Detecting Data Exfiltration by Integrating Information Across Layers
| dc.contributor.author | Sharma, Puneet | |
| dc.contributor.author | Joshi, Anupam | |
| dc.contributor.author | Finin, Tim | |
| dc.date.accessioned | 2018-11-02T16:27:34Z | |
| dc.date.available | 2018-11-02T16:27:34Z | |
| dc.date.issued | 2013-08-14 | |
| dc.description | 14th IEEE International Conference on Information Reuse and Integration | en_US |
| dc.description.abstract | Data exfiltration is the unauthorized leakage of confidential data from a system. Unlike intrusions that seek to overtly disable or damage a system, it is particularly hard to detect because it uses a variety of low/slow vectors and advanced persistent threats (APTs). It is often assisted (intentionally or not) by an insider who might be an employee who downloads a trojan or uses a hardware component that has been tampered with or acquired from an unreliable source. Conventional scan and test based detection approaches work poorly, especially for hardware with embedded trojans. We describe a framework to detect potential exfiltration events that actively monitors of a set of key parameters that cover the entire stack, from hardware to the application layer. An attack alert is generated only if several monitors detect suspicious activity within a short temporal window. The cross-layer monitoring and integration helps ensure accurate alerts with fewer false positives and makes designing a successful attack more difficult. | en_US |
| dc.description.sponsorship | This research was partially supported by AFOSR award FA9550-08-1-0265 and a gift from Northrop Grumman. Joshi's work was supported by funds from the Oros Professorship endowment. | en_US |
| dc.description.uri | https://ebiquity.umbc.edu/paper/html/id/625/Detecting-Data-Exfiltration-by-Integrating-Information-Across-Layers | en_US |
| dc.format.extent | 8 pages | en_US |
| dc.genre | conference papers and proceedings pre-print | en_US |
| dc.identifier | doi:10.13016/M2639K89X | |
| dc.identifier.citation | Puneet Sharma, Anupam Joshi and Tim Finin, Detecting Data Exfiltration by Integrating Information Across Layers, IEEE 14th Int. Conf. on Information Reuse and Integration, San Francisco, Aug. 2013, https://ebiquity.umbc.edu/paper/html/id/625/Detecting-Data-Exfiltration-by-Integrating-Information-Across-Layers | en_US |
| dc.identifier.uri | http://hdl.handle.net/11603/11849 | |
| dc.identifier.uri | 10.1109/IRI.2013.6642487 | |
| dc.language.iso | en_US | en_US |
| dc.publisher | IEEE | en_US |
| dc.relation.isAvailableAt | The University of Maryland, Baltimore County (UMBC) | |
| dc.relation.ispartof | UMBC Computer Science and Electrical Engineering Department Collection | |
| dc.relation.ispartof | UMBC Faculty Collection | |
| dc.rights | This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author. | |
| dc.rights | © 2013 IEEE | |
| dc.subject | Cybersecurity | en_US |
| dc.subject | exfiltration | en_US |
| dc.subject | intrusion | en_US |
| dc.subject | malware | en_US |
| dc.subject | security | en_US |
| dc.subject | intrusion detection system (IDS) | en_US |
| dc.title | Detecting Data Exfiltration by Integrating Information Across Layers | en_US |
| dc.type | Text | en_US |