2013 IEEE 14th International Conference on Information Reuse & Integration (IRI) (2013)
San Francisco, CA, USA
Aug. 14, 2013 to Aug. 16, 2013
Puneet Sharma , Computer Science and Electrical Engineering, University of Maryland, Baltimore County
Anupam Joshi , Computer Science and Electrical Engineering, University of Maryland, Baltimore County
Tim Finin , Computer Science and Electrical Engineering, University of Maryland, Baltimore County
Data exfiltration is the unauthorized leakage of confidential data from a system. Unlike intrusions that seek to overtly disable or damage a system, it is particularly hard to detect because it uses a variety of low/slow vectors and advanced persistent threats (APTs). It is often assisted (intentionally or not) by an insider who might be an employee who downloads a trojan or uses a hardware component that has been tampered with or acquired from an unreliable source. Conventional scan and test based detection approaches work poorly, especially for hardware with embedded trojans. We describe a framework to detect potential exfiltration events that actively monitors of a set of key parameters that cover the entire stack, from hardware to the application layer. An attack alert is generated only if several monitors detect suspicious activity within a short temporal window. The cross-layer monitoring and integration helps ensure accurate alerts with fewer false positives and makes designing a successful attack more difficult.
Monitoring, Hardware, Sensors, Universal Serial Bus, Resource description framework, Intrusion detection, Memory management
P. Sharma, A. Joshi and T. Finin, "Detecting data exfiltration by integrating information across layers," 2013 IEEE 14th International Conference on Information Reuse & Integration (IRI), San Francisco, CA, USA, 2013, pp. 309-316.