An Unsupervised Method for Timely Exfiltration Attack Discovery

Feng Yun; Liu Baoxu; Zhang Jinli; Wang Xutong; Liu Chaoge; Shen Mingzhe; Liu Qixu

doi:10.7544/issn1000-1239.2021.20200902

Journal of Computer Research and Development > 2021 > 58(5): 995-1005. > DOI: 10.7544/issn1000-1239.2021.20200902

Feng Yun, Liu Baoxu, Zhang Jinli, Wang Xutong, Liu Chaoge, Shen Mingzhe, Liu Qixu. An Unsupervised Method for Timely Exfiltration Attack Discovery[J]. Journal of Computer Research and Development, 2021, 58(5): 995-1005. DOI: 10.7544/issn1000-1239.2021.20200902

Citation:

PDF (1221 KB)

An Unsupervised Method for Timely Exfiltration Attack Discovery

(Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093) (School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049)

Funds: This work was supported by the National Natural Science Foundation of China (61902396), the Youth Innovation Promotion Association of Chinese Academy of Sciences (2019163), the Strategic Priority Research Program of Chinese Academy of Sciences (XDC02040100), the Project of the Key Laboratory of Network Assessment Technology at Chinese Academy of Sciences, and the Project of Beijing Key Laboratory of Network Security and Protection Technology.

More Information

Published Date: April 30, 2021

Graphical Abstract

Abstract

Abstract

In recent years, exfiltration attacks have become one of the severest threats to cyber security. In addition to malware, human beings, especially insiders, can also become the executor of the attack. The obvious anomalous digital footprint left by an insider can be minuscule, which brings challenges to timely attack discovery and malicious operation analysis and reconstruction in real-world scenarios. To address the challenge, a method is proposed, which treats each user as an independent subject and detects the anomaly by comparing the deviation between current behavior and the normal historical behavior. We take one session as a unit to achieve timely attack discovery. We use unsupervised algorithms to avoid the need for a large number of labeled data, which is more practical to real-world scenarios. For the anomalous session detected by the algorithm, we further propose to construct event chains. On the one hand, it can restore the specific exfiltration operation; on the other hand, it can determine the attack more accurately by matching it with the exfiltration attack mode. Then, the experiments are undertaken using the public CMU CERT insider threat dataset, and the results show that the accuracy rates were more than 99%, and there were no false-negative and low false-positive, demonstrate that our method is effective and superior.
- exfiltration attack discovery,
- user events,
- insider threat detection,
- unsupervised algorithm,
- clustering,
- event chain

FullText(HTML)

References (0)

Cited By

Cited by

Periodical cited type(19)

1.	郑晨颖，陈颖悦，侯贤宇，江连吉，廖亮. 一种邻域粒的模糊C均值聚类算法. 山东大学学报(理学版). 2024(05): 35-44 .
2.	刘帆，王凤美. 多模态内容安全审核系统构建思考. 中国传媒科技. 2023(04): 149-153 .
3.	季长清，王兵兵，秦静，汪祖民. 深度特征的实例图像检索算法综述. 计算机科学与探索. 2023(07): 1565-1575 .
4.	周成龙，陈玉明，朱益冬. 粒K均值聚类算法. 计算机工程与应用. 2023(13): 317-324 .
5.	张家钧，唐云祁，杨智雄，耿鹏志. 基于注意力机制的鞋型识别算法. 激光与光电子学进展. 2022(02): 365-373 .
6.	于伟，邱彩华. 一种基于深度学习的异质域检索方法. 安徽大学学报(自然科学版). 2022(04): 30-37 .
7.	杨得国，马兰萍，聂毓. 基于PCANet和SVM的病变眼底图像检测算法. 江西师范大学学报(自然科学版). 2022(04): 372-378 .
8.	关海鹏，任燕，赵秋霞. 集成局部和全局特征的舰船图像检索算法. 舰船科学技术. 2021(02): 100-102 .
9.	魏明珠，郑荣，杨竞雄. 基于深度学习的图像检索研究进展. 情报科学. 2021(05): 184-192 .
10.	毛亚青，王亮，胡俊峰. 基于加权深度特征的医学图像并行检索仿真. 计算机仿真. 2021(11): 438-444 .
11.	余鹰，朱慧琳，钱进，潘诚，苗夺谦. 基于深度学习的人群计数研究综述. 计算机研究与发展. 2021(12): 2724-2747 . 本站查看
12.	谭翔纬. 基于支持向量机和用户反馈的图像检索算法. 吉林大学学报(理学版). 2020(04): 899-905 .
13.	张超，林正春，姜允志，贾西平，王静. 用于图像检索的多区域深度特征加权聚合算法. 软件导刊. 2020(10): 133-137 .
14.	梁观术，曹江中，戴青云，黄云飞. 一种基于注意力机制的无监督商标检索方法. 广东工业大学学报. 2020(06): 41-49 .
15.	李英成，钱赛男，朱祥娥，刘晓龙，李晶晶. 卷积神经网络在大规模图像分类中的应用. 测绘科学. 2019(06): 121-125 .
16.	邵福波，黄静. 图像检索研究综述. 山东化工. 2019(15): 81-82 .
17.	石文浩，孟军，张朋，刘婵娟. 融合CNN和Bi-LSTM的miRNA-lncRNA互作关系预测模型. 计算机研究与发展. 2019(08): 1652-1660 . 本站查看
18.	欧焱，冯煜晶，李文明，叶笑春，王达，范东睿. 面向数据流结构的指令内访存冲突优化研究. 计算机研究与发展. 2019(12): 2720-2732 . 本站查看
19.	陈思聪. 基于兴趣点局部分布特征的图像检索研究. 微型电脑应用. 2019(12): 114-116+154 .