Abstract: A signature generator has been designed that can create a malicious campaign signature with substantial coverage of malicious campaign behavior without impeding benign traffic. The malicious campaign signature generator uses data of multiple, known malicious campaigns to identify abused, benign network entities. The signature generator builds a graph data structure for each malicious campaign that represents the abused network entities. The relationships encoded in the graph data structure indicate the use of the combination of abused network entities in the campaign. The signature generator aggregates the graph data structures and identifies a combination of the benign network entities that were highly abused across the multiple malicious campaigns with respect to all of the abused network entities represented in the graph data structures. A signature is then created from the identifiers of this combination of highly abused network entities.

Abstract: Detection of strategically aged domains is detected. A list of aged dormant domains is determined, including by evaluating passive Domain Name System (DNS) information. The list of aged dormant domains is monitored for a change by an aged dormant domain from a dormant domain status to an active status. In response to determining the change to active status of the aged dormant domain, an action is taken with respect to the aged dormant domain.

Abstract: Detection of squatting domains is disclosed. A set of new fully qualified domain names (FQDNs) is received. The set of new FQDNs is analyzed to detect domain squatting by identifying a subset of the new FQDNs as candidate squatting domains. The candidate squatting domains are distributed to a security device/service.

Abstract: Various embodiments provide a system, method, and device for applying a DNS activity classification framework. The method incudes (i) collecting DNS-related activity, (ii) determining whether the DNS-related activity is associated with a DNS tunneling campaign or tool, and (iii) performing an active measure in response to detecting DNS traffic associated with a tunneling domain.

Abstract: The present application discloses a method, system, and computer system for predicting responses to DNS queries. The method includes receiving a DNS query comprising a subdomain portion and a root domain portion from a client device, determining whether to obtain target address information corresponding to the DNS from a predictive cache, in response to determining to obtain the target address information from the predictive cache, obtaining the target address information from the predictive cache, and providing the target address information to the client device.

Abstract: Techniques for generating actionable indicators of compromise (IOCs) are disclosed. A set of potential sources for IOCs are received. One or more candidate IOCs are extracted from at least one source included in the set of potential sources. An actionable IOC is automatically identified from the one or more candidate IOCs. The actionable IOC is provided to a security enforcement service.

Abstract: The present application discloses a method, system, and computer system for identifying dangling records. The method includes obtaining a set of domains, determining whether a record associated with a domain comprised in the set of domains is dangling, and in response to determining that the record associated with the domain is dangling, providing, to a registrant, a notification that the record is dangling.

Abstract: Techniques for detecting and protecting claimable non-existent domains are disclosed. A system, process, and/or computer program product for detecting and protecting claimable non-existent domains includes monitoring network activity using a network security device, detecting that a session is querying a claimable non-existent domain using a domain name system (DNS) security service, and performing an action in response to the session querying the claimable non-existent domain.

Abstract: Techniques presented herein relate to vulcanizing equipment that includes a vulcanizing mold in which a vulcanizing cavity is formed, a vulcanizing bladder suitable for being placed in the vulcanizing cavity, and a supporting assembly that includes a center rod and a clamping device arranged on the center rod. The clamping device is suitable for installing the curing bladder in the cavity in a sealed manner. The vulcanizing equipment further includes a heating assembly and a gas circulation assembly that are arranged in the curing bladder in a stacked manner in the axial direction of the center rod. The gas circulation assembly is suitable for circulating a heated heating medium in the curing bladder. A driving assembly of the vulcanizing equipment includes a rotating shaft sleeve that is arranged on the outer side of the center rod in a clearance-fit manner and is connected to the gas circulation assembly.

Abstract: The present application discloses a method, system, and computer system for identifying dangling records. The method includes obtaining a set of domains, determining whether a record associated with a domain comprised in the set of domains is dangling, and in response to determining that the record associated with the domain is dangling, providing, to a registrant, a notification that the record is dangling.

Abstract: A service includes a trained model comprising a classifier that predicts whether domain names are dictionary DGA generated. Using passive DNS data and/or a heuristic analysis based on natural language processing of the domain name, the service filters domain names that are not candidate (i.e., potential) dictionary DGA domain names out of the detection pipeline. There domain names are thus classified without being fed into the model for more computationally expensive processing. Domain names that are not filtered out are queued for input into an instance of the model and classification by the model, with the queued domain names processed in small batches and load balanced across model instances. Predicted domain name classes output by the model are cached for subsequent cache reads to avoid multiple runs of the model for one domain name.

Abstract: Inline package name based supply chain attack detection and prevention is disclosed. An indication that a client device has made a request to a remote server for a package is received. A data appliance then performs an action responsive to the received indication. In an example implementation, the data appliance makes a determination of whether the request for the package is associated with a nonexisting package.

Abstract: The present application discloses a method, system, and computer system for predicting responses to DNS queries. The method includes receiving a DNS query comprising a subdomain portion and a root domain portion from a client device, determining whether to obtain target address information corresponding to the DNS from a predictive cache, in response to determining to obtain the target address information from the predictive cache, obtaining the target address information from the predictive cache, and providing the target address information to the client device.

Abstract: Detection of squatting domains is disclosed. A set of new fully qualified domain names (FQDNs) is received. The set of new FQDNs is analyzed to detect domain squatting by identifying a subset of the new FQDNs as candidate squatting domains. The candidate squatting domains are distributed to a security device/service.

Abstract: The present invention relates to the technical field of vulcanizing equipment, and in particular, to vulcanizing equipment, comprising: a vulcanizing mold in which a vulcanizing cavity is formed; a vulcanizing bladder suitable for being placed in the vulcanizing cavity; and a supporting assembly comprising a center rod and a clamping device arranged on the center rod, the clamping device being suitable for installing the curing bladder in the cavity in a sealed manner. The vulcanizing equipment further comprises: a heating assembly and a gas circulation assembly that are arranged in the curing bladder in a stacked manner in the axial direction of the center rod, the gas circulation assembly being suitable for circulating a heated heating medium in the curing bladder; and a driving assembly comprising a rotating shaft sleeve that is arranged on the outer side of the center rod in a clearance-fit manner and connected to the gas circulation assembly.

Abstract: The present application discloses a method, system, and computer system for predicting responses to DNS queries. The method includes receiving a DNS query comprising a subdomain portion and a root domain portion from a client device, determining whether to obtain target address information corresponding to the DNS from a predictive cache, in response to determining to obtain the target address information from the predictive cache, obtaining the target address information from the predictive cache, and providing the target address information to the client device.

Abstract: Real-time detection of DNS infiltration traffic is disclosed. A DNS response associated with a DNS query sent by a client device is received. An attempted DNS infiltration is detected based at least in part on an automated analysis of the DNS response. In response to the detection, a remedial action is performed.

Abstract: Detection of strategically aged domains is detected. A list of aged dormant domains is determined, including by evaluating passive Domain Name System (DNS) information. The list of aged dormant domains is monitored for a change by an aged dormant domain from a dormant domain status to an active status. In response to determining the change to active status of the aged dormant domain, an action is taken with respect to the aged dormant domain.

Abstract: Detection of squatting domains is disclosed. A set of new fully qualified domain names (FQDNs) is received. The set of new FQDNs is analyzed to detect domain squatting by identifying a subset of the new FQDNs as candidate squatting domains. The candidate squatting domains are distributed to a security device/service.

Abstract: Inline package name based supply chain attack detection and prevention is disclosed. An indication that a client device has made a request to a remote server for a package is received. A data appliance then performs an action responsive to the received indication. In an example implementation, the data appliance makes a determination of whether the request for the package is associated with a nonexisting package.