There is a growing concern across the globe about exfiltration of sensitive data over network. This coupled with the increase in other insider threats pose greater challenge. Present day perimeter security solutions such as Intrusion detection & prevention system, firewall are not capable of detecting data-exfiltration. Also existing behavior models that can detect intrusions and worms do not incorporate mechanims to detect data-exfiltration. Devising an exclusive behavior based model is essential to detect data-exfiltration over network by utilizing parameters from both system and network.In this paper, we present a behavior approach based on Kernel Density Estimation (KDE) and co-relation co-efficient methods to detect data-exfiltration. Firstly, during the learning phase, we profile each host in a network and compute KDE values individually for system and network parameters. Secondly, during the detection phase we compute KDEs for the identified parameters and then correlate current KDE values with the learnt KDE values using Carl Pearsons correlation coefficient method to detect data-exfiltration over the network. We present our approach, analysis and the findings based on our model. Results obtained reveal that our approach detect data-exfiltration incidents over the network.Index Terms-Insider attack, data-exfiltration, network anomaly detection and host anomaly detection
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.