An integrated data exfiltration monitoring tool for a large organization with highly confidential data source

Data security in a highly confidential large network is of paramount importance. Confidential data networks belonging to secret agencies and government organizations are common targets for data exfiltration. This has become a growing concern in such networks. Present day intrusion detection and prevention systems and firewalls cannot possibly prevent an insider exfiltrating vital data for ulterior purposes. Hence developing an exfiltration detection tool that exclusively detects data exfiltration is of much importance. In this paper, we present an integrated monitoring tool that detects data exfiltration. This tool employs twofold approach in detecting exfiltration 1) Profiling traffic - in/out correlation 2) Estimating FTP Server access.

[1]  Yi Hu,et al.  Profiling file repository access patterns for identifying data exfiltration activities , 2011, 2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS).

[2]  Ajay Shankar Bidyarthy,et al.  Behavior model for detecting data exfiltration in network environment , 2011, 2011 IEEE 5th International Conference on Internet Multimedia Systems Architecture and Application.

[3]  Amin Hassanzadeh,et al.  Intrusion Detection with Data Correlation Relation Graph , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[4]  Kenton Born Browser-Based Covert Data Exfiltration , 2010, ArXiv.

[5]  Yali Liu,et al.  SIDD: A Framework for Detecting Sensitive Data Exfiltration by an Insider Attack , 2008, 2009 42nd Hawaii International Conference on System Sciences.

[6]  Tyrell William Fawcett EXFILD: A TOOL FOR THE DETECTION OF DATA EXFILTRATION USING ENTROPY AND ENCRYPTION CHARACTERISTICS OF NETWORK TRAFFIC , 2010 .

[7]  Nitha Rachel Suresh,et al.  Security concerns for cloud computing in aircraft data networks , 2011, 2011 International Conference for Internet Technology and Secured Transactions.