Patents by Inventor James Paugh
James Paugh has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11201848Abstract: Provided is a method for domain name ranking. An example method includes receiving Domain Name System (DNS) data, which includes domain names. The DNS data is processed to obtain multiple metric values for each of the domain names. The metric values can include a query count (QC), a client count (CC), and a network count (NC). The method proceeds with calculating a score for each of the domain names based on the metric values. The calculation can be performed using the following equation: Score=NC·CC·(1+log(QC)). Furthermore, the method ranks the domain names based on the score for each of the domain names. The ranking can be based on normalization of the scores or based on converting the scores into respective percentile ranks.Type: GrantFiled: November 10, 2015Date of Patent: December 14, 2021Assignee: Akamai Technologies, Inc.Inventors: Paul O'Leary, James Paugh, Robert S. Wilbourn
-
Patent number: 11093844Abstract: The present disclosure is related to a computer-implemented method and system for distinguishing human-driven Doman Name System (DNS) queries from Machine-to-Machine (M2M) DNS queries. The method includes receiving a DNS query, which includes a domain name, generating a probability score for the domain name based on one or more predetermined rules, and categorizing the DNS query as a human-driven DNS query or a M2M DNS query based on the probability score.Type: GrantFiled: November 21, 2018Date of Patent: August 17, 2021Assignee: Akamai Technologies, Inc.Inventors: James Paugh, Paul O'Leary, Robert S. Wilbourn, Thanh Nguyen, Iurii Iuzifovich, Erik D. Fears
-
Patent number: 10742591Abstract: The disclosure is related to computer-implemented methods for domain name scoring. In one example, the method includes receiving a request to provide a reputation score of a domain name, receiving input data associated with the domain name, extracting a plurality of features from the input data and the domain name, generating a feature vector based on the plurality of features, and calculating the reputation score of the domain name by a machine-learning classifier based on a graph database, which includes feature vectors associated with at least a plurality of reference domain names, a plurality of servers, a plurality of domain name owners, and so forth. In another example, the method can calculate the reputation score by finding a similarity between the feature vector and one of domain name clusters in the graph database. The reputation score represents a probability that the domain name is associated with malicious activity.Type: GrantFiled: November 10, 2015Date of Patent: August 11, 2020Assignee: Akamai Technologies Inc.Inventors: Thanh Nguyen, Hongliang Liu, Ali Fakeri-Tabrizi, Mikael Kullberg, Paul O'Leary, Yuriy Yuzifovich, James Paugh, Robert S. Wilbourn
-
Patent number: 10587646Abstract: A computer-implemented method for detecting anomalies in DNS requests comprises receiving a plurality of DNS requests generated within a predetermined period. The predetermined period includes a plurality of DNS data fragments. The method further includes receiving a first DNS request and selecting a plurality of second DNS requests from the plurality of DNS requests such that each of the second DNS requests is a subset of the first DNS request. The method also includes calculating a count value for each of the DNS data fragments, where each of the count values represents a number of instances the second DNS requests appear within one of the DNS data fragments. In some embodiments, the count values for each of the DNS data fragments can be normalized. The method further includes determining an anomaly trend, for example, based on determining that at least one of the count values exceeds a predetermined threshold value.Type: GrantFiled: August 21, 2018Date of Patent: March 10, 2020Inventors: Ali Fakeri-Tabrizi, Thanh Nguyen, Hongliang Liu, Paul O'Leary, Mikael Kullberg, Iurii Iuzifovich, James Paugh, Robert S. Wilbourn
-
Publication number: 20190164071Abstract: The present disclosure is related to a computer-implemented method and system for distinguishing human-driven Doman Name System (DNS) queries from Machine-to-Machine (M2M) DNS queries. The method includes receiving a DNS query, which includes a domain name, generating a probability score for the domain name based on one or more predetermined rules, and categorizing the DNS query as a human-driven DNS query or a M2M DNS query based on the probability score.Type: ApplicationFiled: November 21, 2018Publication date: May 30, 2019Applicant: Nominum, Inc.Inventors: James Paugh, Paul O'Leary, Robert S. Wilbourn, Thanh Nguyen, Iurii Iuzifovich, Erik D. Fears
-
Publication number: 20190068634Abstract: A computer-implemented method for detecting anomalies in DNS requests comprises receiving a plurality of DNS requests generated within a predetermined period. The predetermined period includes a plurality of DNS data fragments. The method further includes receiving a first DNS request and selecting a plurality of second DNS requests from the plurality of DNS requests such that each of the second DNS requests is a subset of the first DNS request. The method also includes calculating a count value for each of the DNS data fragments, where each of the count values represents a number of instances the second DNS requests appear within one of the DNS data fragments. In some embodiments, the count values for each of the DNS data fragments can be normalized. The method further includes determining an anomaly trend, for example, based on determining that at least one of the count values exceeds a predetermined threshold value.Type: ApplicationFiled: August 21, 2018Publication date: February 28, 2019Applicant: Nominum Inc.Inventors: Ali Fakeri-Tabrizi, Thanh Nguyen, Hongliang Liu, Paul O'Leary, Mikael Kullberg, Iurii Iuzifovich, James Paugh, Robert S. Wilbourn
-
Patent number: 10164989Abstract: The present disclosure is related to a computer-implemented method and system for distinguishing human-driven Domain Name System (DNS) queries from Machine-to-Machine (M2M) DNS queries. The method includes receiving a DNS query, which includes a domain name, generating a probability score for the domain name based on one or more predetermined rules, and categorizing the DNS query as a human-driven DNS query or a M2M DNS query based on the probability score.Type: GrantFiled: December 15, 2015Date of Patent: December 25, 2018Assignee: Nominum, Inc.Inventors: James Paugh, Paul O'Leary, Robert S. Wilbourn, Thanh Nguyen, Iurii Iuzifovich, Erik D. Fears
-
Patent number: 10084814Abstract: A computer-implemented method for detecting anomalies in DNS requests comprises receiving a plurality of DNS requests generated within a predetermined period. The predetermined period includes a plurality of DNS data fragments. The method further includes receiving a first DNS request and selecting a plurality of second DNS requests from the plurality of DNS requests such that each of the second DNS requests is a subset of the first DNS request. The method also includes calculating a count value for each of the DNS data fragments, where each of the count values represents a number of instances the second DNS requests appear within one of the DNS data fragments. In some embodiments, the count values for each of the DNS data fragments can be normalized. The method further includes determining an anomaly trend, for example, based on determining that at least one of the count values exceeds a predetermined threshold value.Type: GrantFiled: October 31, 2017Date of Patent: September 25, 2018Assignee: Nominum, Inc.Inventors: Ali Fakeri-Tabrizi, Thanh Nguyen, Hongliang Liu, Paul O'Leary, Mikael Kullberg, Iurii Iuzifovich, James Paugh, Robert S. Wilbourn
-
Publication number: 20180054457Abstract: A computer-implemented method for detecting anomalies in DNS requests comprises receiving a plurality of DNS requests generated within a predetermined period. The predetermined period includes a plurality of DNS data fragments. The method further includes receiving a first DNS request and selecting a plurality of second DNS requests from the plurality of DNS requests such that each of the second DNS requests is a subset of the first DNS request. The method also includes calculating a count value for each of the DNS data fragments, where each of the count values represents a number of instances the second DNS requests appear within one of the DNS data fragments. In some embodiments, the count values for each of the DNS data fragments can be normalized. The method further includes determining an anomaly trend, for example, based on determining that at least one of the count values exceeds a predetermined threshold value.Type: ApplicationFiled: October 31, 2017Publication date: February 22, 2018Inventors: Ali Fakeri-Tabrizi, Thanh Nguyen, Hongliang Liu, Paul O'Leary, Mikael Kullberg, Yuriy Yuzifovich, James Paugh, Robert S. Wilbourn
-
Patent number: 9843601Abstract: A computer-implemented method for detecting anomalies in DNS requests comprises receiving a plurality of DNS requests generated within a predetermined period. The predetermined period includes a plurality of DNS data fragments. The method further includes receiving a first DNS request and selecting a plurality of second DNS requests from the plurality of DNS requests such that each of the second DNS requests is a subset of the first DNS request. The method also includes calculating a count value for each of the DNS data fragments, where each of the count values represents a number of instances the second DNS requests appear within one of the DNS data fragments. In some embodiments, the count values for each of the DNS data fragments can be normalized. The method further includes determining an anomaly trend, for example, based on determining that at least one of the count values exceeds a predetermined threshold value.Type: GrantFiled: November 10, 2015Date of Patent: December 12, 2017Assignee: Nominum, Inc.Inventors: Ali Fakeri-Tabrizi, Thanh Nguyen, Hongliang Liu, Paul O'Leary, Mikael Kullberg, Yuriy Yuzifovich, James Paugh, Robert S. Wilbourn
-
Publication number: 20160099961Abstract: The present disclosure is related to a computer-implemented method and system for distinguishing human-driven Domain Name System (DNS) queries from Machine-to-Machine (M2M) DNS queries. The method includes receiving a DNS query, which includes a domain name, generating a probability score for the domain name based on one or more predetermined rules, and categorizing the DNS query as a human-driven DNS query or a M2M DNS query based on the probability score.Type: ApplicationFiled: December 15, 2015Publication date: April 7, 2016Inventors: James Paugh, Paul O'Leary, Robert S. Wilbourn, Thanh Nguyen, Yuriy Yuzifovich, Erik D. Fears
-
Publication number: 20160065535Abstract: Provided is a method for domain name ranking. An example method includes receiving Domain Name System (DNS) data, which includes domain names. The DNS data is processed to obtain multiple metric values for each of the domain names. The metric values can include a query count (QC), a client count (CC), and a network count (NC). The method proceeds with calculating a score for each of the domain names based on the metric values. The calculation can be performed using the following equation: Score=NC·CC·(1+log(QC)). Furthermore, the method ranks the domain names based on the score for each of the domain names. The ranking can be based on normalization of the scores or based on converting the scores into respective percentile ranks.Type: ApplicationFiled: November 10, 2015Publication date: March 3, 2016Inventors: Paul O'Leary, James Paugh, Robert S. Wilbourn
-
Publication number: 20160065534Abstract: Provided are methods and systems for correlation of domain names. An example method includes receiving Domain Name System (DNS) data associated with a plurality of domain names, generating multidimensional vectors based on the DNS data such that each of the domain names is associated with one of the multidimensional vectors, calculating similarity scores for each pair of the plurality of domain names based on comparison of corresponding multidimensional vectors, and clustering one or more sets of domain names selected from the plurality of domain names based on the similarity scores and such that a difference between the similarity scores corresponding to each pair of the domain names in each of clusters is below a predetermined threshold.Type: ApplicationFiled: November 10, 2015Publication date: March 3, 2016Inventors: Hongliang Liu, Mikael Kullberg, Yuriy Yuzifovich, James Paugh, Robert S. Wilbourn
-
Publication number: 20160065611Abstract: A computer-implemented method for detecting anomalies in DNS requests comprises receiving a plurality of DNS requests generated within a predetermined period. The predetermined period includes a plurality of DNS data fragments. The method further includes receiving a first DNS request and selecting a plurality of second DNS requests from the plurality of DNS requests such that each of the second DNS requests is a subset of the first DNS request. The method also includes calculating a count value for each of the DNS data fragments, where each of the count values represents a number of instances the second DNS requests appear within one of the DNS data fragments. In some embodiments, the count values for each of the DNS data fragments can be normalized. The method further includes determining an anomaly trend, for example, based on determining that at least one of the count values exceeds a predetermined threshold value.Type: ApplicationFiled: November 10, 2015Publication date: March 3, 2016Inventors: Ali Fakeri-Tabrizi, Thanh Nguyen, Hongliang Liu, Paul O'Leary, Mikael Kullberg, Yuriy Yuzifovich, James Paugh, Robert S. Wilbourn
-
Publication number: 20160065597Abstract: The disclosure is related to computer-implemented methods for domain name scoring. In one example, the method includes receiving a request to provide a reputation score of a domain name, receiving input data associated with the domain name, extracting a plurality of features from the input data and the domain name, generating a feature vector based on the plurality of features, and calculating the reputation score of the domain name by a machine-learning classifier based on a graph database, which includes feature vectors associated with at least a plurality of reference domain names, a plurality of servers, a plurality of domain name owners, and so forth. In another example, the method can calculate the reputation score by finding a similarity between the feature vector and one of domain name clusters in the graph database. The reputation score represents a probability that the domain name is associated with malicious activity.Type: ApplicationFiled: November 10, 2015Publication date: March 3, 2016Inventors: Thanh Nguyen, Hongliang Liu, Ali Fakeri-Tabrizi, Mikael Kullberg, Paul O'Leary, Yuriy Yuzifovich, James Paugh, Robert S. Wilbourn