Context: One of the main targets of cyber-attacks is data exfiltration, which is the leakage of sensitive or private data to an unauthorized entity. Data exfiltration can be perpetrated by an outsider or an insider of an organization. Given the increasing number of data exfiltration incidents, a large number of data exfiltration countermeasures have been developed. These countermeasures aim to detect, prevent, or investigate exfiltration of sensitive or private data. With the growing interest in data exfiltration, it is important to review data exfiltration attack vectors and countermeasures to support future research in this field. Objective: This paper is aimed at identifying and critically analysing data exfiltration attack vectors and countermeasures for reporting the status of the art and determining gaps for future research. Method: We have followed a structured process for selecting 108 papers from seven publication databases. Thematic analysis method has been applied to analyse the extracted data from the reviewed papers. Results: We have developed a classification of (1) data exfiltration attack vectors used by external attackers and (2) the countermeasures in the face of external attacks. We have mapped the countermeasures to attack vectors. Furthermore, we have explored the applicability of various countermeasures for different states of data (i.e., in use, in transit, or at rest). Conclusion: This review has revealed that (a) most of the state of the art is focussed on preventive and detective countermeasures and significant research is required on developing investigative countermeasures that are equally important; (b) Several data exfiltration countermeasures are not able to respond in real-time, which specifies that research efforts need to be invested to enable them to respond in real-time (c) A number of data exfiltration countermeasures do not take privacy and ethical concerns into consideration, which may become an obstacle in their full adoption (d) Existing research is primarily focussed on protecting data in 'in use' state, therefore, future research needs to be directed towards securing data in 'in rest' and 'in transit' states (e) There is no standard or framework for evaluation of data exfiltration countermeasures. We assert the need for developing such an evaluation framework.
As an increasing amount of crime takes on a digital aspect, law enforcement bodies must tackle an online environment generating huge volumes of data. With manual inspections becoming increasingly infeasible, law enforcement bodies are optimising online investigations through data-mining technologies. Such technologies must be well designed and rigorously grounded, yet no survey of the online data-mining literature exists which examines their techniques, applications and rigour. This article remedies this gap through a systematic mapping study describing online data-mining literature which visibly targets law enforcement applications, using evidence-based practices in survey making to produce a replicable analysis which can be methodologically examined for deficiencies.
Well-meaning cybersecurity risk owners will deploy countermeasures (technologies or procedures) to manage risks to their services or systems. In some cases, those countermeasures will produce unintended consequences, which must then be addressed. Unintended consequences can potentially induce harm, adversely affecting user behaviour, user inclusion, or the infrastructure itself (including other services or countermeasures). Here we propose a framework for preemptively identifying unintended harms of risk countermeasures in cybersecurity. The framework identifies a series of unintended harms which go beyond technology alone, to consider the cyberphysical and sociotechnical space: displacement, insecure norms, additional costs, misuse, misclassification, amplification, and disruption. We demonstrate our framework through application to the complex, multi-stakeholder challenges associated with the prevention of cyberbullying as an applied example. Our framework aims to illuminate harmful consequences, not to paralyze decisionmaking, but so that potential unintended harms can be more thoroughly considered in risk management strategies. The framework can support identification and preemptive planning to identify vulnerable populations and preemptively insulate them from harm. There are opportunities to use the framework in coordinating risk management strategy across stakeholders in complex cyberphysical environments.
Security is one of the biggest challenges facing organisations in the modern hyper-connected world. A number of theoretical security models are available that provide best practice security guidelines and are widely utilised as a basis to identify and operationalise security requirements. Such models often capture high-level security concepts (e.g., whitelisting, secure configurations, wireless access control, data recovery, etc.), strategies for operationalising such concepts through specific security controls, and relationships between the various concepts and controls. The threat landscape, however, evolves leading to new tacit knowledge that is embedded in or across a variety of security incidents. These unknown knowns alter, or at least demand reconsideration of the theoretical security models underpinning security requirements. In this paper, we present an approach to discover such unknown knowns through multi-incident analysis. The approach is based on a novel combination of grounded theory and incident fault trees. We demonstrate the effectiveness of the approach through its application to identify revisions to a theoretical security model widely used in industry.
Understanding magma fragmentation mechanisms in explosive eruptions is a key requirement for volcanic hazard assessment, eruption management and risk mitigation. This paper focuses on a type case small explosivity eruption (July-August 2015 eruption of Piton de la Fournaise). These eruptions, despite being often overlooked, are exceedingly frequent on local-to-global scales and constitute a significant hazard in vent-proximal areas, which are often populated by guides, tourists and, indeed, volcanologists due to their accessibility. The explosions presented here are ideal cases for the study of the dynamics of magma fragmentation and how it relates to the size distribution of scoria generated at the vent. We documented these events visually and thermally, and characterised the products through sample-return. This allowed us to describe small-scale gas bursts sending ejecta up to 30 m during intermittent lava fountains. Surface tension instabilities and inertial forces played a major role in fragmentation processes and generated particles with coarse-skewed distributions and median diameters ranging from − 8 to − 10 ϕ. However, with time distributions of particles in the most energetic fountains shifted towards more symmetrical shapes as median grains sizes became finer. Analyses of sequences of images demonstrate that the evolution of particle size distributions with time is due to instability of magma droplets and (in-flight) fragmentation. Mafic explosive volcanism is traditionally overlooked with respect to more energetic, higher intensity and destructive silicic volcanism. Several events in the last years (Kilauea 1 , Mount Etna 2 have however demonstrated that significant hazard is associated with such low intensity basaltic eruptions 3,4 and the dynamics and impact of mafic explosive events has been the subject of several studies 5-11. These studies have highlighted that accurate assessment of the hazard associated with mafic explosive activity requires greater understanding of the volcanic events from precursory activity to fragmentation and pyroclast accumulation and sedimentation. Mafic magma fragmentation shows a large variability, ranging from poorly to highly efficient. Poorly efficient fragmentation in low intensity eruptions (i.e. those not driven by significant gas overpressure) relates to the formation of large bomb-sized fragments (smaller median phi) which fall around the vent, and, if accumulation rates are high (and clast cooling rates low) are capable of coalescing into spatter-fed lava flows which collect most of the fragmented magma 12-14. More efficient fragmentation, typical of the moderate intensity Strombolian and violent Strombolian explosions (or transitional regimes 15-17 produces lapilli to ash-sized fragments which either form scoria cones, or plumes which settle forming tephra-fall deposits or disperse in the atmosphere 7,18,19. In the high intensity Plinian and Subplinian eruptions, fragmentation is highly efficient resulting in total grain size distributions (TGSD) that are simi...
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
334 Leonard St
Brooklyn, NY 11211
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.