MACHINE-LEARNING BASED DNS FIDELITY MONITORING AND BEHAVIORAL ANOMALY DETECTION FOR COMPUTER SECURITY

Abstract

An approach for improving computer security using machine learning and DNS-based monitoring. A server receives requests associated with multiple entities, including at least customers and vendors, and maintains historical behavior data comprising prior requests, corresponding outcomes, and DNS record information for associated domains. A machine learning algorithm determines a range of predictable requests for a given entity based on the historical behavior data and compares new requests to this range to detect anomalies or behavior inconsistent with past activity. When an anomaly is detected, the server causes one or more confirmation messages to be sent, for example via email, SMS, social media messaging, instant messaging, or application notifications, before authorizing a secure operation.

CPC Classifications