An Unsupervised Method for Timely Exfiltration Attack Discovery

Feng Yun; Liu Baoxu; Zhang Jinli; Wang Xutong; Liu Chaoge; Shen Mingzhe; Liu Qixu

doi:10.7544/issn1000-1239.2021.20200902

Journal of Computer Research and Development > 2021 > 58(5): 995-1005. > DOI: 10.7544/issn1000-1239.2021.20200902 CSTR: 32373.14.issn1000-1239.2021.20200902

Feng Yun, Liu Baoxu, Zhang Jinli, Wang Xutong, Liu Chaoge, Shen Mingzhe, Liu Qixu. An Unsupervised Method for Timely Exfiltration Attack Discovery[J]. Journal of Computer Research and Development, 2021, 58(5): 995-1005. DOI: 10.7544/issn1000-1239.2021.20200902

Citation:

PDF (1221 KB)

An Unsupervised Method for Timely Exfiltration Attack Discovery

(Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093) (School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049)

Funds: This work was supported by the National Natural Science Foundation of China (61902396), the Youth Innovation Promotion Association of Chinese Academy of Sciences (2019163), the Strategic Priority Research Program of Chinese Academy of Sciences (XDC02040100), the Project of the Key Laboratory of Network Assessment Technology at Chinese Academy of Sciences, and the Project of Beijing Key Laboratory of Network Security and Protection Technology.

More Information

Published Date: April 30, 2021

Graphical Abstract

Abstract

Abstract

In recent years, exfiltration attacks have become one of the severest threats to cyber security. In addition to malware, human beings, especially insiders, can also become the executor of the attack. The obvious anomalous digital footprint left by an insider can be minuscule, which brings challenges to timely attack discovery and malicious operation analysis and reconstruction in real-world scenarios. To address the challenge, a method is proposed, which treats each user as an independent subject and detects the anomaly by comparing the deviation between current behavior and the normal historical behavior. We take one session as a unit to achieve timely attack discovery. We use unsupervised algorithms to avoid the need for a large number of labeled data, which is more practical to real-world scenarios. For the anomalous session detected by the algorithm, we further propose to construct event chains. On the one hand, it can restore the specific exfiltration operation; on the other hand, it can determine the attack more accurately by matching it with the exfiltration attack mode. Then, the experiments are undertaken using the public CMU CERT insider threat dataset, and the results show that the accuracy rates were more than 99%, and there were no false-negative and low false-positive, demonstrate that our method is effective and superior.
- exfiltration attack discovery,
- user events,
- insider threat detection,
- unsupervised algorithm,
- clustering,
- event chain

FullText(HTML)

References (0)

[1]	Yue Wenjing, Qu Wenwen, Lin Kuan, Wang Xiaoling. Survey of Cardinality Estimation Techniques Based on Machine Learning[J]. Journal of Computer Research and Development, 2024, 61(2): 413-427. DOI: 10.7544/issn1000-1239.202220649
[2]	Li Jianing, Xiong Ruibin, Lan Yanyan, Pang Liang, Guo Jiafeng, Cheng Xueqi. Overview of the Frontier Progress of Causal Machine Learning[J]. Journal of Computer Research and Development, 2023, 60(1): 59-84. DOI: 10.7544/issn1000-1239.202110780
[3]	Wang Ye, Chen Junwu, Xia Xin, Jiang Bo. Intelligent Requirements Elicitation and Modeling: A Literature Review[J]. Journal of Computer Research and Development, 2021, 58(4): 683-705. DOI: 10.7544/issn1000-1239.2021.20200740
[4]	Chen Jinyin, Chen Yipeng, Chen Yiming, Zheng Haibin, Ji Shouling, Shi Jie, Cheng Yao. Fairness Research on Deep Learning[J]. Journal of Computer Research and Development, 2021, 58(2): 264-280. DOI: 10.7544/issn1000-1239.2021.20200758
[5]	Cheng Keyang, Wang Ning, Shi Wenxi, Zhan Yongzhao. Research Advances in the Interpretability of Deep Learning[J]. Journal of Computer Research and Development, 2020, 57(6): 1208-1217. DOI: 10.7544/issn1000-1239.2020.20190485
[6]	Liu Chenyi, Xu Mingwei, Geng Nan, Zhang Xiang. A Survey on Machine Learning Based Routing Algorithms[J]. Journal of Computer Research and Development, 2020, 57(4): 671-687. DOI: 10.7544/issn1000-1239.2020.20190866
[7]	Liu Junxu, Meng Xiaofeng. Survey on Privacy-Preserving Machine Learning[J]. Journal of Computer Research and Development, 2020, 57(2): 346-362. DOI: 10.7544/issn1000-1239.2020.20190455
[8]	Ji Shouling, Li Jinfeng, Du Tianyu, Li Bo. Survey on Techniques, Applications and Security of Machine Learning Interpretability[J]. Journal of Computer Research and Development, 2019, 56(10): 2071-2096. DOI: 10.7544/issn1000-1239.2019.20190540
[9]	Meng Xiaofeng, Ma Chaohong, Yang Chen. Survey on Machine Learning for Database Systems[J]. Journal of Computer Research and Development, 2019, 56(9): 1803-1820. DOI: 10.7544/issn1000-1239.2019.20190446
[10]	Yu Kai, Jia Lei, Chen Yuqiang, and Xu Wei. Deep Learning: Yesterday, Today, and Tomorrow[J]. Journal of Computer Research and Development, 2013, 50(9): 1799-1804.

Cited By

Cited by

Periodical cited type(5)

1.	周军芽，吴进伟，吴广飞，张何为. 基于Bi-LSTM神经网络的短文本敏感词识别方法. 武汉理工大学学报(信息与管理工程版). 2024(02): 312-316 .
2.	石新满，胡广林，邵鑫，赵新爽，张思慧，乔晓. 基于人工智能大语言模型技术的电网优化运行应用分析. 自动化与仪器仪表. 2024(08): 180-184 .
3.	李卓卓，蒋雨萌. 信息隐私量表对象、指标和应用的研究与展望. 情报理论与实践. 2024(10): 41-52 .
4.	谭九生，李猛. 人机融合智能的伦理风险及其适应性治理. 昆明理工大学学报(社会科学版). 2022(03): 37-45 .
5.	潘旭东，张谧，杨珉. 基于神经元激活模式控制的深度学习训练数据泄露诱导. 计算机研究与发展. 2022(10): 2323-2337 . 本站查看