Patents by Inventor Thomas M. Mathew

Thomas M. Mathew has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10740363
    Abstract: Techniques are provided herein for classifying domains based on DNS traffic so that domains that are malicious or associated with malicious activity can be identified. Traffic between one or more domain name system (DNS) resolvers and one or more authoritative name servers hosted on the Internet is analyzed analyzing at a server having network connectivity. A mismatch between a hostname and Internet Protocol (IP) information for the hostname is detected in the traffic and domains included in the traffic are classified based on the detecting.
    Type: Grant
    Filed: November 26, 2018
    Date of Patent: August 11, 2020
    Assignee: Cisco Technology, Inc.
    Inventors: Dhia Mahjoub, Thomas M. Mathew
  • Publication number: 20190141067
    Abstract: A method includes arranging a plurality of network domains from DNS server logs into a cohort of network domains, wherein the DNS server logs are for at least one client internet protocol (IP) source address, extracting, from the cohort of network domains, a plurality of features related to the network domains in the cohort of network domains, training a recurrent neural network (RNN) based on values of the plurality of features related to the network domains, operating the RNN to make a prediction of expected values for the plurality of features for a future period of time, comparing the expected values to actual values of the plurality of features for the future period of time, and when the expected values differ from the actual values by a predetermined threshold, indicating that a host associated with the at least one client IP source address is operating with an anomaly.
    Type: Application
    Filed: November 9, 2017
    Publication date: May 9, 2019
    Inventors: David Brandon Rodriguez, Thibault Gilbert Reuille, Thomas M. Mathew
  • Publication number: 20190095512
    Abstract: Techniques are provided herein for classifying domains based on DNS traffic so that domains that are malicious or associated with malicious activity can be identified. Traffic between one or more domain name system (DNS) resolvers and one or more authoritative name servers hosted on the Internet is analyzed analyzing at a server having network connectivity. A mismatch between a hostname and Internet Protocol (IP) information for the hostname is detected in the traffic and domains included in the traffic are classified based on the detecting.
    Type: Application
    Filed: November 26, 2018
    Publication date: March 28, 2019
    Inventors: Dhia Mahjoub, Thomas M. Mathew
  • Patent number: 10185761
    Abstract: Techniques are provided herein for classifying domains based on DNS traffic so that domains that are malicious or associated with malicious activity can be identified. Traffic between one or more domain name system (DNS) resolvers and one or more authoritative name servers hosted on the Internet is analyzed analyzing at a server having network connectivity. A mismatch between a hostname and Internet Protocol (IP) information for the hostname is detected in the traffic and domains included in the traffic are classified based on the detecting.
    Type: Grant
    Filed: August 2, 2016
    Date of Patent: January 22, 2019
    Assignee: Cisco Technology, Inc.
    Inventors: Dhia Mahjoub, Thomas M. Mathew
  • Publication number: 20170041332
    Abstract: Techniques are provided herein for classifying domains based on DNS traffic so that domains that are malicious or associated with malicious activity can be identified. Malicious domains are identified by analyzing, at a server having network connectivity, traffic between one or more clients and one or more Domain Name System (DNS) resolvers, detecting a spike in the traffic for a particular domain, and categorizing queries in the spike based on one or more query features. The particular domain is classified based on the categorizing.
    Type: Application
    Filed: August 2, 2016
    Publication date: February 9, 2017
    Inventors: Dhia Mahjoub, Thomas M. Mathew
  • Publication number: 20170041333
    Abstract: Techniques are provided herein for classifying domains based on DNS traffic so that domains that are malicious or associated with malicious activity can be identified. Traffic between one or more domain name system (DNS) resolvers and one or more authoritative name servers hosted on the Internet is analyzed analyzing at a server having network connectivity. A mismatch between a hostname and Internet Protocol (IP) information for the hostname is detected in the traffic and domains included in the traffic are classified based on the detecting.
    Type: Application
    Filed: August 2, 2016
    Publication date: February 9, 2017
    Inventors: Dhia Mahjoub, Thomas M. Mathew