Systems and methods for data exfiltration detection

Assignee

• FMR LLC · US

Inventors

• Amin Assareh · Boston, US
• Charles Voelker · Boston, US
• Peter Theodoros · Boston, US
• Joshua Marine · Boston, US
• Michael Noto · Nashville, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2463/121
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Systems and methods for detecting anomalous data traffic over proxy servers in a data communications network. The method includes receiving, by a server computing device, network log data corresponding to data traffic during a timeframe. The method further includes normalizing the network log data using at least one of timestamp data of the network log data or IP address data of the network log data. The method also includes extracting risk-based data features from the network log data. The method further includes calculating using an isolation forest algorithm, anomaly scores for the normalized network log data based on the extracted risk-based features. The method also includes determining at least one anomaly event based on the calculated anomaly scores. The method further includes identifying at least one host device and at least one timestamp corresponding to the at least one anomaly event.