UMBC ebiquity

Detecting Data Exfiltration by Integrating Information Across Layers

Authors: Puneet Sharma, Anupam Joshi, and Tim Finin

Book Title: 14th IEEE International Conference on Information Reuse and Integration

Date: August 14, 2013

Abstract: Data exfiltration is the unauthorized leakage of confidential data from a system. Unlike intrusions that seek to overtly disable or damage a system, it is particularly hard to detect because it uses a variety of low/slow vectors and advanced persistent threats (APTs). It is often assisted (intentionally or not) by an insider who might be an employee who downloads a trojan or uses a hardware component that has been tampered with or acquired from an unreliable source. Conventional scan and test based detection approaches work poorly, especially for hardware with embedded trojans. We describe a framework to detect potential exfiltration events that actively monitors of a set of key parameters that cover the entire stack, from hardware to the application layer. An attack alert is generated only if several monitors detect suspicious activity within a short temporal window. The cross-layer monitoring and integration helps ensure accurate alerts with fewer false positives and makes designing a successful attack more difficult.

Type: InProceedings

Publisher: IEEE Computer Society Press

Tags: cybersecurity, security, exfiltration, intrusion, malware, ids

Google Scholar: search

Number of downloads: 886

 

Available for download as


size: 944434 bytes