts can be incremented once per date for unique flow combinations in the network flow data that are associated with at least one network interaction that occurred on that date. A candidate list of persistent clients can be created based on the daily flow counts, and the candidate list of persistent clients can be filtered and ranked, and the list of persistent clients can be selected based on the rankings.

Abstract: In one embodiment, a rule optimization application optimizes a rule set that a firewall applies to protect web applications from on-line attacks. The rule optimization application identifies a completed filtering operation that is associated with applying a rule to a request to access a web application received from a client. The rule optimization application then estimates a quality score for the rule based on the completed filtering operation and a reputation value for the client that indicates a likelihood that the client is legitimate. Subsequently, the rule optimization application determines that the quality score does not satisfy a predetermined quality criterion and disables the rule in the rule set to generate a updated, optimized rule set for the web application. Advantageously, the quality criterion may configure the rule optimization application to automatically update the rule set to reduce the number of legitimate requests that are blocked by the rule set.

Abstract: A system and method for modifying a bulk set of domain names through bulk operations. A request to modify a bulk set of data associated with domain names is received by a registry. A bulk processing engine associated with the registry can analyze the requested update job, and enforce compliance with a set of policies governing the operation of registry. A priority level can also be assigned to the requested job, so that it will be executed before or after other pending jobs. The user can likewise provide user-supplied policies, which can also be validated against the set of registry policies. Data faults can be reduced or eliminated, and update operations can be performed by comparatively inexperienced personnel.

Abstract: The present invention generally relates to a system for, and method of, obtaining, from a first identifier in a first name space, a second identifier in a second name space. The disclosed technique involves obtaining the first identifier in the first name space from a source, applying a rule to the first identifier in the first name space, such that a second identifier in a second name space is obtained, and providing the second identifier, such that the source obtains the second identifier without resolving the first identifier using a domain name system (DNS).

Abstract: Systems, methods, and computer-readable mediums are provided that access a set of data related to a plurality of domain name system (DNS) requests for a plurality of subnets in a network. A subset of the set of data that is a representative sample of the set of data is selected. Latency of the subset of the data is estimated and latency is estimated for the totality of the data. A portion of the network is modified based on the estimated latency of the totality of the data.

Abstract: Embodiments relate to systems, devices, and computing-implemented methods for separating malware and background events to classify malware based on traffic data by receiving the traffic data that includes malware events and background noise, converting the traffic data into a feature vector, performing a signal processing algorithm on the feature vector to separate the malware events from the background noise, where the signal processing algorithm is associated with a malware family, determining a score for the malware events using a malware classification algorithm associated with the malware family, and applying a label associated with the malware family to the traffic data based on the score to classify the traffic data. Additionally, the malware application can be contained, removed, and/or the effects of a malware application can be neutralized based on the classification.

Abstract: A method of providing one or more assertions about a subject is provided. The method includes obtaining, at an assertion directory access server and over a network, a first assertion about a first attribute of the subject from a first assertion issuer; obtaining, at the assertion directory access server and over a network, a second assertion about a second attribute of the subject from a second assertion issuer; and providing, from the assertion directory access server, the first assertion and the second assertion to an assertion directory authority server over a network.

Abstract: Systems and methods are disclosed for using keywords to navigate to web pages on the Internet. In one implementation, a system includes a processor and a memory. The memory stores instructions that cause the processor to receive a search string from a website, the search string being entered by a website visitor using a browser. The processor uses a database to locate a keyword associated with the website that matches the search string. The processor determines a web page address associated with the keyword and causes the browser to be directed to the web page address. In another aspect, a method for managing keywords used for directing a browser to a web page hosted at a website, is disclosed. The method includes, among other things, storing a web page address, a keyword, and a domain name to associate the web page address, the keyword, and the domain name.

Abstract: Systems and methods are provided for malware scanning and detection in a computing system. In one exemplary embodiment, the method includes launching, in a computing device of the computing system, a virtual machine, and launching, in the virtual machine of the computing device, an internet browser. The method also includes requesting, by the internet browser, data from a web page, and performing, using one or more analysis tools, analysis on the web page. In the method, performing analysis on the web page includes performing monitoring and recording of system application programming interface (API) calls, and creating software objects associated with the web page. The method also includes performing antivirus scanning of the software objects, de-obfuscating JavaScript associated with the software objects, and correlating data associated with the performed analysis to determine if the web page is a malicious web page.

Abstract: Systems and methods for creating a new domain, such as a top-level domain or a second-level domain, make use of a Domain Manager that enables a user to enter data that is necessary or optional to implement the creation of a new domain. Systems such as, for example, a Registry and one or more Registrars, may use the data defined by the Domain Manager to create a new domain.

Abstract: The present invention generally relates to systems and methods for extending a chain of trust beyond the DNS. Some embodiments provide a verifier with the ability to validate a chain of trust starting with the trust anchor at the DNS root all the way to a service or object of interest outside the DNS.

Abstract: This disclosure includes, for example, methods and computer systems for providing audio-activated resource access for user devices. The computer systems may store instructions to cause the processor to perform operations, comprising capturing audio at a user device. The operations may also comprise using a speaker recognition system to identify a speaker in the transmitted audio and/or using a speech-to-text converter to identify text in the captured audio. The speaker identity or a condensed version of the speaker identity or other metadata along with the speaker identity may be transmitted to a server system to determine a corresponding speaker identity entry. The operations may also comprise receiving a resource corresponding to the identified speaker entry in the server system.

Abstract: Provided is a method of digitally securing a digital object from a first user in a first domain to a second user in a second domain using a DNS provider. The method includes accessing, at a client device of the first user, a client-side local policy, wherein the local policy comprises one or more zones managed by one or more DNS providers and secured by DANE using DNSSEC; constructing a DNS query for a cryptographic credential for the second user based, at least in part, on a zone of the one or more zones in the local policy; providing a request for the cryptographic credential for the second user; obtaining the cryptographic credential for the second user from a DNS provider of the one or more DNS providers; digitally securing the digital object using the cryptographic credential; and providing the digital object to the second user.

Abstract: Implementations relate to systems and methods for pre-signing of DNSSEC enabled zones into record sets. A domain name system (DNS) can receive and/or impose a set of DNS policies desired by an administrator, or the DNS operator itself to govern domain name resolution with security extensions (DNSSEC) for a Web domain. The DNS can generate a set of answers to user questions directed to the domain based on the set of policies. Those answers which differ or vary based on policy rules can be stored as variant answers, and can be labeled with a variant ID. The variant answers can be pre-signed and stored in the DNS. Because key data and other information is generated and stored before a DNS request is received, the requested variant answer can be returned with greater responsiveness and security.

Abstract: A method can include receiving, from a user, a string of characters. The method can also include determining components of the string of characters. The components of the string of characters may include one or more graphemes that are related in the string of characters. The method can include determining universal phonetic representations for the components of the string of characters. The method can also include determining pronunciations for the universal phonetic representations. Additionally, the method can include constructing a pronunciation of the string of characters based at least partially on the pronunciations of the universal phonetic representations. Further, the method can include sending, to the user, a sound file representing the pronunciation of the string of characters.

Abstract: The disclosure is directed to securely bootstrapping devices in a network environment. Methods and systems include hardware and/or operations for receiving, based on an identifier provisioned at a relying entity, instances of a security credential of an information system, wherein the instances are associated with respective certifying entities. The operations also include verifying the authenticity of the instances of the security credential using information of the certifying entities provisioned at the relying entity. The operations further includes determining matches between the instances of the security credential. Additionally, the operations include determining based on the matches that a first instance of the security credential satisfies a policy provisioned at the relying entity. Further, the operations include verifying the authenticity of information requested from the information system using the first instance of the security credential.

Abstract: Provided is a method for establishing ownership of a component of an internet of things (“IoT”) device. The method comprises receiving, at a registration service, a request to register the component of the IoT device, the request comprising a public key of the component of the IoT device, an identifier of the component of the IoT device, and a public key of an owner of the component of the IoT device; determining a qualified name for the component of the IoT device based on a name associated with the owner of the component of the IoT device; generating one or more domain name system (“DNS”) records for the component of the IoT device, the one or more DNS records comprising an authentication file that identifies a chain of ownership of the component of the IoT device; and storing the one or more DNS records in a registry.

Abstract: Provided are methods, devices, and computer-readable media for accessing a string of characters; parsing the string of characters into string of graphemes; determining one or more phonetic representations for one or more graphemes in the string of graphemes based on a first data structure; determining at least one grapheme representation for one or more of the one or more phonetic representations based on a second data structure; and constructing the phonetic representation of the string of characters based on the grapheme representation that was determined.

Abstract: A method for mitigating a denial of service attack includes determining, for a client, a number of requests being transmitted to a server and determining, for the client, that the number of requests for a time period is greater than a top talker threshold. The method includes classifying the client as a top talker based on the number of requests being greater than the top talker threshold and identifying, for the client, additional requests being transmitted to the server. The method also includes determining whether a number of the additional requests matches one or more attack patterns and preventing one or more of the additional requests from being transmitted to the server if the number of additional requests that matches one or more attack patterns is greater than a first threshold.

Abstract: A Domain Name System (“DNS”) package and a method for providing domain name resolution services in a partitioned network are disclosed. The system may include one or more built-in root name servers; one or more built-in top level domain (“TLD”) name servers; and a recursive name server. The recursive name server may be configured to query the one or more built-in root name servers during domain name resolution. Moreover, the one or more built-in root name servers may be configured to provide a network address corresponding to one of the built-in TLD name servers in response to a domain name resolution query sent by the recursive name server.