By Topic

Behavior model for detecting data exfiltration in network environment

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Rajamenakshi Ramachandran ; Centre for Development of Advanced Computing (C-DAC) Electronics City, Bangalore ; Subramanian Neelakantan ; Ajay Shankar Bidyarthy

There is a growing concern across the globe about exfiltration of sensitive data over network. This coupled with the increase in other insider threats pose greater challenge. Present day perimeter security solutions such as Intrusion detection & prevention system, firewall are not capable of detecting data-exfiltration. Also existing behavior models that can detect intrusions and worms do not incorporate mechanims to detect data-exfiltration. Devising an exclusive behavior based model is essential to detect data-exfiltration over network by utilizing parameters from both system and network. In this paper, we present a behavior approach based on Kernel Density Estimation (KDE) and co-relation co-efficient methods to detect data-exfiltration. Firstly, during the learning phase, we profile each host in a network and compute KDE values individually for system and network parameters. Secondly, during the detection phase we compute KDEs for the identified parameters and then correlate current KDE values with the learnt KDE values using Carl Pearsons correlation coefficient method to detect data-exfiltration over the network. We present our approach, analysis and the findings based on our model. Results obtained reveal that our approach detect data-exfiltration incidents over the network.

Published in:

Internet Multimedia Systems Architecture and Application (IMSAA), 2011 IEEE 5th International Conference on

Date of Conference:

12-13 Dec. 2011