US 12,278,822 B2
Malicious homoglyphic domain name generation and associated cyber security applications
Vincent Mutolo, Portsmouth, NH (US); Alexander Chinchilli, Medford, MA (US); Sean Moore, Hollis, NH (US); Matthew Sparrow, Virginia Beach, VA (US); and Connor Tess, Merrimack, NH (US)
Assigned to Centripetal Networks, LLC, Portsmouth, NH (US)
Filed by Centripetal Networks, LLC, Portsmouth, NH (US)
Filed on Oct. 31, 2023, as Appl. No. 18/385,731.
Application 18/385,731 is a continuation of application No. 17/946,932, filed on Sep. 16, 2022, granted, now 11,856,005.
Claims priority of provisional application 63/345,719, filed on May 25, 2022.
Claims priority of provisional application 63/245,074, filed on Sep. 16, 2021.
Prior Publication US 2024/0073220 A1, Feb. 29, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); H04L 61/4511 (2022.01)
CPC H04L 63/14 (2013.01) [H04L 61/4511 (2022.05); H04L 63/1416 (2013.01); H04L 63/1433 (2013.01); H04L 63/1483 (2013.01)] 30 Claims
OG exemplary drawing
 
1. A computing device for generation of one or more potential malicious homoglyphic domain names (MHDNs), wherein the computing device comprises:
one or more processors; and
memory storing instructions that, when executed by the one or more processors, cause the computing device to:
receive training data comprising a plurality of known MHDNs, wherein each known MHDN of the plurality of known MHDNs is a domain name that comprises at least one homoglyphic characteristic such that a respective known MHDN imitates another domain name;
generate, based on the training data, a set of operations for use in generating the one or more potential MHDNs, wherein each operation of the set of operations is configured to modify a base domain name according to a respective homoglyphic characteristic;
generate, based on the training data, a fitness function for use in evaluating the one or more potential MHDNs, wherein the fitness function is configured to indicate a likelihood of a given candidate MHDN being an actual MHDN;
generate a first candidate mutator, wherein the first candidate mutator comprises one or more first operations selected from the set of operations;
generate a first candidate MHDN, using the first candidate mutator, by applying the one or more first operations of the first candidate mutator to a first base domain name;
determine a first fitness value corresponding to a likelihood of the first candidate MHDN being an actual MHDN using the fitness function;
determine, by comparing the first fitness value to a first threshold fitness, whether the first fitness value satisfies the first threshold fitness;
based on determining that the first fitness value satisfies the first threshold fitness, determine whether the first candidate MHDN is resolvable by a domain name system (DNS); and
output, to a cybersecurity application and based on determining that the first candidate MHDN is resolvable by the DNS, an indication that the first candidate MHDN is resolvable.