• 中国精品科技期刊
  • CCF推荐A类中文期刊
  • 计算领域高质量科技期刊T1类
Advanced Search
Feng Yun, Liu Baoxu, Zhang Jinli, Wang Xutong, Liu Chaoge, Shen Mingzhe, Liu Qixu. An Unsupervised Method for Timely Exfiltration Attack Discovery[J]. Journal of Computer Research and Development, 2021, 58(5): 995-1005. DOI: 10.7544/issn1000-1239.2021.20200902
Citation: Feng Yun, Liu Baoxu, Zhang Jinli, Wang Xutong, Liu Chaoge, Shen Mingzhe, Liu Qixu. An Unsupervised Method for Timely Exfiltration Attack Discovery[J]. Journal of Computer Research and Development, 2021, 58(5): 995-1005. DOI: 10.7544/issn1000-1239.2021.20200902

An Unsupervised Method for Timely Exfiltration Attack Discovery

Funds: This work was supported by the National Natural Science Foundation of China (61902396), the Youth Innovation Promotion Association of Chinese Academy of Sciences (2019163), the Strategic Priority Research Program of Chinese Academy of Sciences (XDC02040100), the Project of the Key Laboratory of Network Assessment Technology at Chinese Academy of Sciences, and the Project of Beijing Key Laboratory of Network Security and Protection Technology.
More Information
  • Published Date: April 30, 2021
  • In recent years, exfiltration attacks have become one of the severest threats to cyber security. In addition to malware, human beings, especially insiders, can also become the executor of the attack. The obvious anomalous digital footprint left by an insider can be minuscule, which brings challenges to timely attack discovery and malicious operation analysis and reconstruction in real-world scenarios. To address the challenge, a method is proposed, which treats each user as an independent subject and detects the anomaly by comparing the deviation between current behavior and the normal historical behavior. We take one session as a unit to achieve timely attack discovery. We use unsupervised algorithms to avoid the need for a large number of labeled data, which is more practical to real-world scenarios. For the anomalous session detected by the algorithm, we further propose to construct event chains. On the one hand, it can restore the specific exfiltration operation; on the other hand, it can determine the attack more accurately by matching it with the exfiltration attack mode. Then, the experiments are undertaken using the public CMU CERT insider threat dataset, and the results show that the accuracy rates were more than 99%, and there were no false-negative and low false-positive, demonstrate that our method is effective and superior.
  • Related Articles

    [1]Yang Niya, Peng Tao, Liu Lu. Link Prediction Method Based on Clustering and Decision Tree[J]. Journal of Computer Research and Development, 2017, 54(8): 1795-1803. DOI: 10.7544/issn1000-1239.2017.20170172
    [2]Lou Zhengzheng, Ye Yangdong, and Liu Ruina. Non-Redundant Multi-View Clustering Based on Information Bottleneck[J]. Journal of Computer Research and Development, 2013, 50(9): 1865-1875.
    [3]Hou Wei, Dong Hongbin, Yin Guisheng. A Membership Degree Refinement-Based Evolutionary Clustering Algorithm[J]. Journal of Computer Research and Development, 2013, 50(3): 548-558.
    [4]Chong Zhihong, Ni Weiwei, Liu Tengteng, and Zhang Yong. A Privacy-Preserving Data Publishing Algorithm for Clustering Application[J]. Journal of Computer Research and Development, 2010, 47(12).
    [5]Lü Zonglei, Wang Jiandong, Li Ying, and Zai Yunfeng. An Index of Cluster Validity Based on Modal Logic[J]. Journal of Computer Research and Development, 2008, 45(9): 1477-1485.
    [6]Zhang Gang, Liu Yue, Guo Jiafeng, and Cheng Xueqi. A Hierarchical Search Result Clustering Method[J]. Journal of Computer Research and Development, 2008, 45(3): 542-547.
    [7]Jin Yifu, Zhu Qingsheng, Xing Yongkang. An Algorithm for Clustering of Outliers Based on Key Attribute Subspace[J]. Journal of Computer Research and Development, 2007, 44(4): 651-659.
    [8]Yi Gaoxiang and Hu Heping. A Web Search Result Clustering Based on Tolerance Rough Set[J]. Journal of Computer Research and Development, 2006, 43(2): 275-280.
    [9]Duan Jiangjiao, Xue Yongsheng, Lin Ziyu, Wang Wei, Shi Baile. A Novel Hidden Markov Model-Based Hierarchical Time-Series Clustering Algorithm[J]. Journal of Computer Research and Development, 2006, 43(1): 61-67.
    [10]Li Kai, Huang Houkuan. A Selective Approach to Neural Network Ensemble Based on Clustering Technology[J]. Journal of Computer Research and Development, 2005, 42(4): 594-598.
  • Cited by

    Periodical cited type(29)

    1. 丁森阳,徐向华. 基于字段信息和覆盖率反馈的协议模糊测试方法. 软件工程. 2025(02): 56-60+66 .
    2. 唐成华,蔡维嘉,杨萌萌,强保华. CBFuzzer:基于执行上下文导向及保护突破的程序缺陷模糊检测. 计算机研究与发展. 2025(03): 790-807 . 本站查看
    3. 陆力瑜,刘媛,洪超,曹扬,莫蓓蓓,匡晓云,杨祎巍. 基于影响性导向的模糊测试种子筛选方法. 网络安全技术与应用. 2024(02): 44-46 .
    4. 侍言,羌卫中,邹德清,金海. 进化内核模糊测试研究综述. 网络与信息安全学报. 2024(01): 1-21 .
    5. 王明义,甘水滔,王晓锋,刘渊. 基于种子智能生成的内核模糊测试模型. 信息安全学报. 2024(03): 124-137 .
    6. 李志博,李清宝,兰明敬. 基于ART优化选择策略的遗传算法生成测试数据方法. 计算机科学. 2024(06): 95-103 .
    7. 崔展齐,张家铭,郑丽伟,陈翔. 覆盖率制导的灰盒模糊测试研究综述. 计算机学报. 2024(07): 1665-1696 .
    8. 王琴应,许嘉诚,李宇薇,潘祖烈,张玉清,张超,纪守领. 智能模糊测试综述:问题探索和方法分类. 计算机学报. 2024(09): 2059-2083 .
    9. 许爱东,徐培明,尚进,孙钦东. 基于强化学习多算法组合模型的智能化模糊测试技术. 计算机工程与应用. 2024(20): 284-292 .
    10. 张翔,王峰,李兴华,查娟娟,叶家敏. 基于包序列变异和反馈引导的电力通信协议模糊测试方法. 宁夏电力. 2024(05): 70-75 .
    11. 刘羿希,何俊,吴波,刘丙童,李子玉. DevSecOps中软件安全性测试技术综述. 计算机应用. 2024(11): 3470-3478 .
    12. 李泽源,尹中旭,宗国笑,桑海涯. 基于多目标支配分析和路径动态修剪优化的定向模糊测试技术. 计算机应用研究. 2024(11): 3455-3463 .
    13. 纪守领,王琴应,陈安莹,赵彬彬,叶童,张旭鸿,吴敬征,李昀,尹建伟,武延军. 开源软件供应链安全研究综述. 软件学报. 2023(03): 1330-1364 .
    14. 孙力立 ,张培华 ,武成岗 ,王喆 . JavaScript引擎JIT代码的类型混淆缺陷检测器. 高技术通讯. 2023(03): 251-260 .
    15. 白英民,师智斌,信文阁,窦建民,张舒娟,王子建. 基于词嵌入与Shapelet时序特征的智能合约漏洞检测方法研究. 中北大学学报(自然科学版). 2023(04): 381-387 .
    16. 樊志强,王洪宇,刘日昇. 命令行接口模糊测试漏洞挖掘研究及应用. 网络安全与数据治理. 2023(07): 61-66+78 .
    17. 王鹃,张冲,龚家新,李俊娥. 基于机器学习的模糊测试研究综述. 信息网络安全. 2023(08): 1-16 .
    18. 李航宇,方浩然,曲彦文,郭帆. ADFuzz:使用异常检测筛选低频路径高效模糊测试. 计算机研究与发展. 2023(08): 1912-1924 . 本站查看
    19. 刘博洋,刘潮,任艺琳,满芮,苗晗. 基于模糊测试工控协议漏洞挖掘技术研究. 科技风. 2023(24): 78-80 .
    20. 白海波. 人工智能技术在模糊测试中的应用. 数字技术与应用. 2023(08): 16-18 .
    21. 张颖君,周赓,程亮,孙晓山,张阳. 基于双重覆盖信息协同的协议模糊测试. 计算机系统应用. 2023(09): 32-42 .
    22. 王宇,黄松,曲豫宾. 面向深度学习的模糊测试研究进展. 安庆师范大学学报(自然科学版). 2023(03): 66-73 .
    23. 陈锦山,余斯航,祁琦,孙鑫,安珂欣,李俊娥. 针对VxWorks电力工控终端的模糊测试方法. 电力信息与通信技术. 2023(09): 15-22 .
    24. 郑鹏,沙乐天. 基于混合分析的Java反序列化漏洞检测方法. 计算机工程. 2023(12): 136-145 .
    25. 王雨绚,张之江,姚旭寅,李伟杰,杨融. 机载网络安保测试方法研究. 工业控制计算机. 2022(03): 95-97 .
    26. 刘林彬,苗泉强,李俊娥. 基于模糊测试的GOOSE协议解析漏洞挖掘方法. 中国电力. 2022(04): 33-43 .
    27. 程亮,王化磊,张阳,孙晓山. 基于聚类和新覆盖信息的模糊测试改进. 计算机系统应用. 2022(09): 192-200 .
    28. 王朝晖,殷哲,刘娟. 软件供应链开源组件安全风险评估. 电子技术与软件工程. 2022(22): 80-84 .
    29. 张琦,马莺姿. 模糊测试器AFL种子变异策略优化研究. 现代信息科技. 2021(24): 142-145 .

    Other cited types(81)

Catalog

    Article views (701) PDF downloads (371) Cited by(110)

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return