US 11,856,005 B2
Malicious homoglyphic domain name generation and associated cyber security applications
Vincent Mutolo, Portsmouth, NH (US); Alexander Chinchilli, Medford, MA (US); Sean Moore, Hollis, NH (US); Matthew Sparrow, Virginia Beach, VA (US); and Connor Tess, Merrimack, NH (US)
Assigned to Centripetal Networks, LLC, Portsmouth, NH (US)
Filed by Centripetal Networks, LLC, Portsmouth, NH (US)
Filed on Sep. 16, 2022, as Appl. No. 17/946,932.
Claims priority of provisional application 63/345,719, filed on May 25, 2022.
Claims priority of provisional application 63/245,074, filed on Sep. 16, 2021.
Prior Publication US 2023/0093453 A1, Mar. 23, 2023
Int. Cl. H04L 9/40 (2022.01); H04L 61/4511 (2022.01)
CPC H04L 63/14 (2013.01) [H04L 61/4511 (2022.05); H04L 63/1416 (2013.01); H04L 63/1433 (2013.01); H04L 63/1483 (2013.01)] 53 Claims
OG exemplary drawing
 
1. A computing device for generation of one or more potential malicious homoglyphic domain names (MHDNs), wherein the computing device comprises:
one or more processors; and
memory storing instructions that, when executed by the one or more processors, cause the computing device to:
receive training data comprising a plurality of known MHDNs, wherein each known MHDN of the plurality of known MHDNs is a domain name that comprises at least one homoglyphic characteristic such that a respective known MHDN imitates another domain name;
generate, based on the training data, a set of operations for use in generating the one or more potential MHDNs, wherein each operation of the set of operations is configured to modify a base domain name according to a respective homoglyphic characteristic;
generate a first candidate mutator, wherein the first candidate mutator comprises one or more first operations selected from the set of operations;
generate a first candidate MHDN, using the first candidate mutator, by applying the one or more first operations of the first candidate mutator to a first base domain name;
determine a first fitness value corresponding to a likelihood of the first candidate MHDN being an actual MHDN; and
based on determining that the first fitness value satisfies a first threshold fitness, determine whether the first candidate MHDN is resolvable by a domain name system (DNS) based on whether the DNS includes a record corresponding to the first candidate MHDN, and in response:
if it is determined that the first candidate MHDN is resolvable by the DNS, output an indication that the first candidate MHDN is resolvable by the DNS; and
if it is determined that the first candidate MHDN is not resolvable by the DNS, output an indication that the first candidate MHDN satisfies a second threshold fitness, based on determining that the first fitness value satisfies the second threshold fitness.