Implementing Data Exfiltration Defense in Situ: A Survey of Countermeasures and Human Involvement

In this article we consider the problem of defending against increasing data exfiltration threats in the domain of cybersecurity. We review existing work on exfiltration threats and corresponding countermeasures. We consider current problems and challenges that need to be addressed to provide a qualitatively better level of protection against data exfiltration. After considering the magnitude of the data exfiltration threat, we outline the objectives of this article and the scope of the review. We then provide an extensive discussion of present methods of defending against data exfiltration. We note that current methodologies for defending against data exfiltration do not connect well with domain experts, both as sources of knowledge and as partners in decision-making. However, human interventions continue to be required in cybersecurity. Thus, cybersecurity applications are necessarily socio-technical systems that cannot be safely and efficiently operated without considering relevant human factor issues. We conclude with a call for approaches that can more effectively integrate human expertise into defense against data exfiltration.

[1]  Hyuk-Yoon Kwon,et al.  Threat classification model for security information event management focusing on model efficiency , 2022, Comput. Secur..

[2]  Kant Daniel,et al.  Evaluation of AI-based use cases for enhancing the cyber security defense of small and medium-sized companies (SMEs) , 2022, Electronic imaging.

[3]  Samir Achraf Chamkar,et al.  THE HUMAN FACTOR CAPABILITIES IN SECURITY OPERATION CENTER (SOC) , 2021, EDPACS.

[4]  Abdelraouf Ishtaiwi,et al.  Machine Learning Based Model to Identify Firewall Decisions to Improve Cyber-Defense , 2021, International Journal on Advanced Science, Engineering and Information Technology.

[5]  Butler W. Lampson,et al.  Protection , 2021, OPSR.

[6]  Gustavo Gonzalez Granadillo,et al.  Security Information and Event Management (SIEM): Analysis, Trends, and Usage in Critical Infrastructures , 2021, Sensors.

[7]  Robert Lagerström,et al.  Cyber security threat modeling based on the MITRE Enterprise ATT&CK Matrix , 2021, Software and Systems Modeling.

[8]  Andrei Costin,et al.  Towards Practical Cybersecurity Mapping of STRIDE and CWE — a Multi-perspective Approach , 2021, 2021 29th Conference of Open Innovations Association (FRUCT).

[9]  Hamid Usefi,et al.  Incorporating Behavior in Attribute Based Access Control Model Using Machine Learning , 2021, 2021 IEEE International Systems Conference (SysCon).

[10]  Shekar Babu,et al.  Anomaly Detection using User Entity Behavior Analytics and Data Visualization , 2021, 2021 8th International Conference on Computing for Sustainable Global Development (INDIACom).

[11]  Wouter Joosen,et al.  Sharing Machine Learning Models as Indicators of Compromise for Cyber Threat Intelligence , 2021, Journal of Cybersecurity and Privacy.

[12]  M. Ali Babar,et al.  Machine Learning for Detecting Data Exfiltration , 2020, ACM Computing Surveys.

[13]  L. Maglaras,et al.  A novel Two-Factor HoneyToken Authentication Mechanism , 2020, 2021 International Conference on Computer Communications and Networks (ICCCN).

[14]  Emmanouil Vasilomanolakis,et al.  Towards systematic honeytoken fingerprinting , 2020, SIN.

[15]  Jeremy Straub,et al.  Modeling Attack, Defense and Threat Trees and the Cyber Kill Chain, ATT&CK and STRIDE Frameworks as Blackboard Architecture Networks , 2020, 2020 IEEE International Conference on Smart Cloud (SmartCloud).

[16]  Davide Castelvecchi,et al.  Quantum-computing pioneer warns of complacency over Internet security , 2020, Nature.

[17]  Salman Khaliq,et al.  Role of User and Entity Behavior Analytics in Detecting Insider Attacks , 2020, 2020 International Conference on Cyber Warfare and Security (ICCWS).

[18]  Sri Nikhil Gupta Gourisetti,et al.  Cyber Threat Dictionary Using MITRE ATT&CK Matrix and NIST Cybersecurity Framework Mapping , 2020, 2020 Resilience Week (RWS).

[19]  Alexandra Jovicic,et al.  Interactive Machine Learning for Data Exfiltration Detection: Active Learning with Human Expertise , 2020, 2020 IEEE International Conference on Systems, Man, and Cybernetics (SMC).

[20]  B. Fakiha Effectiveness of Security Incident Event Management (SIEM) System for Cyber Security Situation Awareness , 2020, Indian Journal of Forensic Medicine & Toxicology.

[21]  Blake D. Bryant,et al.  Improving SIEM alert metadata aggregation with a novel kill-chain based classification model , 2020, Comput. Secur..

[22]  Basanta Joshi,et al.  User Behavior Analytics for Anomaly Detection Using LSTM Autoencoder - Insider Threat Detection , 2020, IAIT.

[23]  Raymond Fok,et al.  Does the Whole Exceed its Parts? The Effect of AI Explanations on Complementary Team Performance , 2020, CHI.

[24]  R. K. Bisht,et al.  Country-level cybersecurity posture assessment:Study and analysis of practices , 2020, Inf. Secur. J. A Glob. Perspect..

[25]  Jonathan M. Spring,et al.  Learning the Associations of MITRE ATT & CK Adversarial Techniques , 2020, 2020 IEEE Conference on Communications and Network Security (CNS).

[26]  Boris Kozinsky,et al.  AiiDA 1.0, a scalable computational infrastructure for automated reproducible workflows and data provenance , 2020, Scientific data.

[27]  Jingyue Li,et al.  The AI-Based Cyber Threat Landscape , 2020, ACM Comput. Surv..

[28]  Jing Feng,et al.  Challenges to Human Drivers in Increasingly Automated Vehicles , 2020, Hum. Factors.

[29]  Malcolm I. Heywood,et al.  Analyzing Data Granularity Levels for Insider Threat Detection Using Machine Learning , 2020, IEEE Transactions on Network and Service Management.

[30]  Juan D. Chaparro,et al.  Reducing Interruptive Alert Burden Using Quality Improvement Methodology , 2020, Applied Clinical Informatics.

[31]  L. Yang,et al.  A survey on data provenance in IoT , 2019, World Wide Web.

[32]  Mahmoud Elkhodr,et al.  Data provenance and trust establishment in the Internet of Things , 2019, Secur. Priv..

[33]  Eric Horvitz,et al.  Beyond Accuracy: The Role of Mental Models in Human-AI Team Performance , 2019, HCOMP.

[34]  Sonali Chandel,et al.  Endpoint Protection: Measuring the Effectiveness of Remediation Technologies and Methodologies for Insider Threat , 2019, 2019 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC).

[35]  Scott Rose,et al.  Zero Trust Architecture , 2019 .

[36]  David S. Ebert,et al.  Interactive Learning for Identifying Relevant Tweets to Support Real-time Situational Awareness , 2019, IEEE Transactions on Visualization and Computer Graphics.

[37]  Eric Horvitz,et al.  Updates in Human-AI Teams: Understanding and Addressing the Performance/Compatibility Tradeoff , 2019, AAAI.

[38]  Elisa Bertino,et al.  A-PANDDE: Advanced Provenance-based ANomaly Detection of Data Exfiltration , 2019, Comput. Secur..

[39]  Robert Lagerström,et al.  Threat modeling - A systematic literature review , 2019, Comput. Secur..

[40]  William Seymour,et al.  Privacy Therapy with Aretha: What If Your Firewall Could Talk? , 2019, CHI Extended Abstracts.

[41]  Sami Bourouis,et al.  Network Anomaly Intrusion Detection Using a Nonparametric Bayesian Approach and Feature Selection , 2019, IEEE Access.

[42]  Naima Kaabouch,et al.  Social Engineering Attacks: A Survey , 2019, Future Internet.

[43]  Andrejs Romanovs,et al.  Why SIEM is Irreplaceable in a Secure IT Environment? , 2019, 2019 Open Conference of Electrical, Electronic and Information Sciences (eStream).

[44]  Peter Buneman,et al.  Data Provenance: What next? , 2019, SGMD.

[45]  Gary Klein,et al.  Metrics for Explainable AI: Challenges and Prospects , 2018, ArXiv.

[46]  Gang Wang,et al.  LEMNA: Explaining Deep Learning based Security Applications , 2018, CCS.

[47]  Domenico Cotroneo,et al.  Challenges and Directions in Security Information and Event Management (SIEM) , 2018, 2018 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW).

[48]  Islam Abdalla Mohamed Abass Social Engineering Threat and Defense: A Literature Survey , 2018 .

[49]  Hani Hagras,et al.  Toward Human-Understandable, Explainable AI , 2018, Computer.

[50]  Luca Viganò,et al.  Explainable Security , 2018, 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).

[51]  Hossain Shahriar,et al.  Web Application Firewall: Network Security Models and Configuration , 2018, 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC).

[52]  Carol Woody,et al.  Threat Modeling: A Summary of Available Methods , 2018 .

[53]  Mohamed Rida,et al.  A novel architecture combined with optimal parameters for back propagation neural networks applied to anomaly network intrusion detection , 2018, Comput. Secur..

[54]  Yuval Elovici,et al.  Insight Into Insiders and IT , 2018, ACM Comput. Surv..

[55]  D. Malathi,et al.  A Survey on Anomaly Based Host Intrusion Detection System , 2018 .

[56]  Chung-Horng Lung,et al.  Evaluation of machine learning techniques for network intrusion detection , 2018, NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium.

[57]  Audun Jøsang,et al.  Data-Driven Threat Hunting Using Sysmon , 2018, ICCSP.

[58]  Kaiping Xue,et al.  Combining Data Owner-Side and Cloud-Side Access Control for Encrypted Cloud Storage , 2018, IEEE Transactions on Information Forensics and Security.

[59]  Jun Zhang,et al.  Detecting and Preventing Cyber Insider Threats: A Survey , 2018, IEEE Communications Surveys & Tutorials.

[60]  Ali Dehghantanha,et al.  A Cyber Kill Chain Based Taxonomy of Banking Trojans for Evolutionary Computational Intelligence , 2017, J. Comput. Sci..

[61]  Derek Lin,et al.  Reducing False Positives of User-to-Entity First-Access Alerts for User Behavior Analytics , 2017, 2017 IEEE International Conference on Data Mining Workshops (ICDMW).

[62]  Adeel Anjum,et al.  Trustworthy data: A survey, taxonomy and future trends of secure provenance schemes , 2017, J. Netw. Comput. Appl..

[63]  Sakir Sezer,et al.  STRIDE-based threat modeling for cyber-physical systems , 2017, 2017 IEEE PES Innovative Smart Grid Technologies Conference Europe (ISGT-Europe).

[64]  Erdem Uçar,et al.  The Analysis of Firewall Policy Through Machine Learning and Data Mining , 2017, Wirel. Pers. Commun..

[65]  Mohamed Shehab,et al.  The Design of Cyber Threat Hunting Games: A Case Study , 2017, 2017 26th International Conference on Computer Communication and Networks (ICCCN).

[66]  Robert N. M. Watson,et al.  Applying Provenance in APT Monitoring and Analysis: Practical Challenges for Scalable, Efficient and Trustworthy Distributed Provenance , 2017, TaPP.

[67]  Hassan Takabi,et al.  Towards a Top-down Policy Engineering Framework for Attribute-based Access Control , 2017, SACMAT.

[68]  Sachin Shetty,et al.  ProvChain: A Blockchain-Based Data Provenance Architecture in Cloud Environment with Enhanced Privacy and Availability , 2017, 2017 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID).

[69]  Sebastian Pape,et al.  Social engineering defence mechanisms and counteracting training strategies , 2017, Inf. Comput. Secur..

[70]  Sylvia L. Osborn,et al.  Current Research and Open Problems in Attribute-Based Access Control , 2017, ACM Comput. Surv..

[71]  Tyson Macaulay,et al.  RIoT Control: Understanding and Managing Risks and the Internet of Things , 2016 .

[72]  Stephanie Gootman,et al.  OPM Hack: The Most Dangerous Threat to the Federal Government Today , 2016 .

[73]  Brian Lee,et al.  Data Leakage Detection Using System Call Provenance , 2016, 2016 International Conference on Intelligent Networking and Collaborative Systems (INCoS).

[74]  Ali E. Abdallah,et al.  Detection and prediction of insider threats to cyber security: a systematic literature review and meta-analysis , 2016 .

[75]  Elisa Bertino,et al.  PANDDE: Provenance-based ANomaly Detection of Data Exfiltration , 2016, CODASPY.

[76]  Carlos Guestrin,et al.  "Why Should I Trust You?": Explaining the Predictions of Any Classifier , 2016, ArXiv.

[77]  Vallipuram Muthukkumarasamy,et al.  A survey on data leakage prevention systems , 2016, J. Netw. Comput. Appl..

[78]  Murat Kantarcioglu,et al.  Security Analytics: Essential Data Analytics Knowledge for Cybersecurity Professionals and Students , 2015, IEEE Security & Privacy.

[79]  Xiaohong Yuan,et al.  Evaluating the effectiveness of Microsoft threat modeling tool , 2015, InfoSecCD.

[80]  Richard Candell,et al.  Towards a systematic threat modeling approach for cyber-physical systems , 2015, 2015 Resilience Week (RWS).

[81]  Ryan K. L. Ko,et al.  Trusted Tamper-Evident Data Provenance , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.

[82]  Arvind Mallari Rao,et al.  Technical Aspects of Cyber Kill Chain , 2015, SSCC.

[83]  Wouter Joosen,et al.  A descriptive study of Microsoft’s threat modeling technique , 2015, Requirements Engineering.

[84]  A. B. Robert Petrunic,et al.  Honeytokens as active defense , 2015, 2015 38th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO).

[85]  Lionel C. Briand,et al.  Behind an Application Firewall, Are We Safe from SQL Injection Attacks? , 2015, 2015 IEEE 8th International Conference on Software Testing, Verification and Validation (ICST).

[86]  Helmut Leopold,et al.  Cyber Situational Awareness , 2015, Elektrotech. Informationstechnik.

[87]  Pratyusa K. Manadhata,et al.  The Operational Role of Security Information and Event Management Systems , 2014, IEEE Security & Privacy.

[88]  Radwan Tahboub,et al.  Data Leakage/Loss Prevention Systems (DLP) , 2014, 2014 World Congress on Computer Applications and Information Systems (WCCAIS).

[89]  Omer Faruk Bay,et al.  Development of a hybrid web application firewall to prevent web based attacks , 2014, 2014 IEEE 8th International Conference on Application of Information and Communication Technologies (AICT).

[90]  Ulrik Franke,et al.  Cyber situational awareness - A systematic review of the literature , 2014, Comput. Secur..

[91]  Ping Chen,et al.  A Study on Advanced Persistent Threats , 2014, Communications and Multimedia Security.

[92]  Igor V. Kotenko,et al.  Visualization of Security Metrics for Cyber Situation Awareness , 2014, 2014 Ninth International Conference on Availability, Reliability and Security.

[93]  Rupam Kumar Sharma,et al.  Different firewall techniques: A survey , 2014, Fifth International Conference on Computing, Communications and Networking Technologies (ICCCNT).

[94]  Elisa Heymann,et al.  Automating Risk Analysis of Software Design Models , 2014, TheScientificWorldJournal.

[95]  Eduardo B. Fernández,et al.  An extensible pattern-based library and taxonomy of security threats for distributed systems , 2014, Comput. Stand. Interfaces.

[96]  Amos Azaria,et al.  Behavioral Analysis of Insider Threat: A Survey and Bootstrapped Prediction in Imbalanced Data , 2014, IEEE Transactions on Computational Social Systems.

[97]  Sadie Creese,et al.  Understanding Insider Threat: A Framework for Characterising Attacks , 2014, 2014 IEEE Security and Privacy Workshops.

[98]  Adam Shostack,et al.  Threat Modeling: Designing for Security , 2014 .

[99]  David F. Ferraiolo,et al.  Guide to Attribute Based Access Control (ABAC) Definition and Considerations , 2014 .

[100]  Punam Bedi,et al.  Threat‐oriented security framework in risk management using multiagent system , 2013, Softw. Pract. Exp..

[101]  Sergio Caltagirone,et al.  The Diamond Model of Intrusion Analysis , 2013 .

[102]  Morgan Henrie,et al.  Cyber Security Risk Management in the SCADA Critical Infrastructure Environment , 2013 .

[103]  Igor V. Kotenko,et al.  Analytical Visualization Techniques for Security Information and Event Management , 2013, 2013 21st Euromicro International Conference on Parallel, Distributed, and Network-Based Processing.

[104]  Dianxiang Xu,et al.  A threat model‐based approach to security testing , 2013, Softw. Pract. Exp..

[105]  Fabian Monrose,et al.  Trail of Bytes: New Techniques for Supporting Data Provenance and Limiting Privacy Breaches , 2012, IEEE Transactions on Information Forensics and Security.

[106]  Alexander Pretschner,et al.  Data Loss Prevention Based on Data-Driven Usage Control , 2012, 2012 IEEE 23rd International Symposium on Software Reliability Engineering.

[107]  Bill Cheswick,et al.  Visual analysis of complex firewall configurations , 2012, VizSec '12.

[108]  Richard E. Harang,et al.  Clustering of Snort alerts to identify patterns and reduce analyst workload , 2012, MILCOM 2012 - 2012 IEEE Military Communications Conference.

[109]  Ronald S. Ross,et al.  Guide for Conducting Risk Assessments , 2012 .

[110]  Xin Jin,et al.  A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC , 2012, DBSec.

[111]  Lior Rokach,et al.  A Survey of Data Leakage Detection and Prevention Solutions , 2012, SpringerBriefs in Computer Science.

[112]  Rob Johnson,et al.  Text Classification for Data Loss Prevention , 2011, PETS.

[113]  Lior Rokach,et al.  HoneyGen: An automated honeytokens generator , 2011, Proceedings of 2011 IEEE International Conference on Intelligence and Security Informatics.

[114]  Xin Luo,et al.  Social Engineering: The Neglected Human Factor for Information Security Management , 2011, Inf. Resour. Manag. J..

[115]  Danny Dhillon,et al.  Developer-Driven Threat Modeling: Lessons Learned in the Trenches , 2011, IEEE Security & Privacy.

[116]  Steven Hsu,et al.  Promoting a physical security mental model for personal firewall warnings , 2011, CHI Extended Abstracts.

[117]  Burr Settles,et al.  From Theories to Queries: Active Learning in Practice , 2011 .

[118]  John Yen,et al.  Cyber SA: Situational Awareness for Cyber Defense , 2010, Cyber Situational Awareness.

[119]  Erez Shmueli,et al.  Constrained Anonymization of Production Data: A Constraint Satisfaction Problem Approach , 2010, Secure Data Management.

[120]  Deborah A. Frincke,et al.  Combining Traditional Cyber Security Audit Data with Psychosocial Data: Towards Predictive Modeling for Insider Threat Mitigation , 2010, Insider Threats in Cyber Security.

[121]  Val Tannen,et al.  Querying data provenance , 2010, SIGMOD Conference.

[122]  John Steven,et al.  Threat Modeling - Perhaps It's Time , 2010, IEEE Security & Privacy.

[123]  Yan Zhang,et al.  The Design and Implementation of Host-Based Intrusion Detection System , 2010, 2010 Third International Symposium on Intelligent Information Technology and Security Informatics.

[124]  Shari Lawrence Pfleeger,et al.  Insiders Behaving Badly: Addressing Bad Actors and Their Actions , 2010, IEEE Transactions on Information Forensics and Security.

[125]  D. Richard Kuhn,et al.  Data Loss Prevention , 2010, IT Professional.

[126]  Kirstie Hawkey,et al.  Towards improving mental models of personal firewall users , 2009, CHI Extended Abstracts.

[127]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[128]  Malek Ben Salem,et al.  A Survey of Insider Attack Detection Research , 2008, Insider Attack and Cyber Security.

[129]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.

[130]  D. Watson,et al.  The Honeynet Project: Data Collection Tools, Infrastructure, Archives and Analysis , 2008, 2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing.

[131]  Lorrie Faith Cranor,et al.  A Framework for Reasoning About the Human in the Loop , 2008, UPSEC.

[132]  Salvatore J. Stolfo,et al.  Insider Attack and Cyber Security - Beyond the Hacker , 2008, Advances in Information Security.

[133]  Iyatiti Mokube,et al.  Honeypots: concepts, approaches, and challenges , 2007, ACM-SE 45.

[134]  Felix C. Freiling,et al.  The Nepenthes Platform: An Efficient Approach to Collect Malware , 2006, RAID.

[135]  Yogesh L. Simmhan,et al.  A survey of data provenance in e-science , 2005, SGMD.

[136]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Network Intrusion Detection , 2004, RAID.

[137]  Wenbin Zheng,et al.  Intrusion prevention system design , 2004, The Fourth International Conference onComputer and Information Technology, 2004. CIT '04..

[138]  Wang Chiew Tan,et al.  An annotation management system for relational databases , 2004, The VLDB Journal.

[139]  Niels Provos,et al.  A Virtual Honeypot Framework , 2004, USENIX Security Symposium.

[140]  Avishai Wool,et al.  A quantitative study of firewall configuration errors , 2004, Computer.

[141]  G. Ganger,et al.  File classification in self-* storage systems , 2004, International Conference on Autonomic Computing, 2004. Proceedings..

[142]  John D. Lee,et al.  Trust in Automation: Designing for Appropriate Reliance , 2004, Hum. Factors.

[143]  Jaehong Park,et al.  The UCONABC usage control model , 2004, TSEC.

[144]  Lance Spitzner,et al.  Honeypots: catching the insider threat , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[145]  Pau-Chen Cheng,et al.  BlueBoX: A policy-driven, host-based intrusion detection system , 2003, TSEC.

[146]  Lance Spitzner,et al.  The Honeynet Project: Trapping the Hackers , 2003, IEEE Secur. Priv..

[147]  T. C. Ting,et al.  Information sharing and security in dynamic coalitions , 2002, SACMAT '02.

[148]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[149]  Sanjeev Khanna,et al.  Why and Where: A Characterization of Data Provenance , 2001, ICDT.

[150]  Angelos D. Keromytis,et al.  Implementing a distributed firewall , 2000, CCS.

[151]  C W Clegg,et al.  Sociotechnical principles for system design. , 2000, Applied ergonomics.

[152]  Sylvia L. Osborn Mandatory access control and role-based access control revisited , 1997, RBAC '97.

[153]  Philip J. Smith,et al.  Brittleness in the design of cooperative problem-solving systems: the effects on user performance , 1997, IEEE Trans. Syst. Man Cybern. Part A.

[154]  Jill Gerhardt-Powals Cognitive engineering principles for enhancing human-computer performance , 1996, Int. J. Hum. Comput. Interact..

[155]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[156]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.

[157]  Ravi S. Sandhu,et al.  Lattice-based access control models , 1993, Computer.

[158]  Michael Sivak,et al.  Nonstop Flying Is Safer Than Driving , 1991 .

[159]  Mica R. Endsley,et al.  Design and Evaluation for Situation Awareness Enhancement , 1988 .

[160]  D. K. Branstad,et al.  Data Encryption Standard: past and future , 1988, Proc. IEEE.

[161]  Mark Chignell,et al.  Expert Systems For Experts , 1988 .

[162]  Deborah Downs,et al.  Issues in Discretionary Access Control , 1985, 1985 IEEE Symposium on Security and Privacy.

[163]  Charles Perrow,et al.  Normal accident at three Mile Island , 1981 .

[164]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[165]  Beate Commentz-Walter,et al.  A String Matching Algorithm Fast on the Average , 1979, ICALP.

[166]  R. Davis,et al.  The data encryption standard in perspective , 1978, IEEE Communications Society Magazine.

[167]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[168]  Alfred V. Aho,et al.  Efficient string matching , 1975, Commun. ACM.

[169]  Peter J. Denning,et al.  Protection: principles and practice , 1972, AFIPS '72 (Spring).

[170]  Huy Kang Kim,et al.  HSViz: Hierarchy Simplified Visualizations for Firewall Policy Analysis , 2021, IEEE Access.

[171]  Mehreen Afzal,et al.  Behavioral Based Insider Threat Detection Using Deep Learning , 2021, IEEE Access.

[172]  Tao Ban,et al.  Combat Security Alert Fatigue with AI-Assisted Techniques , 2021, CSET @ USENIX Security Symposium.

[173]  Mohammad A. Noureddine,et al.  OmegaLog: High-Fidelity Attack Investigation via Transparent Multi-layer Log Analysis , 2020, NDSS.

[174]  Xiao Yu,et al.  You Are What You Do: Hunting Stealthy Malware via Data Provenance Analysis , 2020, NDSS.

[175]  Ding Li,et al.  NoDoze: Combatting Threat Alert Fatigue with Automated Provenance Triage , 2019, NDSS.

[176]  Adam G. Pennington,et al.  MITRE ATT&CK ® : Design and Philosophy , 2018 .

[177]  Ruzanna Chitchyan,et al.  Data exfiltration: A review of external attack vectors and countermeasures , 2018, J. Netw. Comput. Appl..

[178]  Yuval Elovici,et al.  Insight into Insiders: A Survey of Insider Threat Taxonomies, Analysis, Modeling, and Countermeasures , 2018, ArXiv.

[179]  James Purnama,et al.  Enhancing Honeypot Deception Capability Through Network Service Fingerprinting , 2017 .

[180]  Jyri Rajamäki,et al.  Hybrid Emergency Response Model : Improving Cyber Situational Awareness , 2017 .

[181]  Magnus Almgren,et al.  Adapting Threat Modeling Methods for the Automotive Industry , 2017 .

[182]  Paolo Prinetto,et al.  SEcube™: Data at Rest and Data in Motion Protection , 2016 .

[183]  Marco Tulio Ribeiro,et al.  “ Why Should I Trust You ? ” Explaining the Predictions of Any Classifier , 2016 .

[184]  D. Richard Kuhn,et al.  Role-Based Access Control ( RBAC ) : Features and Motivations , 2014 .

[185]  Yahya Al-Hazmi,et al.  Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) , 2014, ICPP 2014.

[186]  Mary Beth Rosson,et al.  Usability Engineering , 2014, Computing Handbook, 3rd ed..

[187]  Lance Bonner,et al.  Cyber Risk: How the 2011 Sony Data Breach and the Need for Cyber Risk Insurance Policies Should Direct the Federal Response to Rising Data Breaches , 2012 .

[188]  Kelly M. Kavanagh,et al.  Magic Quadrant for Security Information and Event Management , 2011 .

[189]  Christian W. Probst,et al.  Insiders and Insider Threats - An Overview of Definitions and Mitigation Techniques , 2011, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[190]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[191]  Tom Miles,et al.  U.S. Congress , 2011 .

[192]  Eric Michael Hutchins,et al.  Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains , 2010 .

[193]  Peter G. Neumann,et al.  Combatting Insider Threats , 2010, Insider Threats in Cyber Security.

[194]  Christopher J. Novak,et al.  2009 Data Breach Investigations Report , 2009 .

[195]  Burr Settles,et al.  Active Learning Literature Survey , 2009 .

[196]  Jared J Cash Alert fatigue. , 2009, American journal of health-system pharmacy : AJHP : official journal of the American Society of Health-System Pharmacists.

[197]  Adam Shostack,et al.  Experiences Threat Modeling at Microsoft , 2008, MODSEC@MoDELS.

[198]  Sailesh Kumar,et al.  Survey of Current Network Intrusion Detection Techniques , 2007 .

[199]  Frank Swiderski,et al.  Threat Modeling , 2018, Hacking Connected Cars.

[200]  Jaideep Srivastava,et al.  A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection , 2003, SDM.

[201]  Udi Manber,et al.  A FAST ALGORITHM FOR MULTI-PATTERN SEARCHING , 1999 .

[202]  J. Bliss,et al.  EMERGENCY SIGNAL FAILURE: IMPLICATIONS AND RECOMMENDATIONS , 1998 .

[203]  Joan Daemen,et al.  AES Proposal : Rijndael , 1998 .

[204]  John D. Lee,et al.  Trust, self-confidence, and operators' adaptation to automation , 1994, Int. J. Hum. Comput. Stud..

[205]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[206]  R. Sandhu,et al.  Access control: principles and practice , 1994, IEEE Commun. Mag..

[207]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[208]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[209]  Thomas B Sheridan,et al.  Research and Modeling of Supervisory Control Behavior. Report of a Workshop , 1984 .

[210]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.