research-article

Detecting sensitive data exfiltration by an insider attack

Authors:

Dipak GhosalAuthors Info & Claims

CSIIRW '08: Proceedings of the 4th annual workshop on Cyber security and information intelligence research: developing strategies to meet the cyber security and information intelligence challenges ahead

Article No.: 16, Pages 1 - 3

https://doi.org/10.1145/1413140.1413159

Published: 12 May 2008 Publication History

Get Access

Abstract

Detecting and mitigating insider threat is a critical element in the overall information protection strategy. By successfully implementing tactics to detect this threat, organizations avoid the loss of sensitive information and also potentially protect against future attacks. Within the broader scope of mitigating insider threat, we focus on detecting exfiltration of sensitive data through the high speed network. We propose a multilevel approach that consists of three main components: 1) network level application identification, 2) content signature generation and detection, and 3) covert communication detection. The key scientific approach used for all the above components is applying statistical and signal processing techniques on network traffic to generate signatures and/or extract features for classification purposes. We provide a summary of the approaches used in network level application identification and content signature generation and detection and briefly describe our approach in detecting covert communications. This paper touches on these issues and outlines overall directions for our research.

Supplementary Material

References

[1]

Burrus, C. S., Gopinath, R. A., and Guo, H. 1998 Introduction to wavelets and wavelets transforms, a primer. Upper Saddle River, Prentice Hall.

Google Scholar

[2]

Nguyen, T. T. T and Armitage, G. 2008. A survey of techniques for internet traffic classification using machine learning, to appear IEEE Communications Surveys and Tutorials 4 (2008).

Digital Library

Google Scholar

[3]

Hampapur, A. and Bolle, R. M. 2001. Comparison of distance measures for video copy detection. In Proceedings of IEEE International Conference on Multimedia and Expo (Tokyo, Japan, Aug. 22--25, 2001). ICME '01. IEEE Computer Society, 737--740.

Google Scholar

[4]

Dittmann, J., Hesse, D., and Hillert, R. 2005. Steganography and steganalysis in voice-over IP scenarios: operational aspects and first experiences with a new steganalysis tool set. In Proceedings of Security, Steganography, and Watermarking of Multimedia Contents VII, Electronic Imaging Science and Technology (San Jose, California, Jan. 16--20, 2005). SPIE, 607--618.

Crossref

Google Scholar

Cited By

View all

Mundt MBaier H(2023)Threat-Based Simulation of Data Exfiltration Toward Mitigating Multiple Ransomware ExtortionsDigital Threats: Research and Practice10.1145/35689934:4(1-23)Online publication date: 20-Oct-2023
https://dl.acm.org/doi/10.1145/3568993
T. N. NPramod D(2023)Insider Intrusion Detection Techniques: A State-of-the-Art ReviewJournal of Computer Information Systems10.1080/08874417.2023.217533764:1(106-123)Online publication date: 14-Feb-2023
https://doi.org/10.1080/08874417.2023.2175337
Shishodia BNene M(2022)Data Leakage Prevention System for Internal Security2022 International Conference on Futuristic Technologies (INCOFT)10.1109/INCOFT55651.2022.10094509(1-6)Online publication date: 25-Nov-2022
https://doi.org/10.1109/INCOFT55651.2022.10094509
Show More Cited By

Index Terms

Detecting sensitive data exfiltration by an insider attack
1. Security and privacy
  1. Network security

Recommendations

Machine Learning for Detecting Data Exfiltration: A Review

Context: Research at the intersection of cybersecurity, Machine Learning (ML), and Software Engineering (SE) has recently taken significant steps in proposing countermeasures for detecting sophisticated data exfiltration attacks. It is important to ...
Towards mechanisms for detection and prevention of data exfiltration by insiders: keynote talk paper
ASIACCS '11: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security

Data represent an extremely important asset for any organization. Confidential data such as military secrets or intellectual property must never be disclosed outside the organization. Therefore, one of the most severe threats in the case of cyber-...
Data exfiltration

ContextOne of the main targets of cyber-attacks is data exfiltration, which is the leakage of sensitive or private data to an unauthorized entity. Data exfiltration can be perpetrated by an outsider or an insider of an organization. Given the increasing ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

May 2008

470 pages

ISBN:9781605580982

DOI:10.1145/1413140

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 May 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CSIIRW '08

CSIIRW '08: Cyber Security and Information Intelligence Research Workshop

May 12 - 14, 2008

Tennessee, Oak Ridge, USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

11
Total Citations
View Citations
895
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)0

Reflects downloads up to 13 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Mundt MBaier H(2023)Threat-Based Simulation of Data Exfiltration Toward Mitigating Multiple Ransomware ExtortionsDigital Threats: Research and Practice10.1145/35689934:4(1-23)Online publication date: 20-Oct-2023
https://dl.acm.org/doi/10.1145/3568993
T. N. NPramod D(2023)Insider Intrusion Detection Techniques: A State-of-the-Art ReviewJournal of Computer Information Systems10.1080/08874417.2023.217533764:1(106-123)Online publication date: 14-Feb-2023
https://doi.org/10.1080/08874417.2023.2175337
Shishodia BNene M(2022)Data Leakage Prevention System for Internal Security2022 International Conference on Futuristic Technologies (INCOFT)10.1109/INCOFT55651.2022.10094509(1-6)Online publication date: 25-Nov-2022
https://doi.org/10.1109/INCOFT55651.2022.10094509
Mundt MBaier H(2022)Towards Mitigation of Data Exfiltration Techniques Using the MITRE ATT&CK FrameworkDigital Forensics and Cyber Crime10.1007/978-3-031-06365-7_9(139-158)Online publication date: 4-Jun-2022
https://doi.org/10.1007/978-3-031-06365-7_9
Laishram RHozhabrierdi PWendt JSoundarajan S(2021)NetProtect: Network Perturbations to Protect Nodes against Entry-Point AttackProceedings of the 13th ACM Web Science Conference 202110.1145/3447535.3462500(93-101)Online publication date: 21-Jun-2021
https://dl.acm.org/doi/10.1145/3447535.3462500
Liu ZWang YChen HLu W(2021)Simulations of Event-Based Cyber Dynamics via Adversarial Machine LearningScience of Cyber Security10.1007/978-3-030-89137-4_13(187-201)Online publication date: 10-Oct-2021
https://doi.org/10.1007/978-3-030-89137-4_13
Moussaileb RBerti CDeboisdeffre GCuppens NLanet J(2020)Watch Out! Doxware on the Way...Risks and Security of Internet and Systems10.1007/978-3-030-41568-6_18(279-292)Online publication date: 28-Feb-2020
https://doi.org/10.1007/978-3-030-41568-6_18
Canbay YYazici HSagiroglu S(2017)A Turkish language based data leakage prevention system2017 5th International Symposium on Digital Forensic and Security (ISDFS)10.1109/ISDFS.2017.7916514(1-6)Online publication date: Apr-2017
https://doi.org/10.1109/ISDFS.2017.7916514
Sanzgiri ADasgupta DTrien JProwell SGoodall JBridges R(2016)Classification of Insider Threat Detection TechniquesProceedings of the 11th Annual Cyber and Information Security Research Conference10.1145/2897795.2897799(1-4)Online publication date: 5-Apr-2016
https://dl.acm.org/doi/10.1145/2897795.2897799
Wang WYang BChen V(2015)A visual analytics approach to detecting server redirections and data exfiltration2015 IEEE International Conference on Intelligence and Security Informatics (ISI)10.1109/ISI.2015.7165932(13-18)Online publication date: May-2015
https://doi.org/10.1109/ISI.2015.7165932
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

Supplementary Material

References

Cited By

Index Terms

Recommendations

Machine Learning for Detecting Data Exfiltration: A Review

Towards mechanisms for detection and prevention of data exfiltration by insiders: keynote talk paper

Data exfiltration

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations