SYSTEMS AND METHODS FOR DETECTING DATA EXFILTRATION

Michael Dymshits; David Tolpin; Eli Strajnik; Benjamin Hillel Myara; Liron Ben Kimon

SYSTEMS AND METHODS FOR DETECTING DATA EXFILTRATION

Michael Dymshits (Inventor)
, David Tolpin (Inventor)
, Eli Strajnik (Inventor)
, Benjamin Hillel Myara (Inventor)
, Liron Ben Kimon (Inventor)

Department of Electrical & Computer Engineering

Research output: Patent

Abstract

Systems and methods for detecting data exfiltration using domain name system (DNS) queries include, in various embodiments, performing operations that include parsing a DNS query to determine whether that DNS query is likely to contain hidden data that is being exfiltrated from a system or network. Statistical methods can be used to analyze the DNS query to determine a likelihood whether each of a plurality of segments of the DNS query are indicative of data exfiltration methods. If one or multiple DNS queries are deemed suspicious based on the analysis, a security action on the DNS query can be performed, including sending an alert and/or blocking the DNS query from being forwarded.

Original language	English
Patent number	US2019130100
IPC	G06F 21/ 64 A I
Priority date	2/11/17
State	Published - 2 May 2019

Cite this

@misc{83288da0fa1b4451bda008b882a1543f,

title = "SYSTEMS AND METHODS FOR DETECTING DATA EXFILTRATION",

abstract = "Systems and methods for detecting data exfiltration using domain name system (DNS) queries include, in various embodiments, performing operations that include parsing a DNS query to determine whether that DNS query is likely to contain hidden data that is being exfiltrated from a system or network. Statistical methods can be used to analyze the DNS query to determine a likelihood whether each of a plurality of segments of the DNS query are indicative of data exfiltration methods. If one or multiple DNS queries are deemed suspicious based on the analysis, a security action on the DNS query can be performed, including sending an alert and/or blocking the DNS query from being forwarded.",

author = "Michael Dymshits and David Tolpin and Eli Strajnik and Myara, \{Benjamin Hillel\} and Kimon, \{Liron Ben\}",

year = "2019",

month = may,

day = "2",

language = "English",

type = "Patent",

note = "US2019130100; G06F 21/ 64 A I",

}

TY - PAT

T1 - SYSTEMS AND METHODS FOR DETECTING DATA EXFILTRATION

AU - Dymshits, Michael

AU - Tolpin, David

AU - Strajnik, Eli

AU - Myara, Benjamin Hillel

AU - Kimon, Liron Ben

PY - 2019/5/2

Y1 - 2019/5/2

N2 - Systems and methods for detecting data exfiltration using domain name system (DNS) queries include, in various embodiments, performing operations that include parsing a DNS query to determine whether that DNS query is likely to contain hidden data that is being exfiltrated from a system or network. Statistical methods can be used to analyze the DNS query to determine a likelihood whether each of a plurality of segments of the DNS query are indicative of data exfiltration methods. If one or multiple DNS queries are deemed suspicious based on the analysis, a security action on the DNS query can be performed, including sending an alert and/or blocking the DNS query from being forwarded.

AB - Systems and methods for detecting data exfiltration using domain name system (DNS) queries include, in various embodiments, performing operations that include parsing a DNS query to determine whether that DNS query is likely to contain hidden data that is being exfiltrated from a system or network. Statistical methods can be used to analyze the DNS query to determine a likelihood whether each of a plurality of segments of the DNS query are indicative of data exfiltration methods. If one or multiple DNS queries are deemed suspicious based on the analysis, a security action on the DNS query can be performed, including sending an alert and/or blocking the DNS query from being forwarded.

M3 - Patent

M1 - US2019130100

ER -

SYSTEMS AND METHODS FOR DETECTING DATA EXFILTRATION

Abstract

Fingerprint

Cite this