SYSTEMS AND METHODS FOR DETECTING DATA EXFILTRATION

Michael Dymshits (Inventor), David Tolpin (Inventor), Eli Strajnik (Inventor), Benjamin Hillel Myara (Inventor), Liron Ben Kimon (Inventor)

Research output: Patent

Abstract

Systems and methods for detecting data exfiltration using domain name system (DNS) queries include, in various embodiments, performing operations that include parsing a DNS query to determine whether that DNS query is likely to contain hidden data that is being exfiltrated from a system or network. Statistical methods can be used to analyze the DNS query to determine a likelihood whether each of a plurality of segments of the DNS query are indicative of data exfiltration methods. If one or multiple DNS queries are deemed suspicious based on the analysis, a security action on the DNS query can be performed, including sending an alert and/or blocking the DNS query from being forwarded.

Original languageEnglish
Patent numberUS2019130100
IPCG06F 21/ 64 A I
Priority date2/11/17
StatePublished - 2 May 2019

Fingerprint

Dive into the research topics of 'SYSTEMS AND METHODS FOR DETECTING DATA EXFILTRATION'. Together they form a unique fingerprint.

Cite this