Browse > Article
http://dx.doi.org/10.5762/KAIS.2016.17.9.440

Comparison and Analysis of Anomaly Detection Methods for Detecting Data Exfiltration  

Lim, Wongi (The 2nd Institute 3rd Directorate, Agency for Defense Development)
Kwon, Koohyung (The 2nd Institute 3rd Directorate, Agency for Defense Development)
Kim, Jung-Jae (Dept. of Computer Science, Kwangwoon University)
Lee, Jong-Eon (Tactical Communication Team, Hanwha Systems)
Cha, Si-Ho (Dept. of Multimedia Science, Chungwoon University)
Publication Information
Journal of the Korea Academia-Industrial cooperation Society / v.17, no.9, 2016 , pp. 440-446 More about this Journal
Abstract
Military secrets or confidential data of any organization are extremely important assets. They must be discluded from outside. To do this, methods for detecting anomalous attacks and intrusions inside the network have been proposed. However, most anomaly-detection methods only cover aspects of intrusion from outside and do not deal with internal leakage of data, inflicting greater damage than intrusions and attacks from outside. In addition, applying conventional anomaly-detection methods to data exfiltration creates many problems, because the methods do not consider a number of variables or the internal network environment. In this paper, we describe issues considered in data exfiltration detection for anomaly detection (DEDfAD) to improve the accuracy of the methods, classify the methods as profile-based detection or machine learning-based detection, and analyze their advantages and disadvantages. We also suggest future research challenges through comparative analysis of the issues with classification of the detection methods.
Keywords
Data Exfilteration; Anomaly Detection; Information Leakage; Machine Learning; Insider Threat Prediction;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 V. Chandola, A. Banerjee, V. Kumar, "Anomaly Detection for Discrete Sequences: A Survey", IEEE Transactions on Knowledge and Data Engineering, vol. 24, no. 5, May 2012. DOI: http://dx.doi.org/10.1109/TKDE.2010.235
2 G. B. Magklaras, "Insider Threat Prediction Tool: Evaluating the probability of IT misuse", Elsevier Science C&C, 2002.
3 Y. Liu, "SIDD: A Framework for Detecting Sensitive Data Exfiltration by an Insider Attack ", IEEE HICSS, 2009. DOI: http://dx.doi.org/10.1109/HICSS.2009.390
4 A. Al-Bataineh, "Analysis and Detection of Malicious Data Exfiltration in Web Traffic", IEEE Malicious and Unwanted Software, 2012. DOI: http://dx.doi.org/10.1109/malware.2012.6461004
5 R. Ramachandran, "Behavior model for Detecting data Exfiltration in Network Environment", IEEE, 2011. DOI: http://dx.doi.org/10.1109/imsaa.2011.6156340
6 P. Parveen, "Insider Threat Detection using Stream Mining and Graph Mining", IEEE ICSC, 2012.
7 Monowar H. Bhuyan, D. K. Bhattacharyya, and J. K. Kalita, "Network Anomaly Detection : Methods, Systems and Tools", IEEE Communications Surveys & Tutorials, vol. 16, no. 1, 2014. DOI: http://dx.doi.org/10.1109/SURV.2013.052213.00046
8 W.-S. Kim, S. Kim, "A Study on Information Effluence State and Measure by Peer-to-Peer Programs in Korea and Japan", The Journal of The Institute of Webcasting, Internet Television and Telecommunication, vol. 9 no. 1, pp. 67-74, 2009.
9 V. Chandola, A. Banerjee, Vipin Kumar, "Anomaly detection : A survey", ACM Computing Surveys(CSUR), vol. 41 no. 3, 2009. DOI: http://dx.doi.org/10.1145/1541880.1541882
10 F. Sabahi, A. Movaghar, "Intrusion Detection : A Survey", The Third International Conference on Systems and Networks Communications, pp. 23-26, 2008. DOI: http://dx.doi.org/10.1109/icsnc.2008.44
11 M. B. Salem, S. Hershkop, S. J. Stoplfo, "A Survey of Insider Attack Detection Research", Insider Attack and Cyber Security, vol. 39, pp. 69-90, 2008. DOI: http://dx.doi.org/10.1007/978-0-387-77322-3_5   DOI
12 M. R. Randazzo, M. Keeney, E. Kowalski, D. Cappelli, and A. Moore, "Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector", CERT and the National Threat Assessment Center, Aug. 2004.
13 E. D. Shaw, K. G. Ruby, and J. M. Post, "The insider threat to information systems: The psychology of the dangerous insider", Security Awareness Bulletin, vol. 2-98, pp. 27-46, Sept. 1998.
14 L. Spitzner, "Honeypots: catching the insider threat", Proceedings of 19th Annual Computer Security Applications Conference, pp. 170-179, Dec. 2003. DOI: http://dx.doi.org/10.1109/csac.2003.1254322
15 S. Y. Lim, A. Jones, "Network Anomaly Detection System : The State of art of Network Behaviour Analysis", International Conference on Convergence and Hybrid Information Technology, 2008. DOI: http://dx.doi.org/10.1109/ichit.2008.249
16 V. J. Hodge, J. Austin, "A Survey of Outlier Detection Methologies", Artificial Intelligence Review, vol. 22, no. 2, pp. 85-126, 2004. DOI: http://dx.doi.org/10.1023/B:AIRE.0000045502.10941.a9   DOI
17 B. J. Lee, H. S. Jeon, H. Y. Song, "Information-Centric Networking Research Trend", Electronics and Telecommunications Trends, 2012.
18 S. J. Oh, "An Anomaly Detection Method for the Security of VANETs", The Journal of The Institute of Internet, Broadcasting and Communication, vol. 14, no. 6, pp. 175-185, 2014.   DOI
19 S. J. Oh, "Design and Evaluation of a Weighted Intrusion Detection Method for VANETs", The Journal of The Institute of Webcasting, Internet and Telecommunication, vol. 11, no. 3, pp. 181-188, 2011.
20 S. Kim, S.-J. Oh, "A Big Data Application for Anomaly Detection in VANETs", The Journal of The Institute of Internet, Broadcasting and Communication (IIBC), vol. 14, no. 6, pp. 175-181, Dec. 2014. DOI: http://dx.doi.org/10.7236/JIIBC.2014.14.6.175   DOI