US 12,229,647 B2
Unified parked domain detection system
Zeyu You, Santa Clara, CA (US); Wei Wang, Milpitas, CA (US); and Yu Zhang, Newark, CA (US)
Assigned to Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed by Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed on Jul. 29, 2022, as Appl. No. 17/877,205.
Prior Publication US 2024/0037443 A1, Feb. 1, 2024
Int. Cl. G06N 20/00 (2019.01); G06F 16/953 (2019.01); G06F 16/955 (2019.01); G06F 16/958 (2019.01); G06F 21/57 (2013.01); H04L 9/40 (2022.01)
CPC G06N 20/00 (2019.01) [G06F 16/953 (2019.01); G06F 16/9558 (2019.01); G06F 16/958 (2019.01); G06F 21/57 (2013.01); H04L 63/14 (2013.01); G06F 2221/2119 (2013.01)] 23 Claims
OG exemplary drawing
 
1. A system, comprising:
one or more processors configured to:
obtain a set of webpages corresponding to a plurality of domains;
extract a plurality of features based on the set of webpages, wherein the plurality of features comprise a set of HTML features, a set of one or more HAR features, and a set of signature count features;
detect parked domains based on the plurality of features using a machine learning model; and
periodically apply automatic signature generation to detect a new pattern of parked domains without retraining the machine learning model, wherein applying the automatic signature generation comprises obtaining one or more new signatures for the new pattern, extracting one or more new signature count features based on the one or more new signatures, and adding the one or more new signature count features to the set of signature count features; and
a memory coupled to the one or more processors and configured to provide the one or more processors with instructions.