An integrated data exfiltration monitoring tool for a large organization with highly confidential data source

Suresh, Nitha Rachel; Malhotra, Nikhil; Kumar, Rohit; Thanudas, B.

doi:10.1109/ceec.2012.6375395

Cited by 6 publications

(3 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Dynamic access control [83] is a mechanism that is heavily dependent on malicious node assumption to design advanced collision attacks called random poisoning [84]. Other studies used a mathematical model [85], unknown input observers [86], Dynamic Host Configuration Protocol DHCP starvation attack and Transmission Control Protocol TCP [87][88][89], simple statistical measures [90], and Bayesian network model to predict insider threats [91].…”

Section: Cyber Activity Behaviormentioning

confidence: 99%

A Review of Insider Threat Detection: Classification, Machine Learning Techniques, Datasets, Open Challenges, and Recommendations

et al. 2020

View full text Add to dashboard Cite

Insider threat has become a widely accepted issue and one of the major challenges in cybersecurity. This phenomenon indicates that threats require special detection systems, methods, and tools, which entail the ability to facilitate accurate and fast detection of a malicious insider. Several studies on insider threat detection and related areas in dealing with this issue have been proposed. Various studies aimed to deepen the conceptual understanding of insider threats. However, there are many limitations, such as a lack of real cases, biases in making conclusions, which are a major concern and remain unclear, and the lack of a study that surveys insider threats from many different perspectives and focuses on the theoretical, technical, and statistical aspects of insider threats. The survey aims to present a taxonomy of contemporary insider types, access, level, motivation, insider profiling, effect security property, and methods used by attackers to conduct attacks and a review of notable recent works on insider threat detection, which covers the analyzed behaviors, machine-learning techniques, dataset, detection methodology, and evaluation metrics. Several real cases of insider threats have been analyzed to provide statistical information about insiders. In addition, this survey highlights the challenges faced by other researchers and provides recommendations to minimize obstacles.

show abstract

Section: Cyber Activity Behaviormentioning

confidence: 99%

A Review of Insider Threat Detection: Classification, Machine Learning Techniques, Datasets, Open Challenges, and Recommendations

et al. 2020

View full text Add to dashboard Cite

show abstract

“…Several proposals for detecting or preventing data exfiltration attacks exist, such as profiling legitimate user behavior and anomaly detection [27], [28], deep packet inspection techniques [29], stochastic forensics upon the filesystem [30] or a combination of traffic behavior analysis and file access patterns [31]. Dube et al [32] consider XAPTs simply as attacks that contain sophisticated malware and focus on developing a solution that identifies malware based on the assets they may target.…”

Section: Related Work a Xapt Detectionmentioning

confidence: 99%

A Markov Multi-Phase Transferable Belief Model for Cyber Situational Awareness

2019

View full text Add to dashboard Cite

eXfiltration Advanced Persistent Threats (XAPTs) increasingly account for incidents concerned with critical information exfiltration from High Valued Targets (HVTs). Existing Cyber Defence frameworks and data fusion models cannot cope with XAPTs due to a lack of provision for multi-phase attacks characterized by uncertainty and conflicting information. The Markov Multi-phase Transferable Belief Model (MM-TBM) extends the Transferable Belief Model to address the multi-phase nature of cyber-attacks and to obtain previously indeterminable Cyber SA. As a data fusion technique, MM-TBM constitutes a novel approach for performing hypothesis assessment and evidence combination across phases, by means of a new combination rule, called the Multi-phase Combination Rule with conflict Reset (MCR 2). The impact of MM-TBM as a Cyber Situational Awareness capability and its implications as a multi-phase data fusion theory have been empirically validated through a series of scenario-based Cyber SA experiments for detecting, tracking, and predicting XAPTs.

show abstract

“…State-of-the-art perimeter security solutions such as intrusion detection and prevention systems (IDS/IPS), firewalls, and network traffic anomaly detection are per se generally not capable of detecting insider attacks [20]. However, such activities typically leave traces in the network and on the involved systems, which can be used to spot potential misuse in real time or to reconstruct and document the sequence of events associated with an exfiltration and its scope ex-post.…”

Section: Introductionmentioning

confidence: 99%

Cross-Platform File System Activity Monitoring and Forensics – A Semantic Approach

Kurniawan

Ekelhart

Ekaputra

et al. 2020

ICT Systems Security and Privacy Protection

View full text Add to dashboard Cite

Ensuring data confidentiality and integrity are key concerns for information security professionals, who typically have to obtain and integrate information from multiple sources to detect unauthorized data modifications and transmissions. The instrumentation that operating systems provide for the monitoring of file system level activity can yield important clues on possible data tampering and exfiltration activity but the raw data that these tools provide is difficult to interpret, contextualize and query. In this paper, we propose and implement an architecture for file system activity log acquisition, extraction, linking and storage that leverages semantic techniques to tackle limitations of existing monitoring approaches in terms of integration, contextualization, and crossplatform interoperability. We illustrate the applicability of the proposed approach in both forensic and monitoring scenarios and conduct a performance evaluation in a virtual setting.

show abstract

An integrated data exfiltration monitoring tool for a large organization with highly confidential data source

Cited by 6 publications

References 2 publications

A Review of Insider Threat Detection: Classification, Machine Learning Techniques, Datasets, Open Challenges, and Recommendations

A Review of Insider Threat Detection: Classification, Machine Learning Techniques, Datasets, Open Challenges, and Recommendations

A Markov Multi-Phase Transferable Belief Model for Cyber Situational Awareness

Cross-Platform File System Activity Monitoring and Forensics – A Semantic Approach

Contact Info

Product

Resources

About