Patents by Inventor Robert S. Wilbourn
Robert S. Wilbourn has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11201848Abstract: Provided is a method for domain name ranking. An example method includes receiving Domain Name System (DNS) data, which includes domain names. The DNS data is processed to obtain multiple metric values for each of the domain names. The metric values can include a query count (QC), a client count (CC), and a network count (NC). The method proceeds with calculating a score for each of the domain names based on the metric values. The calculation can be performed using the following equation: Score=NC·CC·(1+log(QC)). Furthermore, the method ranks the domain names based on the score for each of the domain names. The ranking can be based on normalization of the scores or based on converting the scores into respective percentile ranks.Type: GrantFiled: November 10, 2015Date of Patent: December 14, 2021Assignee: Akamai Technologies, Inc.Inventors: Paul O'Leary, James Paugh, Robert S. Wilbourn
-
Patent number: 11093844Abstract: The present disclosure is related to a computer-implemented method and system for distinguishing human-driven Doman Name System (DNS) queries from Machine-to-Machine (M2M) DNS queries. The method includes receiving a DNS query, which includes a domain name, generating a probability score for the domain name based on one or more predetermined rules, and categorizing the DNS query as a human-driven DNS query or a M2M DNS query based on the probability score.Type: GrantFiled: November 21, 2018Date of Patent: August 17, 2021Assignee: Akamai Technologies, Inc.Inventors: James Paugh, Paul O'Leary, Robert S. Wilbourn, Thanh Nguyen, Iurii Iuzifovich, Erik D. Fears
-
Patent number: 10742591Abstract: The disclosure is related to computer-implemented methods for domain name scoring. In one example, the method includes receiving a request to provide a reputation score of a domain name, receiving input data associated with the domain name, extracting a plurality of features from the input data and the domain name, generating a feature vector based on the plurality of features, and calculating the reputation score of the domain name by a machine-learning classifier based on a graph database, which includes feature vectors associated with at least a plurality of reference domain names, a plurality of servers, a plurality of domain name owners, and so forth. In another example, the method can calculate the reputation score by finding a similarity between the feature vector and one of domain name clusters in the graph database. The reputation score represents a probability that the domain name is associated with malicious activity.Type: GrantFiled: November 10, 2015Date of Patent: August 11, 2020Assignee: Akamai Technologies Inc.Inventors: Thanh Nguyen, Hongliang Liu, Ali Fakeri-Tabrizi, Mikael Kullberg, Paul O'Leary, Yuriy Yuzifovich, James Paugh, Robert S. Wilbourn
-
Patent number: 10587646Abstract: A computer-implemented method for detecting anomalies in DNS requests comprises receiving a plurality of DNS requests generated within a predetermined period. The predetermined period includes a plurality of DNS data fragments. The method further includes receiving a first DNS request and selecting a plurality of second DNS requests from the plurality of DNS requests such that each of the second DNS requests is a subset of the first DNS request. The method also includes calculating a count value for each of the DNS data fragments, where each of the count values represents a number of instances the second DNS requests appear within one of the DNS data fragments. In some embodiments, the count values for each of the DNS data fragments can be normalized. The method further includes determining an anomaly trend, for example, based on determining that at least one of the count values exceeds a predetermined threshold value.Type: GrantFiled: August 21, 2018Date of Patent: March 10, 2020Inventors: Ali Fakeri-Tabrizi, Thanh Nguyen, Hongliang Liu, Paul O'Leary, Mikael Kullberg, Iurii Iuzifovich, James Paugh, Robert S. Wilbourn
-
Publication number: 20190164071Abstract: The present disclosure is related to a computer-implemented method and system for distinguishing human-driven Doman Name System (DNS) queries from Machine-to-Machine (M2M) DNS queries. The method includes receiving a DNS query, which includes a domain name, generating a probability score for the domain name based on one or more predetermined rules, and categorizing the DNS query as a human-driven DNS query or a M2M DNS query based on the probability score.Type: ApplicationFiled: November 21, 2018Publication date: May 30, 2019Applicant: Nominum, Inc.Inventors: James Paugh, Paul O'Leary, Robert S. Wilbourn, Thanh Nguyen, Iurii Iuzifovich, Erik D. Fears
-
Publication number: 20190068634Abstract: A computer-implemented method for detecting anomalies in DNS requests comprises receiving a plurality of DNS requests generated within a predetermined period. The predetermined period includes a plurality of DNS data fragments. The method further includes receiving a first DNS request and selecting a plurality of second DNS requests from the plurality of DNS requests such that each of the second DNS requests is a subset of the first DNS request. The method also includes calculating a count value for each of the DNS data fragments, where each of the count values represents a number of instances the second DNS requests appear within one of the DNS data fragments. In some embodiments, the count values for each of the DNS data fragments can be normalized. The method further includes determining an anomaly trend, for example, based on determining that at least one of the count values exceeds a predetermined threshold value.Type: ApplicationFiled: August 21, 2018Publication date: February 28, 2019Applicant: Nominum Inc.Inventors: Ali Fakeri-Tabrizi, Thanh Nguyen, Hongliang Liu, Paul O'Leary, Mikael Kullberg, Iurii Iuzifovich, James Paugh, Robert S. Wilbourn
-
Patent number: 10164989Abstract: The present disclosure is related to a computer-implemented method and system for distinguishing human-driven Domain Name System (DNS) queries from Machine-to-Machine (M2M) DNS queries. The method includes receiving a DNS query, which includes a domain name, generating a probability score for the domain name based on one or more predetermined rules, and categorizing the DNS query as a human-driven DNS query or a M2M DNS query based on the probability score.Type: GrantFiled: December 15, 2015Date of Patent: December 25, 2018Assignee: Nominum, Inc.Inventors: James Paugh, Paul O'Leary, Robert S. Wilbourn, Thanh Nguyen, Iurii Iuzifovich, Erik D. Fears
-
Patent number: 10122677Abstract: Provided is a method for delegation of local content delivery service. The method includes receiving a Domain Name System (DNS) query from a client to resolve a domain name to a network address associated with content provider by a content provider, determining that distribution of the content has been delegated by a content provider to a local content server associated with an Internet Service Provider (ISP), and based on predetermined criteria, resolving the domain name to the local content server. The resolution can include responding to the DNS query with an answer from a caching server, and returning, to the client, the answer pointing to the local content server, wherein upon receiving the answer, the client can establish a data communication channel with the local content server. The content can be downloaded to the local content server upon a request received by a provisioning system associated with the ISP.Type: GrantFiled: March 20, 2018Date of Patent: November 6, 2018Assignee: Nominum, Inc.Inventors: Robert Thomas Halley, Brian Wellington, Robert S. Wilbourn, Srinivas Avirneni
-
Publication number: 20180278572Abstract: Provided is a method for delegation of local content delivery service. The method includes receiving a Domain Name System (DNS) query from a client to resolve a domain name to a network address associated with content provider by a content provider, determining that distribution of the content has been delegated by a content provider to a local content server associated with an Internet Service Provider (ISP), and based on predetermined criteria, resolving the domain name to the local content server. The resolution can include responding to the DNS query with an answer from a caching server, and returning, to the client, the answer pointing to the local content server, wherein upon receiving the answer, the client can establish a data communication channel with the local content server. The content can be downloaded to the local content server upon a request received by a provisioning system associated with the ISP.Type: ApplicationFiled: March 20, 2018Publication date: September 27, 2018Applicant: Nominum, Inc.Inventors: Robert Thomas Halley, Brian Wellington, Robert S. Wilbourn, Srinivas Avirneni
-
Patent number: 10084814Abstract: A computer-implemented method for detecting anomalies in DNS requests comprises receiving a plurality of DNS requests generated within a predetermined period. The predetermined period includes a plurality of DNS data fragments. The method further includes receiving a first DNS request and selecting a plurality of second DNS requests from the plurality of DNS requests such that each of the second DNS requests is a subset of the first DNS request. The method also includes calculating a count value for each of the DNS data fragments, where each of the count values represents a number of instances the second DNS requests appear within one of the DNS data fragments. In some embodiments, the count values for each of the DNS data fragments can be normalized. The method further includes determining an anomaly trend, for example, based on determining that at least one of the count values exceeds a predetermined threshold value.Type: GrantFiled: October 31, 2017Date of Patent: September 25, 2018Assignee: Nominum, Inc.Inventors: Ali Fakeri-Tabrizi, Thanh Nguyen, Hongliang Liu, Paul O'Leary, Mikael Kullberg, Iurii Iuzifovich, James Paugh, Robert S. Wilbourn
-
Patent number: 9954816Abstract: Provided is a method for delegation of local content delivery service. The method includes receiving a Domain Name System (DNS) query from a client to resolve a domain name to a network address associated with content provider by a content provider, determining that distribution of the content has been delegated by a content provider to a local content server associated with an Internet Service Provider (ISP), and based on predetermined criteria, resolving the domain name to the local content server. The resolution can include responding to the DNS query with an answer from a caching server, and returning, to the client, the answer pointing to the local content server, wherein upon receiving the answer, the client can establish a data communication channel with the local content server. The content can be downloaded to the local content server upon a request received by a provisioning system associated with the ISP.Type: GrantFiled: November 2, 2015Date of Patent: April 24, 2018Assignee: Nominum, Inc.Inventors: Robert Thomas Halley, Brian Wellington, Robert S. Wilbourn, Srinivas Avirneni
-
Publication number: 20180054457Abstract: A computer-implemented method for detecting anomalies in DNS requests comprises receiving a plurality of DNS requests generated within a predetermined period. The predetermined period includes a plurality of DNS data fragments. The method further includes receiving a first DNS request and selecting a plurality of second DNS requests from the plurality of DNS requests such that each of the second DNS requests is a subset of the first DNS request. The method also includes calculating a count value for each of the DNS data fragments, where each of the count values represents a number of instances the second DNS requests appear within one of the DNS data fragments. In some embodiments, the count values for each of the DNS data fragments can be normalized. The method further includes determining an anomaly trend, for example, based on determining that at least one of the count values exceeds a predetermined threshold value.Type: ApplicationFiled: October 31, 2017Publication date: February 22, 2018Inventors: Ali Fakeri-Tabrizi, Thanh Nguyen, Hongliang Liu, Paul O'Leary, Mikael Kullberg, Yuriy Yuzifovich, James Paugh, Robert S. Wilbourn
-
Patent number: 9843601Abstract: A computer-implemented method for detecting anomalies in DNS requests comprises receiving a plurality of DNS requests generated within a predetermined period. The predetermined period includes a plurality of DNS data fragments. The method further includes receiving a first DNS request and selecting a plurality of second DNS requests from the plurality of DNS requests such that each of the second DNS requests is a subset of the first DNS request. The method also includes calculating a count value for each of the DNS data fragments, where each of the count values represents a number of instances the second DNS requests appear within one of the DNS data fragments. In some embodiments, the count values for each of the DNS data fragments can be normalized. The method further includes determining an anomaly trend, for example, based on determining that at least one of the count values exceeds a predetermined threshold value.Type: GrantFiled: November 10, 2015Date of Patent: December 12, 2017Assignee: Nominum, Inc.Inventors: Ali Fakeri-Tabrizi, Thanh Nguyen, Hongliang Liu, Paul O'Leary, Mikael Kullberg, Yuriy Yuzifovich, James Paugh, Robert S. Wilbourn
-
Publication number: 20170126616Abstract: Provided is a method for delegation of local content delivery service. The method includes receiving a Domain Name System (DNS) query from a client to resolve a domain name to a network address associated with content provider by a content provider, determining that distribution of the content has been delegated by a content provider to a local content server associated with an Internet Service Provider (ISP), and based on predetermined criteria, resolving the domain name to the local content server. The resolution can include responding to the DNS query with an answer from a caching server, and returning, to the client, the answer pointing to the local content server, wherein upon receiving the answer, the client can establish a data communication channel with the local content server. The content can be downloaded to the local content server upon a request received by a provisioning system associated with the ISP.Type: ApplicationFiled: November 2, 2015Publication date: May 4, 2017Inventors: Robert Thomas Halley, Brian Wellington, Robert S. Wilbourn, Srinivas Avirneni
-
Publication number: 20160099961Abstract: The present disclosure is related to a computer-implemented method and system for distinguishing human-driven Domain Name System (DNS) queries from Machine-to-Machine (M2M) DNS queries. The method includes receiving a DNS query, which includes a domain name, generating a probability score for the domain name based on one or more predetermined rules, and categorizing the DNS query as a human-driven DNS query or a M2M DNS query based on the probability score.Type: ApplicationFiled: December 15, 2015Publication date: April 7, 2016Inventors: James Paugh, Paul O'Leary, Robert S. Wilbourn, Thanh Nguyen, Yuriy Yuzifovich, Erik D. Fears
-
Publication number: 20160065535Abstract: Provided is a method for domain name ranking. An example method includes receiving Domain Name System (DNS) data, which includes domain names. The DNS data is processed to obtain multiple metric values for each of the domain names. The metric values can include a query count (QC), a client count (CC), and a network count (NC). The method proceeds with calculating a score for each of the domain names based on the metric values. The calculation can be performed using the following equation: Score=NC·CC·(1+log(QC)). Furthermore, the method ranks the domain names based on the score for each of the domain names. The ranking can be based on normalization of the scores or based on converting the scores into respective percentile ranks.Type: ApplicationFiled: November 10, 2015Publication date: March 3, 2016Inventors: Paul O'Leary, James Paugh, Robert S. Wilbourn
-
Publication number: 20160065611Abstract: A computer-implemented method for detecting anomalies in DNS requests comprises receiving a plurality of DNS requests generated within a predetermined period. The predetermined period includes a plurality of DNS data fragments. The method further includes receiving a first DNS request and selecting a plurality of second DNS requests from the plurality of DNS requests such that each of the second DNS requests is a subset of the first DNS request. The method also includes calculating a count value for each of the DNS data fragments, where each of the count values represents a number of instances the second DNS requests appear within one of the DNS data fragments. In some embodiments, the count values for each of the DNS data fragments can be normalized. The method further includes determining an anomaly trend, for example, based on determining that at least one of the count values exceeds a predetermined threshold value.Type: ApplicationFiled: November 10, 2015Publication date: March 3, 2016Inventors: Ali Fakeri-Tabrizi, Thanh Nguyen, Hongliang Liu, Paul O'Leary, Mikael Kullberg, Yuriy Yuzifovich, James Paugh, Robert S. Wilbourn
-
Publication number: 20160065534Abstract: Provided are methods and systems for correlation of domain names. An example method includes receiving Domain Name System (DNS) data associated with a plurality of domain names, generating multidimensional vectors based on the DNS data such that each of the domain names is associated with one of the multidimensional vectors, calculating similarity scores for each pair of the plurality of domain names based on comparison of corresponding multidimensional vectors, and clustering one or more sets of domain names selected from the plurality of domain names based on the similarity scores and such that a difference between the similarity scores corresponding to each pair of the domain names in each of clusters is below a predetermined threshold.Type: ApplicationFiled: November 10, 2015Publication date: March 3, 2016Inventors: Hongliang Liu, Mikael Kullberg, Yuriy Yuzifovich, James Paugh, Robert S. Wilbourn
-
Publication number: 20160065597Abstract: The disclosure is related to computer-implemented methods for domain name scoring. In one example, the method includes receiving a request to provide a reputation score of a domain name, receiving input data associated with the domain name, extracting a plurality of features from the input data and the domain name, generating a feature vector based on the plurality of features, and calculating the reputation score of the domain name by a machine-learning classifier based on a graph database, which includes feature vectors associated with at least a plurality of reference domain names, a plurality of servers, a plurality of domain name owners, and so forth. In another example, the method can calculate the reputation score by finding a similarity between the feature vector and one of domain name clusters in the graph database. The reputation score represents a probability that the domain name is associated with malicious activity.Type: ApplicationFiled: November 10, 2015Publication date: March 3, 2016Inventors: Thanh Nguyen, Hongliang Liu, Ali Fakeri-Tabrizi, Mikael Kullberg, Paul O'Leary, Yuriy Yuzifovich, James Paugh, Robert S. Wilbourn
-
Patent number: 9185127Abstract: A network protection method is provided. The network protection method may include receiving a Domain Name System (DNS) request, logging the DNS request, classifying the DNS request based on an analysis of a DNS name associated with the DNS request, taking a security action based on the classification, analyzing network traffic after taking the security action, and providing substantially real-time feedback associated with the network traffic to improve future DNS request classifications. The method may further include receiving a DNS response and logging the DNS response. The analysis of the DNS name may include receiving DNS data related to the DNS name from a plurality of sources, receiving reputation data related to the plurality of sources, scoring each of the plurality of sources based on the reputation data, and aggregating the DNS data related to the DNS name based on the scoring.Type: GrantFiled: July 6, 2011Date of Patent: November 10, 2015Assignee: Nominum, Inc.Inventors: Vivian Neou, Robert S. Wilbourn, Handong Wu, Eileen Liu, Colleen Shannon, Sam Bretheim