Detecting and preventing distributed data exfiltration attacks

Assignee

• International Business Machines Corporation · US

Inventors

• Ilgen Banu Yuceer · London, GB
• Saritha Arunkumar · Basingstoke, GB
• Juliet Grout · Evesham, GB
• Seema Nagar · Phul, IN

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/034
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A computer-implemented method and a computer system for detecting and preventing distributed data exfiltration attacks. The computer system calculates historical usage statistics for a service, instances of the service, and clients requesting the instances, generates a baseline of normal usage activities for the clients and the instances based on the historical usage statistics, monitors current activities of the clients to build signatures of queries by the clients and signatures of the instances, and correlates the signatures to determine whether a data exfiltration attack is in progress. In response to determining that the data exfiltration attack is in progress, the computer system increases one or more risk scores corresponding to the data exfiltration attack. In response to determining that the one or more risk scores and an overall risk score of the service exceed a predetermined threshold, the computer system generates an alert of the data exfiltration attack.