Detecting sensitive data exfiltration by an insider attack

  • Authors:

  • Yali Liu;Cherita Corbett;Ken Chiang;Rennie Archibald;Biswanath Mukherjee;Dipak Ghosal

  • Affiliations:

  • University of California, Davis, CA;Sandia National Laboratories, Livermore, CA;Sandia National Laboratories, Livermore, CA;University of California, Davis, CA;University of California, Davis, CA;University of California, Davis, CA

  • Venue:
  • Proceedings of the 4th annual workshop on Cyber security and information intelligence research: developing strategies to meet the cyber security and information intelligence challenges ahead
  • Year:
  • 2008

Quantified Score

Hi-index 0.00

Visualization

Abstract

Detecting and mitigating insider threat is a critical element in the overall information protection strategy. By successfully implementing tactics to detect this threat, organizations avoid the loss of sensitive information and also potentially protect against future attacks. Within the broader scope of mitigating insider threat, we focus on detecting exfiltration of sensitive data through the high speed network. We propose a multilevel approach that consists of three main components: 1) network level application identification, 2) content signature generation and detection, and 3) covert communication detection. The key scientific approach used for all the above components is applying statistical and signal processing techniques on network traffic to generate signatures and/or extract features for classification purposes. We provide a summary of the approaches used in network level application identification and content signature generation and detection and briefly describe our approach in detecting covert communications. This paper touches on these issues and outlines overall directions for our research.