Detecting Data Exfiltration by Integrating Information Across Layers
Loading...
Permanent Link
Author/Creator
Author/Creator ORCID
Date
2013-08-14
Type of Work
Department
Program
Citation of Original Publication
Puneet Sharma, Anupam Joshi and Tim Finin, Detecting Data Exfiltration by Integrating Information Across Layers, IEEE 14th Int. Conf. on Information Reuse and Integration, San Francisco, Aug. 2013, https://ebiquity.umbc.edu/paper/html/id/625/Detecting-Data-Exfiltration-by-Integrating-Information-Across-Layers
Rights
This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
© 2013 IEEE
© 2013 IEEE
Abstract
Data exfiltration is the unauthorized leakage of confidential data from a system. Unlike intrusions that seek to overtly disable or damage a system, it is particularly hard to detect because it uses a variety of low/slow vectors and advanced persistent threats (APTs). It is often assisted (intentionally or not) by an insider who might be an employee who downloads a trojan or uses a hardware component that has been tampered with or acquired from an unreliable source. Conventional scan and test based detection approaches work poorly, especially for hardware with embedded trojans. We describe a framework to detect potential exfiltration events that actively monitors of a set of key parameters that cover the entire stack, from hardware to the application layer. An attack alert is generated only if several monitors detect suspicious activity within a short temporal window. The cross-layer monitoring and integration helps ensure accurate alerts with fewer false positives and makes designing a successful attack more difficult.