Host-Based Data Exfiltration Detection via System Call Sequences
Conference
·
OSTI ID:1009922
- ORNL
The host-based detection of malicious data exfiltration activities is currently a sparse area of research and mostly limited to methods that analyze network traffic or signature based detection methods that target specific processes. In this paper we explore an alternative method to host-based detection that exploits sequences of system calls and new collection methods that allow us to catch these activities in real time. We show that system calls sequences can be found to reach a steady state across processes and users, and explore the viability of new methods as heuristics for profiling user behaviors.
- Research Organization:
- Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)
- Sponsoring Organization:
- USDOE Laboratory Directed Research and Development (LDRD) Program
- DOE Contract Number:
- DE-AC05-00OR22725
- OSTI ID:
- 1009922
- Resource Relation:
- Conference: 6th International Conference on Information Warfare and Security, Washington, DC, USA, 20110317, 20110317
- Country of Publication:
- United States
- Language:
- English
Similar Records
HPNAIDM: The High-Performance Network Anomaly/Intrusion Detection and Mitigation System
Statistical language analysis for automatic exfiltration event detection.
Compression Analytics for Classification and Anomaly Detection within Network Communication
Technical Report
·
Thu Dec 05 00:00:00 EST 2013
·
OSTI ID:1009922
Statistical language analysis for automatic exfiltration event detection.
Technical Report
·
Thu Apr 01 00:00:00 EDT 2010
·
OSTI ID:1009922
Compression Analytics for Classification and Anomaly Detection within Network Communication
Journal Article
·
Fri Oct 26 00:00:00 EDT 2018
· IEEE Transactions on Information Forensics and Security
·
OSTI ID:1009922
+1 more