通过跨层集成信息来检测数据泄露

2013 IEEE 14th International Conference on Information Reuse & Integration (IRI) Pub Date : 2013-10-24 DOI:10.1109/IRI.2013.6642487

Puneet Sharma, A. Joshi, Timothy W. Finin

{"title":"通过跨层集成信息来检测数据泄露","authors":"Puneet Sharma, A. Joshi, Timothy W. Finin","doi":"10.1109/IRI.2013.6642487","DOIUrl":null,"url":null,"abstract":"Data exfiltration is the unauthorized leakage of confidential data from a system. Unlike intrusions that seek to overtly disable or damage a system, it is particularly hard to detect because it uses a variety of low/slow vectors and advanced persistent threats (APTs). It is often assisted (intentionally or not) by an insider who might be an employee who downloads a trojan or uses a hardware component that has been tampered with or acquired from an unreliable source. Conventional scan and test based detection approaches work poorly, especially for hardware with embedded trojans. We describe a framework to detect potential exfiltration events that actively monitors of a set of key parameters that cover the entire stack, from hardware to the application layer. An attack alert is generated only if several monitors detect suspicious activity within a short temporal window. The cross-layer monitoring and integration helps ensure accurate alerts with fewer false positives and makes designing a successful attack more difficult.","PeriodicalId":418492,"journal":{"name":"2013 IEEE 14th International Conference on Information Reuse & Integration (IRI)","volume":"55 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Detecting data exfiltration by integrating information across layers\",\"authors\":\"Puneet Sharma, A. Joshi, Timothy W. Finin\",\"doi\":\"10.1109/IRI.2013.6642487\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Data exfiltration is the unauthorized leakage of confidential data from a system. Unlike intrusions that seek to overtly disable or damage a system, it is particularly hard to detect because it uses a variety of low/slow vectors and advanced persistent threats (APTs). It is often assisted (intentionally or not) by an insider who might be an employee who downloads a trojan or uses a hardware component that has been tampered with or acquired from an unreliable source. Conventional scan and test based detection approaches work poorly, especially for hardware with embedded trojans. We describe a framework to detect potential exfiltration events that actively monitors of a set of key parameters that cover the entire stack, from hardware to the application layer. An attack alert is generated only if several monitors detect suspicious activity within a short temporal window. The cross-layer monitoring and integration helps ensure accurate alerts with fewer false positives and makes designing a successful attack more difficult.\",\"PeriodicalId\":418492,\"journal\":{\"name\":\"2013 IEEE 14th International Conference on Information Reuse & Integration (IRI)\",\"volume\":\"55 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-10-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 IEEE 14th International Conference on Information Reuse & Integration (IRI)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IRI.2013.6642487\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 IEEE 14th International Conference on Information Reuse & Integration (IRI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IRI.2013.6642487","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

摘要

数据泄露是指未经授权泄露系统中的机密数据。与试图公开禁用或破坏系统的入侵不同，它特别难以检测，因为它使用各种低/慢矢量和高级持续威胁(apt)。它经常得到内部人员的协助(有意或无意)，这些内部人员可能是一名员工，他们下载了木马程序或使用了已被篡改或从不可靠来源获得的硬件组件。传统的基于扫描和测试的检测方法效果很差，特别是对于带有嵌入式木马的硬件。我们描述了一个框架来检测潜在的泄漏事件，该事件主动监控覆盖整个堆栈(从硬件到应用层)的一组关键参数。只有当多个监视器在短时间窗口内检测到可疑活动时，才会生成攻击警报。跨层监视和集成有助于确保准确的警报，减少误报，并使设计成功的攻击变得更加困难。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Detecting data exfiltration by integrating information across layers

Data exfiltration is the unauthorized leakage of confidential data from a system. Unlike intrusions that seek to overtly disable or damage a system, it is particularly hard to detect because it uses a variety of low/slow vectors and advanced persistent threats (APTs). It is often assisted (intentionally or not) by an insider who might be an employee who downloads a trojan or uses a hardware component that has been tampered with or acquired from an unreliable source. Conventional scan and test based detection approaches work poorly, especially for hardware with embedded trojans. We describe a framework to detect potential exfiltration events that actively monitors of a set of key parameters that cover the entire stack, from hardware to the application layer. An attack alert is generated only if several monitors detect suspicious activity within a short temporal window. The cross-layer monitoring and integration helps ensure accurate alerts with fewer false positives and makes designing a successful attack more difficult.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2013 IEEE 14th International Conference on Information Reuse & Integration (IRI)

自引率

0.00%

发文量