Patents by Inventor Ali Fakeri-Tabrizi
Ali Fakeri-Tabrizi has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10742591Abstract: The disclosure is related to computer-implemented methods for domain name scoring. In one example, the method includes receiving a request to provide a reputation score of a domain name, receiving input data associated with the domain name, extracting a plurality of features from the input data and the domain name, generating a feature vector based on the plurality of features, and calculating the reputation score of the domain name by a machine-learning classifier based on a graph database, which includes feature vectors associated with at least a plurality of reference domain names, a plurality of servers, a plurality of domain name owners, and so forth. In another example, the method can calculate the reputation score by finding a similarity between the feature vector and one of domain name clusters in the graph database. The reputation score represents a probability that the domain name is associated with malicious activity.Type: GrantFiled: November 10, 2015Date of Patent: August 11, 2020Assignee: Akamai Technologies Inc.Inventors: Thanh Nguyen, Hongliang Liu, Ali Fakeri-Tabrizi, Mikael Kullberg, Paul O'Leary, Yuriy Yuzifovich, James Paugh, Robert S. Wilbourn
-
Patent number: 10587646Abstract: A computer-implemented method for detecting anomalies in DNS requests comprises receiving a plurality of DNS requests generated within a predetermined period. The predetermined period includes a plurality of DNS data fragments. The method further includes receiving a first DNS request and selecting a plurality of second DNS requests from the plurality of DNS requests such that each of the second DNS requests is a subset of the first DNS request. The method also includes calculating a count value for each of the DNS data fragments, where each of the count values represents a number of instances the second DNS requests appear within one of the DNS data fragments. In some embodiments, the count values for each of the DNS data fragments can be normalized. The method further includes determining an anomaly trend, for example, based on determining that at least one of the count values exceeds a predetermined threshold value.Type: GrantFiled: August 21, 2018Date of Patent: March 10, 2020Inventors: Ali Fakeri-Tabrizi, Thanh Nguyen, Hongliang Liu, Paul O'Leary, Mikael Kullberg, Iurii Iuzifovich, James Paugh, Robert S. Wilbourn
-
Publication number: 20190068634Abstract: A computer-implemented method for detecting anomalies in DNS requests comprises receiving a plurality of DNS requests generated within a predetermined period. The predetermined period includes a plurality of DNS data fragments. The method further includes receiving a first DNS request and selecting a plurality of second DNS requests from the plurality of DNS requests such that each of the second DNS requests is a subset of the first DNS request. The method also includes calculating a count value for each of the DNS data fragments, where each of the count values represents a number of instances the second DNS requests appear within one of the DNS data fragments. In some embodiments, the count values for each of the DNS data fragments can be normalized. The method further includes determining an anomaly trend, for example, based on determining that at least one of the count values exceeds a predetermined threshold value.Type: ApplicationFiled: August 21, 2018Publication date: February 28, 2019Applicant: Nominum Inc.Inventors: Ali Fakeri-Tabrizi, Thanh Nguyen, Hongliang Liu, Paul O'Leary, Mikael Kullberg, Iurii Iuzifovich, James Paugh, Robert S. Wilbourn
-
Patent number: 10084814Abstract: A computer-implemented method for detecting anomalies in DNS requests comprises receiving a plurality of DNS requests generated within a predetermined period. The predetermined period includes a plurality of DNS data fragments. The method further includes receiving a first DNS request and selecting a plurality of second DNS requests from the plurality of DNS requests such that each of the second DNS requests is a subset of the first DNS request. The method also includes calculating a count value for each of the DNS data fragments, where each of the count values represents a number of instances the second DNS requests appear within one of the DNS data fragments. In some embodiments, the count values for each of the DNS data fragments can be normalized. The method further includes determining an anomaly trend, for example, based on determining that at least one of the count values exceeds a predetermined threshold value.Type: GrantFiled: October 31, 2017Date of Patent: September 25, 2018Assignee: Nominum, Inc.Inventors: Ali Fakeri-Tabrizi, Thanh Nguyen, Hongliang Liu, Paul O'Leary, Mikael Kullberg, Iurii Iuzifovich, James Paugh, Robert S. Wilbourn
-
Publication number: 20180054457Abstract: A computer-implemented method for detecting anomalies in DNS requests comprises receiving a plurality of DNS requests generated within a predetermined period. The predetermined period includes a plurality of DNS data fragments. The method further includes receiving a first DNS request and selecting a plurality of second DNS requests from the plurality of DNS requests such that each of the second DNS requests is a subset of the first DNS request. The method also includes calculating a count value for each of the DNS data fragments, where each of the count values represents a number of instances the second DNS requests appear within one of the DNS data fragments. In some embodiments, the count values for each of the DNS data fragments can be normalized. The method further includes determining an anomaly trend, for example, based on determining that at least one of the count values exceeds a predetermined threshold value.Type: ApplicationFiled: October 31, 2017Publication date: February 22, 2018Inventors: Ali Fakeri-Tabrizi, Thanh Nguyen, Hongliang Liu, Paul O'Leary, Mikael Kullberg, Yuriy Yuzifovich, James Paugh, Robert S. Wilbourn
-
Patent number: 9843601Abstract: A computer-implemented method for detecting anomalies in DNS requests comprises receiving a plurality of DNS requests generated within a predetermined period. The predetermined period includes a plurality of DNS data fragments. The method further includes receiving a first DNS request and selecting a plurality of second DNS requests from the plurality of DNS requests such that each of the second DNS requests is a subset of the first DNS request. The method also includes calculating a count value for each of the DNS data fragments, where each of the count values represents a number of instances the second DNS requests appear within one of the DNS data fragments. In some embodiments, the count values for each of the DNS data fragments can be normalized. The method further includes determining an anomaly trend, for example, based on determining that at least one of the count values exceeds a predetermined threshold value.Type: GrantFiled: November 10, 2015Date of Patent: December 12, 2017Assignee: Nominum, Inc.Inventors: Ali Fakeri-Tabrizi, Thanh Nguyen, Hongliang Liu, Paul O'Leary, Mikael Kullberg, Yuriy Yuzifovich, James Paugh, Robert S. Wilbourn
-
Publication number: 20160065611Abstract: A computer-implemented method for detecting anomalies in DNS requests comprises receiving a plurality of DNS requests generated within a predetermined period. The predetermined period includes a plurality of DNS data fragments. The method further includes receiving a first DNS request and selecting a plurality of second DNS requests from the plurality of DNS requests such that each of the second DNS requests is a subset of the first DNS request. The method also includes calculating a count value for each of the DNS data fragments, where each of the count values represents a number of instances the second DNS requests appear within one of the DNS data fragments. In some embodiments, the count values for each of the DNS data fragments can be normalized. The method further includes determining an anomaly trend, for example, based on determining that at least one of the count values exceeds a predetermined threshold value.Type: ApplicationFiled: November 10, 2015Publication date: March 3, 2016Inventors: Ali Fakeri-Tabrizi, Thanh Nguyen, Hongliang Liu, Paul O'Leary, Mikael Kullberg, Yuriy Yuzifovich, James Paugh, Robert S. Wilbourn
-
Publication number: 20160065597Abstract: The disclosure is related to computer-implemented methods for domain name scoring. In one example, the method includes receiving a request to provide a reputation score of a domain name, receiving input data associated with the domain name, extracting a plurality of features from the input data and the domain name, generating a feature vector based on the plurality of features, and calculating the reputation score of the domain name by a machine-learning classifier based on a graph database, which includes feature vectors associated with at least a plurality of reference domain names, a plurality of servers, a plurality of domain name owners, and so forth. In another example, the method can calculate the reputation score by finding a similarity between the feature vector and one of domain name clusters in the graph database. The reputation score represents a probability that the domain name is associated with malicious activity.Type: ApplicationFiled: November 10, 2015Publication date: March 3, 2016Inventors: Thanh Nguyen, Hongliang Liu, Ali Fakeri-Tabrizi, Mikael Kullberg, Paul O'Leary, Yuriy Yuzifovich, James Paugh, Robert S. Wilbourn