Data exfiltration: methods and detection countermeasures

James King; Gueltoum Bendiab; Nick Savage; Stavros Shiaeles

doi:10.1109/CSR51186.2021.9527962

Data exfiltration: methods and detection countermeasures

James King, Gueltoum Bendiab, Nick Savage, Stavros Shiaeles

School of Computing

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1554 Downloads (Pure)

Abstract

Data exfiltration is of increasing concern throughout the world. The number of incidents and capabilities of data exfiltration attacks are growing at an unprecedented rate. However, such attack vectors have not been deeply explored in the literature. This paper aims to address this gap by implementing a data exfiltration methodology, detailing some data exfiltration methods. Groups of exfiltration methods are incorporated into a program that can act as a testbed for owners of any network that stores sensitive data. The implemented methods are tested against the well-known network intrusion detection system Snort, where all of them have been successfully evaded detection by its community rule sets. Thus, in this paper, we have developed new countermeasures to prevent and detect data exfiltration attempts using these methods.

Original language	English
Title of host publication	2021 IEEE International Conference on Cyber Security and Resilience (CSR)
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	442-447
ISBN (Electronic)	9781665402859
ISBN (Print)	9781665402866
DOIs	https://doi.org/10.1109/CSR51186.2021.9527962
Publication status	Published - 6 Sept 2021
Event	2021 IEEE International Conference on Cyber Security and Resilience - Virtual Duration: 26 Jul 2021 → 28 Jul 2021 https://www.ieee-csr.org/

Conference

Conference	2021 IEEE International Conference on Cyber Security and Resilience
Abbreviated title	IEEE CSR
Period	26/07/21 → 28/07/21
Internet address	https://www.ieee-csr.org/

Keywords

Data exfiltration
security
Cyberattack
steganography
countermeasures
Intrusion Detection System

Access to Document

10.1109/CSR51186.2021.9527962

Data Exfiltration
© 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Accepted author manuscript (Post-print), 549 KB

Cite this

@inproceedings{7398cc8dffda486fa0b6f578dc201e20,

title = "Data exfiltration: methods and detection countermeasures",

abstract = "Data exfiltration is of increasing concern throughout the world. The number of incidents and capabilities of data exfiltration attacks are growing at an unprecedented rate. However, such attack vectors have not been deeply explored in the literature. This paper aims to address this gap by implementing a data exfiltration methodology, detailing some data exfiltration methods. Groups of exfiltration methods are incorporated into a program that can act as a testbed for owners of any network that stores sensitive data. The implemented methods are tested against the well-known network intrusion detection system Snort, where all of them have been successfully evaded detection by its community rule sets. Thus, in this paper, we have developed new countermeasures to prevent and detect data exfiltration attempts using these methods.",

keywords = "Data exfiltration, security, Cyberattack, steganography, countermeasures, Intrusion Detection System",

author = "James King and Gueltoum Bendiab and Nick Savage and Stavros Shiaeles",

year = "2021",

month = sep,

day = "6",

doi = "10.1109/CSR51186.2021.9527962",

language = "English",

isbn = "9781665402866",

pages = "442--447",

booktitle = "2021 IEEE International Conference on Cyber Security and Resilience (CSR)",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

address = "United States",

note = "2021 IEEE International Conference on Cyber Security and Resilience, IEEE CSR ; Conference date: 26-07-2021 Through 28-07-2021",

url = "https://www.ieee-csr.org/",

}

King, J, Bendiab, G, Savage, N & Shiaeles, S 2021, Data exfiltration: methods and detection countermeasures. in 2021 IEEE International Conference on Cyber Security and Resilience (CSR). Institute of Electrical and Electronics Engineers Inc., pp. 442-447, 2021 IEEE International Conference on Cyber Security and Resilience, 26/07/21. https://doi.org/10.1109/CSR51186.2021.9527962

TY - GEN

T1 - Data exfiltration: methods and detection countermeasures

AU - King, James

AU - Bendiab, Gueltoum

AU - Savage, Nick

AU - Shiaeles, Stavros

PY - 2021/9/6

Y1 - 2021/9/6

N2 - Data exfiltration is of increasing concern throughout the world. The number of incidents and capabilities of data exfiltration attacks are growing at an unprecedented rate. However, such attack vectors have not been deeply explored in the literature. This paper aims to address this gap by implementing a data exfiltration methodology, detailing some data exfiltration methods. Groups of exfiltration methods are incorporated into a program that can act as a testbed for owners of any network that stores sensitive data. The implemented methods are tested against the well-known network intrusion detection system Snort, where all of them have been successfully evaded detection by its community rule sets. Thus, in this paper, we have developed new countermeasures to prevent and detect data exfiltration attempts using these methods.

AB - Data exfiltration is of increasing concern throughout the world. The number of incidents and capabilities of data exfiltration attacks are growing at an unprecedented rate. However, such attack vectors have not been deeply explored in the literature. This paper aims to address this gap by implementing a data exfiltration methodology, detailing some data exfiltration methods. Groups of exfiltration methods are incorporated into a program that can act as a testbed for owners of any network that stores sensitive data. The implemented methods are tested against the well-known network intrusion detection system Snort, where all of them have been successfully evaded detection by its community rule sets. Thus, in this paper, we have developed new countermeasures to prevent and detect data exfiltration attempts using these methods.

KW - Data exfiltration

KW - security

KW - Cyberattack

KW - steganography

KW - countermeasures

KW - Intrusion Detection System

U2 - 10.1109/CSR51186.2021.9527962

DO - 10.1109/CSR51186.2021.9527962

M3 - Conference contribution

SN - 9781665402866

SP - 442

EP - 447

BT - 2021 IEEE International Conference on Cyber Security and Resilience (CSR)

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2021 IEEE International Conference on Cyber Security and Resilience

Y2 - 26 July 2021 through 28 July 2021

ER -

Data exfiltration: methods and detection countermeasures

Abstract

Conference

Keywords

Access to Document

Fingerprint

Cite this