Discovering Exfiltration Paths Using Reinforcement Learning with Attack Graphs | IEEE Conference Publication | IEEE Xplore
Scheduled Maintenance: On Monday, 30 June, IEEE Xplore will undergo scheduled maintenance from 1:00-2:00 PM ET (1800-1900 UTC).
On Tuesday, 1 July, IEEE Xplore will undergo scheduled maintenance from 1:00-5:00 PM ET (1800-2200 UTC).
During these times, there may be intermittent impact on performance. We apologize for any inconvenience.
Subscribe
ADVANCED SEARCH
Conferences >2022 IEEE Conference on Depen...

Discovering Exfiltration Paths Using Reinforcement Learning with Attack Graphs

PDF
Tyler Cody; Abdul Rahman; Christopher Redino; Lanxiao Huang; Ryan Clark; Akshay Kakkar
All Authors

Abstract:

Reinforcement learning (RL), in conjunction with attack graphs and cyber terrain, are used to develop reward and state associated with determination of optimal paths for ...Show More

Metadata

Abstract:

Reinforcement learning (RL), in conjunction with attack graphs and cyber terrain, are used to develop reward and state associated with determination of optimal paths for exfiltration of data in enterprise networks. This work builds on previous crown jewels (CJ) identification that focused on the target goal of computing optimal paths that adversaries may traverse toward compromising CJs or hosts within their proximity. This work inverts the previous CJ approach based on the assumption that data has been stolen and now must be quietly exfiltrated from the network. RL is utilized to support the development of a reward function based on the identification of those paths where adversaries desire reduced detection. Results demonstrate promising performance for a sizable network environment.
Published in: 2022 IEEE Conference on Dependable and Secure Computing (DSC)
Date of Conference: 22-24 June 2022
Date Added to IEEE Xplore: 26 September 2022
ISBN Information:
DOI: 10.1109/DSC54232.2022.9888919
Conference Location: Edinburgh, United Kingdom
Contents

I. Introduction

The National Institute of Standards and Technology (NIST) special publication 800–53 revision 5 states that ex filtration

NIST 800-53r5 [1] states specifically that ex filtration lies within security control SC-07 (10) for boundary protection to prevent unauthorized data movement (exfiltration).

(also called exfil) is the unauthorized movement of data within a network [1]. Many times, cyber attacks are considered successful if they exfiltrate data for monetary, disruptive, or competitive gain. Detection of exfiltration can be plagued with technical challenges as adversaries routinely encapsulate data within typically allowable protocols (e.g., http(s), DNS) which make it significantly harder to defend. Additionally, adver-saries have been known to prefer traversing certain network paths for data theft to reduce detection and tripping cyber defenses so they do not raise suspicions.

Contact IEEE to Subscribe
More Like This
Autonomous Security Analysis and Penetration Testing

2020 16th International Conference on Mobility, Sensing and Networking (MSN)

Published: 2020

Re-Pen: Reinforcement Learning-Enforced Penetration Testing for SoC Security Verification

IEEE Transactions on Very Large Scale Integration (VLSI) Systems

Published: 2025

Show More

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.