Filtering network data transfers

  • US 10,735,380 B2
  • Filed: 02/14/2020
  • Issued: 08/04/2020
  • Est. Priority Date: 03/12/2013
  • Status: Active Grant
First Claim
Patent Images

1. A method of detecting a potential network exfiltration comprising:

  • receiving, by a packet security gateway that interfaces at a boundary of a protected network, a plurality of outbound in-transit packets departing the protected network, wherein the plurality of outbound in-transit packets comprises first packets destined for a first destination;

    determining, by the packet security gateway and based on one or more packet-filtering rules, that the first destination comprises a destination outside of the protected network;

    identifying, based on a determination that the first destination comprises a destination outside of the protected network, at least one application packet contained in the first packets;

    determining that the identified at least one application packet is associated with a data transfer protocol associated with the one or more packet-filtering rules;

    identifying a data transfer request field within a header region of the identified at least one application packet;

    determining whether a value of the identified data transfer request field indicates that the data transfer protocol comprises one or more network exfiltration methods associated with the one or more packet-filtering rules; and

    applying one or more operators, specified by the one or more packet-filtering rules and based on a determination that the identified data transfer request field indicates one or more network exfiltration methods, to the first packets, wherein applying the one or more operators causes the first packets to be dropped.

View all claims
    ×
    ×

    Thank you for your feedback

    ×
    ×