US2023254345A1PendingUtilityA1

Systems and methods for top-level domain analysis

Assignee: CACI INC FEDPriority: Feb 7, 2022Filed: Oct 28, 2022Published: Aug 10, 2023
Est. expiryFeb 7, 2042(~15.6 yrs left)· nominal 20-yr term from priority
H04L 63/302H04L 41/0686H04L 43/04H04L 43/16H04W 76/20H04W 74/0816H04W 84/12H04W 12/06H04W 48/20H04L 63/0227H04L 63/0272H04L 63/0236H04L 63/1408H04L 63/1425H04L 63/1416H04L 63/0245H04W 48/16H04W 12/088H04W 76/30
58
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A system may be configured to identify a Person of Interest by analyzing top level domains. Some implementations may include receiving a target top-level domain (TLD) (e.g., originating from a geographic area of interest). A network packet of internet traffic may be captured and it may be determined that a destination port of the captured network traffic is an open port. A counter may be incremented based on the determined open port and/or determining a payload of the network packet comprises an expression matching the target TLD. An alert associated with the target TLD may be transmitted based on determining the counter exceeds a threshold. The internet traffic may be disrupted based on determining the counter exceeds a threshold.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A computer program product comprising:
 a computer-readable storage medium; and   instructions stored on the computer-readable storage medium that, when executed by a processor, causes the processor to:
 receive a target top-level domain (TLD); 
 capture a network packet of internet traffic; 
 determine a destination port of the captured network packet is an open port; 
 increment, based on the determined open port and determining a payload of the network packet comprises an expression matching the target TLD, a counter; and 
 transmit, based on determining the counter exceeds a threshold, an alert associated with the target TLD. 
   
     
     
         2 . The computer-readable medium product of  claim 1 , wherein the destination port is determined based on a Transmission Control Protocol/Internet Protocol (TCP/IP) Transport Layer (Layer 4) of the network packet. 
     
     
         3 . The computer program product of  claim 1 , wherein the instructions further cause the processer to generate a log entry associated with the network packet. 
     
     
         4 . The computer program product of  claim 1 , wherein the instructions further cause the processer to disrupt, based on determining the counter exceeds a threshold, the internet traffic. 
     
     
         5 . The computer program product of  claim 1 , wherein the destination port is associated with encrypted traffic and the expression comprises a name field. 
     
     
         6 . The computer program product of  claim 1 , wherein the destination port is associated with domain name system (DNS) queries and the expression comprises a server name indication. 
     
     
         7 . The computer program product of  claim 1 , wherein the target TLD is received from a database. 
     
     
         8 . The computer program product of  claim 1 , wherein the TLD originates from a geographic area of interest. 
     
     
         9 . A system comprising:
 one or more processors; and   memory including instructions that, when executed by the one or more processors, cause the system to:
 receive a target top-level domain (TLD); 
 capture a network packet of internet traffic; 
 determine a destination port of the captured network packet is an open port; 
 determine, based on the determined open port, a payload of the network packet comprises an expression matching the target TLD; and 
 transmit, based the expression matching the target TLD, an alert associated with the target TLD. 
   
     
     
         10 . The system of  claim 9 , wherein the destination port is determined based on a Transmission Control Protocol/Internet Protocol (TCP/IP) Transport Layer (Layer 4) of the network packet. 
     
     
         11 . The system of  claim 9 , wherein the instructions further cause the system to generate a log entry associated with the network packet. 
     
     
         12 . The system of  claim 9 , wherein the instructions further cause the system to disrupt, based on the expression matching the target TLD, the internet traffic. 
     
     
         13 . The system of  claim 9 , wherein the destination port is associated with encrypted traffic and the expression comprises a name field. 
     
     
         14 . The system of  claim 9 , wherein the destination port is associated with domain name system (DNS) queries and the expression comprises a server name indication. 
     
     
         15 . The system of  claim 9 , wherein the target TLD is received from a database. 
     
     
         16 . The system of  claim 9 , wherein the TLD originates from a geographic area of interest. 
     
     
         17 . A method comprising:
 receiving a target top-level domain (TLD);   capturing a network packet of internet traffic;   determining, based on determining a destination port of the captured network packet is an open port, a payload of the network packet comprises an expression matching the target TLD; and   incrementing, based on the expression matching the target TLD, a counter;   determining the counter exceeds a threshold;   transmitting, based on the counter exceeding the threshold, an alert associated with the target TLD.   
     
     
         18 . The method of  claim 17 , wherein the destination port is determined based on a Transmission Control Protocol/Internet Protocol (TCP/IP) Transport Layer (Layer 4) of the network packet. 
     
     
         19 . The method of  claim 17 , wherein the destination port is associated with encrypted traffic and the expression comprises a name field. 
     
     
         20 . The method of  claim 17 , wherein the destination port is associated with domain name system (DNS) queries and the expression comprises a server name indication.

Join the waitlist — get patent alerts

Track US2023254345A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.