17455021. DETECTING AND PREVENTING DISTRIBUTED DATA EXFILTRATION ATTACKS simplified abstract (International Business Machines Corporation)
Contents
DETECTING AND PREVENTING DISTRIBUTED DATA EXFILTRATION ATTACKS
Organization Name
International Business Machines Corporation
Inventor(s)
Ilgen Banu Yuceer of London (GB)
SARITHA Arunkumar of Basingstoke (GB)
DETECTING AND PREVENTING DISTRIBUTED DATA EXFILTRATION ATTACKS - A simplified explanation of the abstract
This abstract first appeared for US patent application 17455021 titled 'DETECTING AND PREVENTING DISTRIBUTED DATA EXFILTRATION ATTACKS
Simplified Explanation
The patent application describes a computer system and method for detecting and preventing distributed data exfiltration attacks. Here is a simplified explanation of the abstract:
- The computer system calculates historical usage statistics for a service, instances of the service, and clients requesting the instances.
- It generates a baseline of normal usage activities for the clients and instances based on the historical usage statistics.
- The system monitors the current activities of the clients to build signatures of queries by the clients and signatures of the instances.
- It correlates the signatures to determine if a data exfiltration attack is happening.
- If a data exfiltration attack is detected, the system increases risk scores associated with the attack.
- If the risk scores and overall risk score of the service exceed a predetermined threshold, the system generates an alert for the data exfiltration attack.
Potential applications of this technology:
- Cybersecurity systems and software
- Network monitoring and intrusion detection systems
- Cloud service providers
- Data protection and privacy tools
Problems solved by this technology:
- Detecting and preventing distributed data exfiltration attacks
- Identifying abnormal usage activities and potential security breaches
- Providing real-time alerts for data exfiltration attacks
Benefits of this technology:
- Enhanced security and protection against data exfiltration attacks
- Early detection and prevention of potential security breaches
- Efficient monitoring and analysis of client activities
- Customizable risk scoring system for accurate threat assessment
Original Abstract Submitted
A computer-implemented method and a computer system for detecting and preventing distributed data exfiltration attacks. The computer system calculates historical usage statistics for a service, instances of the service, and clients requesting the instances, generates a baseline of normal usage activities for the clients and the instances based on the historical usage statistics, monitors current activities of the clients to build signatures of queries by the clients and signatures of the instances, and correlates the signatures to determine whether a data exfiltration attack is in progress. In response to determining that the data exfiltration attack is in progress, the computer system increases one or more risk scores corresponding to the data exfiltration attack. In response to determining that the one or more risk scores and an overall risk score of the service exceed a predetermined threshold, the computer system generates an alert of the data exfiltration attack.