US 12,476,982 B2
Methods, systems, and apparatuses for query analysis and classification
Bahman Rashidi, Philadelphia, PA (US); and Vaibhav Garg, Philadelphia, PA (US)
Assigned to Comcast Cable Communications, LLC, Philadelphia, PA (US)
Filed by Comcast Cable Communications, LLC, Philadelphia, PA (US)
Filed on Jun. 23, 2021, as Appl. No. 17/355,887.
Prior Publication US 2022/0417261 A1, Dec. 29, 2022
Int. Cl. H04L 9/40 (2022.01); G06F 16/245 (2019.01); G06N 20/00 (2019.01)
CPC H04L 63/1416 (2013.01) [G06F 16/245 (2019.01); G06N 20/00 (2019.01); H04L 63/1441 (2013.01); H04L 2463/144 (2013.01)] 19 Claims
OG exemplary drawing
 
8. A method comprising:
receiving, by a computing device, a domain name system (DNS) query comprising a domain name;
determining, by a machine learning model, a plurality of features associated with the DNS query, wherein the plurality of features comprises at least a frequency of occurrence for each contiguous sequence of characters of a plurality of contiguous sequences of characters within a plurality of references and a ratio of vowels to consonants present within the domain name;
determining, based on the frequency of occurrence for each contiguous sequence of characters, a composite ranking for each contiguous sequence of characters present within the domain name, wherein the composite ranking is based at least in part on a plurality of rankings associated with the plurality of references;
determining, based on the ratio of vowels to consonants and the composite ranking, that the DNS query is associated with a malicious identifier generation algorithm; and
causing, based on the DNS query being associated with the malicious identifier generation algorithm, at least one remedial action to be performed.