GB2579260B - Detecting targeted data exfiltration in encrypted traffic - Google Patents

Detecting targeted data exfiltration in encrypted traffic Download PDF

Info

Publication number
GB2579260B
GB2579260B GB1908422.7A GB201908422A GB2579260B GB 2579260 B GB2579260 B GB 2579260B GB 201908422 A GB201908422 A GB 201908422A GB 2579260 B GB2579260 B GB 2579260B
Authority
GB
United Kingdom
Prior art keywords
targeted data
encrypted traffic
data exfiltration
detecting targeted
detecting
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
GB1908422.7A
Other versions
GB201908422D0 (en
GB2579260A (en
Inventor
Harrell Anderson Blake
Allen Shenefiel Chris
McGrew David
M Waitman Robert
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cisco Technology Inc
Original Assignee
Cisco Technology Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US16/017,482 external-priority patent/US10868834B2/en
Application filed by Cisco Technology Inc filed Critical Cisco Technology Inc
Publication of GB201908422D0 publication Critical patent/GB201908422D0/en
Publication of GB2579260A publication Critical patent/GB2579260A/en
Application granted granted Critical
Publication of GB2579260B publication Critical patent/GB2579260B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0894Policy-based network configuration management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0895Configuration of virtualised networks or elements, e.g. virtualised network function or OpenFlow elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/16Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/142Network analysis or design using statistical or mathematical methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer
GB1908422.7A 2018-06-25 2019-06-12 Detecting targeted data exfiltration in encrypted traffic Active GB2579260B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US16/017,482 US10868834B2 (en) 2018-05-11 2018-06-25 Detecting targeted data exfiltration in encrypted traffic

Publications (3)

Publication Number Publication Date
GB201908422D0 GB201908422D0 (en) 2019-07-24
GB2579260A GB2579260A (en) 2020-06-17
GB2579260B true GB2579260B (en) 2022-08-10

Family

ID=67386135

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1908422.7A Active GB2579260B (en) 2018-06-25 2019-06-12 Detecting targeted data exfiltration in encrypted traffic

Country Status (1)

Country Link
GB (1) GB2579260B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114124921A (en) * 2021-12-15 2022-03-01 食品安全与营养(贵州)信息科技有限公司 Acquisition method based on data acquisition system of Internet of things and working system
CN114465823B (en) * 2022-04-08 2022-08-19 杭州海康威视数字技术股份有限公司 Industrial Internet terminal encrypted flow data security detection method, device and equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2713570A1 (en) * 2012-09-28 2014-04-02 British Telecommunications public limited company Operation of a data network
US20170353501A1 (en) * 2016-06-01 2017-12-07 At&T Mobility Ii Llc Network caching of outbound content from endpoint device to prevent unauthorized extraction
EP3306890A1 (en) * 2016-10-06 2018-04-11 Cisco Technology, Inc. Analyzing encrypted traffic behavior using contextual traffic data
US20180139141A1 (en) * 2016-11-17 2018-05-17 Cisco Technology, Inc. On-box behavior-based traffic classification

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2713570A1 (en) * 2012-09-28 2014-04-02 British Telecommunications public limited company Operation of a data network
US20170353501A1 (en) * 2016-06-01 2017-12-07 At&T Mobility Ii Llc Network caching of outbound content from endpoint device to prevent unauthorized extraction
EP3306890A1 (en) * 2016-10-06 2018-04-11 Cisco Technology, Inc. Analyzing encrypted traffic behavior using contextual traffic data
US20180139141A1 (en) * 2016-11-17 2018-05-17 Cisco Technology, Inc. On-box behavior-based traffic classification

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
INTERNATIONAL JOURNAL OF NETWORK MANAGEMENT, 2014, PETR VELAN ET AL, "A survey of methods for encrypted traffic classification and analysis" pages 1-24 *
PROCEEDINGS OF THE 13TH INTERNATIONAL CONFERENCE ON FUTURE INTERNET TECHNOLOGIES, 2018, YING HU GUANG CHENG, "Encrypted traffic identification based on N-gram entropy and cumulative sum test", pages 1-6 *

Also Published As

Publication number Publication date
GB201908422D0 (en) 2019-07-24
GB2579260A (en) 2020-06-17

Similar Documents

Publication Publication Date Title
HK1244921A1 (en) Encryption and decryption system and method
SG11201912230SA (en) Methods and Systems For Blockchain-Implemented Event-Lock Encryption
SG11202100850RA (en) Blockchain-based service data encryption methods and apparatuses
EP3349200A4 (en) Method and device for processing traffic road information
EP3367084A4 (en) Road surface state determination device, imaging device, imaging system, and road surface state determination method
EP3226463A4 (en) Data encryption and decryption method and encryption and decryption device
SG11201704361XA (en) Block cryptographic method for encrypting/decrypting messages and cryptographic devices for implementing this method
EP3300294A4 (en) Data encryption apparatus and method, and data decryption apparatus and method
SG11201606916SA (en) Road surface degradation detection method, information processing device, and program
EP2879327A4 (en) Encryption and decryption processing method, apparatus and device
GB2520778B8 (en) Block encryption/decryption apparatus and method
EP3531614A4 (en) Encryption and decryption method and device
EP3337088A4 (en) Data encryption method, decryption method, apparatus, and system
EP3208967A4 (en) Entity authentication method and device based on pre-shared key
EP3467808A4 (en) Encryption device, encryption method, decryption device, and decryption method
EP3667647A4 (en) Encryption device, encryption method, decryption device, and decryption method
EP3550266A4 (en) Road determination method and device
SG2013093059A (en) Method and system for encryption and/or decryption
GB201811807D0 (en) Encryption system
EP3761544C0 (en) Information sending method, information receiving method, and device
EP3777066C0 (en) Pdu session for encrypted traffic detection
GB2579260B (en) Detecting targeted data exfiltration in encrypted traffic
GB2553913B (en) Media key block based broadcast encryption
GB2569228B (en) Contact lenses having an ion-impermeable portion and related methods
EP3651142A4 (en) Encryption device, encryption method, decryption device, and decryption method