Abstract: Systems and methods are disclosed for identifying associations between binary samples, such as e-mail files and their attachments or a document and an executable program associated with the document. In one implementation, the method includes receiving a plurality of binary samples, and extracting metadata from the plurality of binary samples. The metadata for a binary sample from the plurality of binary samples includes a set of attributes of the binary sample. The method further includes identifying a set of associations between the plurality of binary samples based on the extracted metadata. Each association is characterized by at least one attribute the associated binary samples have in common, and each association has a confidence level indicative of a strength of the association. The method also includes identifying associations with a confidence level that exceeds a predefined threshold.

Abstract: Methods and systems are disclosed for assessing an identifier. The method comprises receiving a string of characters making up the identifier and determining a keyboard type for a keyboard. The method further comprises calculating, by a calculator module, a typeability score for the identifier based on the string of characters and the keyboard type, wherein the typeability score signifies a difficulty of typing the identifier on the keyboard type. In certain embodiments, the method further comprises determining a finger positioning corresponding to a position of a typer's fingers on the keyboard, and the typeability score is further based on the finger positioning. In some embodiments, the finger positioning is based on the typer's typing habits.

Abstract: A system and method for modifying a bulk set of domain names through bulk operations. A request to modify a bulk set of data associated with domain names is received by a registry. A bulk processing engine associated with the registry can analyze the requested update job, and enforce compliance with a set of policies governing the operation of registry. A priority level can also be assigned to the requested job, so that it will be executed before or after other pending jobs. The user can likewise provide user-supplied policies, which can also be validated against the set of registry policies. Data faults can be reduced or eliminated, and update operations can be performed by comparatively inexperienced personnel.

Abstract: The present invention generally relates to systems and methods for extending a chain of trust beyond the DNS. Some embodiments provide a verifier with the ability to validate a chain of trust starting with the trust anchor at the DNS root all the way to a service or object of interest outside the DNS.

Abstract: The present invention generally relates to systems and methods for extending a chain of trust beyond the DNS. Some embodiments provide a verifier with the ability to validate a chain of trust starting with the trust anchor at the DNS root all the way to a service or object of interest outside the DNS.

Abstract: Techniques for inferring the existence of suspicious software by detecting multiple name server requests for the same sets of non-existent domains. Implementations can allow for detecting the existence of malware or other suspicious software without requiring reverse engineering of the malware's domain generation algorithm.

Abstract: An apparatus and a non-transitory computer-readable medium may perform a method for providing content provider-specified URL keyword navigation. The method may comprise: receiving a first HTTP response from a first web server, wherein the first HTTP response includes a client-executable program; executing the client-executable program, wherein executing the client-executable program comprises: identifying a keyword included in a first URL; transmitting at least a portion of the first URL and the keyword to a second server for resolution; and receiving a second URL corresponding to a resolution of the keyword from the second server; sending a second HTTP request to a third web server for a second resource defined by the second URL; and receiving a second HTTP response from the third web server, wherein the second HTTP response includes the third resource.

Abstract: Provided herein are a method, a device, and a computer-readable medium operable to perform a method of automatically admitting a device to a network. The method can include receiving, from the one or more authorized devices in the network, first data that is associated with one or more sensing modalities, wherein the one or more sensing modalities are detected by the one or more of the one or more of the authorized devices during a defined time window; identifying a new device to be admitted to the network; constructing a time sequence of proximity events of the new device, within the defined time window, based on the first data; determining that the time sequence of the proximity events matches an expected time sequence of expected of proximity events; and admitting the new device to the network based on the determining.

Abstract: Systems and methods for searching domain names and owner information in a search tool involve networked databases, indexers, text indexes, and a server. The networked databases store domain names and owner information associated with the domain names. The indexers index suffixes of the domain names and of text-searchable portions of the owner information that have a minimum length of characters, and the text indexes store the indexed suffixes. In response to a search request, the server searches the text indexes for a matching domain name and/or matching owner information that satisfy the search request, queries the networked databases for corresponding owner information associated with the matching domain name and/or corresponding domain names associated with the matching owner information, and provides search results that include the matching domain name and the corresponding owner information and/or the matching owner information and the corresponding domain names.

Abstract: Systems and methods are disclosed for a cache-sensitive index that uses fixed-size partial keys. The index may include a node comprising a child group pointer, a number of partial keys and a similar number of full-key pointers. The node may also include a record count. The nodes are organized into groups. The groups may contain a number of nodes one greater than the number of partial keys in a node and the nodes in a group may be stored contiguously in memory. The child group pointer and the number of partial keys may fit within a cache line. A method is disclosed for traversing the index, for bulk-loading the index, and for live deletion of records from the index.

Abstract: Embodiments relate to systems, devices, and computer-implemented methods for preventing determination of previous access of sensitive content by receiving, from a user, a request for content at a device in an information centric network, where a cached version of the content is locally stored at the device; initiating a time delay based on a determination that the user has not previously requested the content; and transmitting the cached version of the content to the user after the time delay.

Abstract: Implementations relate to systems and methods for configuring a probe server network using a reliability model. A company, customer, or organization may wish to outsource the management of a set of name servers used to operate a domain name, such as a domain name associated with a Web site. In aspects, that deployment of name servers can be monitored by a separate set of failover or probe servers which are configured to track the uptime, operability, and performance of the underlying name servers, which can number in the thousands. An administrator or other user may wish to determine a minimum number of probe servers to apply to the name server topology, to achieve desired service levels. According to aspects, automated tools and logic are provided which model and simulate the overall network including the number and arrangement of necessary probe servers to ensure performance, failover reliability, and other factors.

Abstract: A method for transmitting messages in a publish/subscribe message system. The method also includes: receiving, at a first relay, a subscription request from a first client; recording, at the first relay, subscription information of the first client based on the subscription request; receiving, at the first relay, a publication request from a second client, wherein the publication request includes a message; and transmitting the message to the first client.

Abstract: Non-existent domain (NXD) queries may be monitored to determine if a keyword is included in NXD queries for a brand top level domain (TLD). When a predetermined number of NXD queries have been received for a brand domain that include the keyword, an action may be initiated. The action may be related to the registration of a new domain for the brand domain including the keyword.

Abstract: Systems and methods are disclosed for integrating JAVA objects, such as handlers, into a scripting language to be used as part of a test automation environment including a test automation tool. The environment can access and execute one or more script files coded using diverse scripting languages designed to exercise and test DNS servers, registries, and/or other network entities. The test automation tool can invoke a set of generalized handlers that may comprise compiled JAVA objects configured to perform specific testing functions. The test automation tool may load a script for a test case and a scripting language, establish a controller, and interface the script to the intermediate JAVA handlers to abstract individual script files for use in a more universal fashion, avoiding incompatibilities that can arise between various script languages.

Abstract: A method for validating SRS registry transaction data includes receiving OLTP transaction data from a first database, parsing the OLTP transaction data, and comparing the parsed OLTP transaction data to one or more of a set of profiles. Each of the one or more of the set of profiles includes metadata in XML files. The method also includes caching the parsed OLTP transaction data in a first data cache, receiving log data associated with the OLTP transaction data; and caching the log data in a second data cache. The method further includes correlating the parsed transaction data cached in the first data cache with the log data cached in the second data cache.

Abstract: Techniques for monitoring zone file changes are presented. The techniques may include obtaining at least one zone change request and parsing the at least one zone change request to obtain at least one change request unit. The techniques may include obtaining a last published zone file, obtaining a new zone file, and comparing the last published zone file to the new zone file to obtain at least one difference object. The techniques may include matching the at least one difference object to the at least one change request unit to identify at least one unmatched difference object. The techniques may include providing a human readable report comprising an indication of the at least one unmatched difference object.

Abstract: The present invention generally relates to systems and methods for classifying executable files as likely malware or likely benign. The techniques utilize temporally-ordered network behavioral artifacts together with machine learning techniques to perform the classification. Because they rely on network behavioral artifacts, the disclosed techniques may be applied to executable files with obfuscated code.

Abstract: Methods and systems for mitigating denial-of-service attacks include a proxy server that monitors a set of application servers configured to receive and service requests from clients. The proxy server intercepts the requests, and in response, provides the clients with customized client-side scripts embedded in markup language. The client-side scripts may include random strings to generate follow-through random uniform resource identifier redirection requests expected by the proxy server. The client-side scripts, upon execution, may challenge the clients by demanding user interaction within a specified period of time, requesting a delay before responding, and/or attempting to set a challenge cookie multiple times.

Abstract: This present disclosure relates to systems and methods for providing a data plane processing tool chain for processing packets that can use OSI layers 4 and above in the data plane without using a hypervisor. The disclosure has multiple processing capabilities, including: packet filtering, resolving DNS packets, generating packets, packet forwarding, performing DNS look up, time-stamping DNS packets, writing packets to disk, load-balancing, and protecting against DDOS attacks.