{"schema_version":"1.0","canonical_url":"https://patentable.app/patents/US-11477161","patent":{"patent_number":"US-11477161","title":"Systems and methods for detecting DNS communications through time-to-live analyses","assignee":null,"inventors":[],"filing_date":"2021-10-29T00:00:00.000Z","publication_date":"2022-10-18T00:00:00.000Z","cpc_codes":["H04L","G06F","H04L","H04L","H04L","H04L"],"num_claims":20,"abstract":"A computerized method is disclosed that includes accessing domain name server (DNS) record data including a plurality of DNS records spanning a first time period, performing a time-to-live (TTL) analysis to determine a TTL run length distribution for the DNS record data, wherein the TTL analysis includes: generating a vector of the TTL values of each DNS record ordered sequentially in time, parsing the vector of the TTL values into segments, where a segment consists of one or more TTL values where a current TTL value is less than an immediately preceding TTL value, and determining the TTL run length distribution, determining whether DNS beaconing is present based on a result of the TTL analysis and in response to determining that DNS beaconing is present, generating an alert for a system administrator."},"analysis":{"summary":null,"layman_explanation":null,"technical_analysis":null,"business_analysis":null,"faqs":null,"topics":[],"tech_cluster":null},"seo":{"title":"Systems and methods for detecting DNS communications through time-to-live analyses","description":"A computerized method is disclosed that includes accessing domain name server (DNS) record data including a plurality of DNS records spanning a first time period, performing a time-to-live (TTL) analy","keywords":[]},"attribution":{"source":"Patentable","source_url":"https://patentable.app","canonical_url":"https://patentable.app/patents/US-11477161","license":"CC-BY-4.0-like","license_terms":"AI-generated analysis on this page (summary, layman_explanation, technical_analysis, business_analysis, faqs) may be reused with attribution and a visible link back to the canonical URL above. Patent abstracts, claims, and bibliographic data are USPTO public domain.","required_link":"https://patentable.app/patents/US-11477161","citation_suggestion":"Patentable. \"Systems and methods for detecting DNS communications through time-to-live analyses\" (US-11477161). https://patentable.app/patents/US-11477161","copyright_holder":"Nomic Interactive Technology LLC"},"links":{"html":"https://patentable.app/patents/US-11477161","json":"https://patentable.app/api/llm-context/US-11477161","site":"https://patentable.app","llms_txt":"https://patentable.app/llms.txt"},"generated_at":"2026-05-30T09:41:22.752Z"}