According to GlobalData’s company profile on Nozomi Networks, Facial recognition AI was a key innovation area identified from patents. Nozomi Networks's grant share as of September 2023 was 12%. Grant share is based on the ratio of number of grants to total number of patents.

Method and apparatus for detecting anomalies in dns traffic

A recently granted patent (Publication Number: US11722504B2) describes a method and apparatus for detecting anomalies in DNS (Domain Name System) traffic within a network. The method involves analyzing data packets exchanged in the network using a network analyzer, isolating DNS packets from the analyzed data packets, and evaluating each DNS packet to generate a DNS packet status. An anomaly in the DNS traffic is signaled when the DNS packet status indicates a critical state.

The evaluation process includes assessing each DNS packet using multiple evaluating algorithms, which generate a DNS packet classification for each algorithm. These classifications are then aggregated to generate the DNS packet status. The critical state is identified when the DNS packet status is found in a critical state database stored in a storage medium.

The method also involves extracting features from each DNS packet during the evaluation process. These features are divided into different family subsets, and each evaluating algorithm generates a DNS packet classification based on a specific family subset. The DNS packet classifications of the same family subset are grouped together to generate a DNS family status using a predefined family-logic evaluation. The DNS family statuses are then further grouped to generate the overall DNS packet status using a predefined packet-logic evaluation.

The patent includes several variations of the predefined packet-classification evaluation. One variation is a majority voting evaluation, where the DNS packet status is determined by the majority status of the DNS family statuses. Another variation is a score voting evaluation, where scores are assigned to the DNS packet classifications, and the DNS packet status is determined by the greater score obtained by summing homogeneous statuses. There is also an evil-win evaluation, where the DNS packet status is determined by a selected status if at least one DNS family status corresponds to that selected status.

The evaluating algorithms mentioned in the patent include Query-based, Transaction-based, Domain-based, and IP-based approaches. Each approach defines a specific subset of features and uses corresponding algorithms such as Isolation Forest, Support Vector Machine, J48, Naive Bayes, Logistic Regression, K-means, K-nearest Neighbor, Multilayer Perceptron, Decision Tree, and Support Vector Machine.

Overall, this patent presents a method and apparatus for effectively detecting anomalies in DNS traffic within a network by analyzing and evaluating DNS packets using various evaluating algorithms and predefined logic evaluations.

To know more about GlobalData’s detailed insights on Nozomi Networks, buy the report here.

Data Insights

From

The gold standard of business intelligence.

Blending expert knowledge with cutting-edge technology, GlobalData’s unrivalled proprietary data will enable you to decode what’s happening in your market. You can make better informed decisions and gain a future-proof advantage over your competitors.

Be better informed