Patents by Inventor Yuriy Yuzifovich

Yuriy Yuzifovich has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10742591
    Abstract: The disclosure is related to computer-implemented methods for domain name scoring. In one example, the method includes receiving a request to provide a reputation score of a domain name, receiving input data associated with the domain name, extracting a plurality of features from the input data and the domain name, generating a feature vector based on the plurality of features, and calculating the reputation score of the domain name by a machine-learning classifier based on a graph database, which includes feature vectors associated with at least a plurality of reference domain names, a plurality of servers, a plurality of domain name owners, and so forth. In another example, the method can calculate the reputation score by finding a similarity between the feature vector and one of domain name clusters in the graph database. The reputation score represents a probability that the domain name is associated with malicious activity.
    Type: Grant
    Filed: November 10, 2015
    Date of Patent: August 11, 2020
    Assignee: Akamai Technologies Inc.
    Inventors: Thanh Nguyen, Hongliang Liu, Ali Fakeri-Tabrizi, Mikael Kullberg, Paul O'Leary, Yuriy Yuzifovich, James Paugh, Robert S. Wilbourn
  • Publication number: 20180054457
    Abstract: A computer-implemented method for detecting anomalies in DNS requests comprises receiving a plurality of DNS requests generated within a predetermined period. The predetermined period includes a plurality of DNS data fragments. The method further includes receiving a first DNS request and selecting a plurality of second DNS requests from the plurality of DNS requests such that each of the second DNS requests is a subset of the first DNS request. The method also includes calculating a count value for each of the DNS data fragments, where each of the count values represents a number of instances the second DNS requests appear within one of the DNS data fragments. In some embodiments, the count values for each of the DNS data fragments can be normalized. The method further includes determining an anomaly trend, for example, based on determining that at least one of the count values exceeds a predetermined threshold value.
    Type: Application
    Filed: October 31, 2017
    Publication date: February 22, 2018
    Inventors: Ali Fakeri-Tabrizi, Thanh Nguyen, Hongliang Liu, Paul O'Leary, Mikael Kullberg, Yuriy Yuzifovich, James Paugh, Robert S. Wilbourn
  • Patent number: 9843601
    Abstract: A computer-implemented method for detecting anomalies in DNS requests comprises receiving a plurality of DNS requests generated within a predetermined period. The predetermined period includes a plurality of DNS data fragments. The method further includes receiving a first DNS request and selecting a plurality of second DNS requests from the plurality of DNS requests such that each of the second DNS requests is a subset of the first DNS request. The method also includes calculating a count value for each of the DNS data fragments, where each of the count values represents a number of instances the second DNS requests appear within one of the DNS data fragments. In some embodiments, the count values for each of the DNS data fragments can be normalized. The method further includes determining an anomaly trend, for example, based on determining that at least one of the count values exceeds a predetermined threshold value.
    Type: Grant
    Filed: November 10, 2015
    Date of Patent: December 12, 2017
    Assignee: Nominum, Inc.
    Inventors: Ali Fakeri-Tabrizi, Thanh Nguyen, Hongliang Liu, Paul O'Leary, Mikael Kullberg, Yuriy Yuzifovich, James Paugh, Robert S. Wilbourn
  • Publication number: 20160099961
    Abstract: The present disclosure is related to a computer-implemented method and system for distinguishing human-driven Domain Name System (DNS) queries from Machine-to-Machine (M2M) DNS queries. The method includes receiving a DNS query, which includes a domain name, generating a probability score for the domain name based on one or more predetermined rules, and categorizing the DNS query as a human-driven DNS query or a M2M DNS query based on the probability score.
    Type: Application
    Filed: December 15, 2015
    Publication date: April 7, 2016
    Inventors: James Paugh, Paul O'Leary, Robert S. Wilbourn, Thanh Nguyen, Yuriy Yuzifovich, Erik D. Fears
  • Publication number: 20160065534
    Abstract: Provided are methods and systems for correlation of domain names. An example method includes receiving Domain Name System (DNS) data associated with a plurality of domain names, generating multidimensional vectors based on the DNS data such that each of the domain names is associated with one of the multidimensional vectors, calculating similarity scores for each pair of the plurality of domain names based on comparison of corresponding multidimensional vectors, and clustering one or more sets of domain names selected from the plurality of domain names based on the similarity scores and such that a difference between the similarity scores corresponding to each pair of the domain names in each of clusters is below a predetermined threshold.
    Type: Application
    Filed: November 10, 2015
    Publication date: March 3, 2016
    Inventors: Hongliang Liu, Mikael Kullberg, Yuriy Yuzifovich, James Paugh, Robert S. Wilbourn
  • Publication number: 20160065611
    Abstract: A computer-implemented method for detecting anomalies in DNS requests comprises receiving a plurality of DNS requests generated within a predetermined period. The predetermined period includes a plurality of DNS data fragments. The method further includes receiving a first DNS request and selecting a plurality of second DNS requests from the plurality of DNS requests such that each of the second DNS requests is a subset of the first DNS request. The method also includes calculating a count value for each of the DNS data fragments, where each of the count values represents a number of instances the second DNS requests appear within one of the DNS data fragments. In some embodiments, the count values for each of the DNS data fragments can be normalized. The method further includes determining an anomaly trend, for example, based on determining that at least one of the count values exceeds a predetermined threshold value.
    Type: Application
    Filed: November 10, 2015
    Publication date: March 3, 2016
    Inventors: Ali Fakeri-Tabrizi, Thanh Nguyen, Hongliang Liu, Paul O'Leary, Mikael Kullberg, Yuriy Yuzifovich, James Paugh, Robert S. Wilbourn
  • Publication number: 20160065597
    Abstract: The disclosure is related to computer-implemented methods for domain name scoring. In one example, the method includes receiving a request to provide a reputation score of a domain name, receiving input data associated with the domain name, extracting a plurality of features from the input data and the domain name, generating a feature vector based on the plurality of features, and calculating the reputation score of the domain name by a machine-learning classifier based on a graph database, which includes feature vectors associated with at least a plurality of reference domain names, a plurality of servers, a plurality of domain name owners, and so forth. In another example, the method can calculate the reputation score by finding a similarity between the feature vector and one of domain name clusters in the graph database. The reputation score represents a probability that the domain name is associated with malicious activity.
    Type: Application
    Filed: November 10, 2015
    Publication date: March 3, 2016
    Inventors: Thanh Nguyen, Hongliang Liu, Ali Fakeri-Tabrizi, Mikael Kullberg, Paul O'Leary, Yuriy Yuzifovich, James Paugh, Robert S. Wilbourn