| Title | Toward Pinpointing Data Leakage from Advanced Persistent Threats |
| Publication Type | Conference Paper |
| Year of Publication | 2021 |
| Authors | D'Agostino, Jack, Kul, Gokhan |
| Conference Name | 2021 7th IEEE Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing, (HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS) |
| Keywords | advanced persistent threat, APT, Big Data, Computer hacking, Conferences, data leakage, Databases, digital forensics, fingerprint, Fingerprint recognition, Forensics, Human Behavior, leakage auditing, Metrics, Organizations, pubcrawl, Resiliency, Scalability |
| Abstract | Advanced Persistent Threats (APT) consist of most skillful hackers who employ sophisticated techniques to stealthily gain unauthorized access to private networks and exfiltrate sensitive data. When their existence is discovered, organizations - if they can sustain business continuity - mostly have to perform forensics activities to assess the damage of the attack and discover the extent of sensitive data leakage. In this paper, we construct a novel framework to pinpoint sensitive data that may have been leaked in such an attack. Our framework consists of creating baseline fingerprints for each workstation for setting normal activity, and we consider the change in the behavior of the network overall. We compare the accused fingerprint with sensitive database information by utilizing both Levenstein distance and TF-IDF/cosine similarity resulting in a similarity percentage. This allows us to pinpoint what part of data was exfiltrated by the perpetrators, where in the network the data originated, and if that data is sensitive to the private company's network. We then perform feasibility experiments to show that even these simple methods are feasible to run on a network representative of a mid-size business. |
| DOI | 10.1109/BigDataSecurityHPSCIDS52275.2021.00038 |
| Citation Key | dagostino_toward_2021 |
Toward Pinpointing Data Leakage from Advanced Persistent Threats