top of page
image.png

CyVectors DNS Sensor – Anomaly & Exfiltration Detection

DNS Attack Visibility with Embedded ONNX AI
Reports unusual DNS activity to the SIEM as syslog for the endpoint it is monitoring. Spot Data Leaks to Untrusted Destinations with Embedded ONNX AI
Reports data leaks to untrusted destinations to the SIEM as syslog for the endpoint it is monitoring.

  • Facebook
  • LinkedIn

Embedded AI

image.png

Sensor Operations

Problem: DNS tunneling and exfiltration attacks often bypass firewalls and remain invisible in normal logs.

 

• Solution: DNS Sensor captures DNS traffic in real -time, calculates query frequency, size, and type, then flags anomalies and excessive requests.

 

• Why Different: Uses ONNX -powered anomaly detection with adaptive thresholds, Z -score deviation, and per -talker cooldowns to minimize noise while detecting stealthy exfiltration.

 

• Syslog Output Fields: Timestamp, SiteName, Host, Service, AlertType, Talker IP, Frequency (per min), Deviation Z, Query Types, Thresholds, FirstSeen /LastSeen .

Host Resource Requirements

  • CPU: < 1%

  • Memory(RAM)  < 50MB

  • Disk: < 1MB per day log writes

  • Network: < 1KB/s syslog traffic    

bottom of page