Sharma, PuneetJoshi, AnupamFinin, Tim2018-11-022018-11-022013-08-14Puneet Sharma, Anupam Joshi and Tim Finin, Detecting Data Exfiltration by Integrating Information Across Layers, IEEE 14th Int. Conf. on Information Reuse and Integration, San Francisco, Aug. 2013, https://ebiquity.umbc.edu/paper/html/id/625/Detecting-Data-Exfiltration-by-Integrating-Information-Across-Layershttp://hdl.handle.net/11603/1184910.1109/IRI.2013.664248714th IEEE International Conference on Information Reuse and IntegrationData exfiltration is the unauthorized leakage of confidential data from a system. Unlike intrusions that seek to overtly disable or damage a system, it is particularly hard to detect because it uses a variety of low/slow vectors and advanced persistent threats (APTs). It is often assisted (intentionally or not) by an insider who might be an employee who downloads a trojan or uses a hardware component that has been tampered with or acquired from an unreliable source. Conventional scan and test based detection approaches work poorly, especially for hardware with embedded trojans. We describe a framework to detect potential exfiltration events that actively monitors of a set of key parameters that cover the entire stack, from hardware to the application layer. An attack alert is generated only if several monitors detect suspicious activity within a short temporal window. The cross-layer monitoring and integration helps ensure accurate alerts with fewer false positives and makes designing a successful attack more difficult.8 pagesen-USThis item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.© 2013 IEEECybersecurityexfiltrationintrusionmalwaresecurityintrusion detection system (IDS)Text