CoDex: Cross-Tactic Correlation System for Data Exfiltration Detection

Shanhsin Lee*, Yung Shiu Chen, Shiuhpyng Winston Shieh

*此作品的通信作者

研究成果: Conference contribution同行評審

摘要

Advanced Persistence Threats (APTs) have become one of the major threats to enterprise security. In the past three years, over 70% of APT campaigns involved Data Exfiltration for double and even triple extortion, causing tremendous financial lost. The data exfiltration tactic illustrated in the MITRE Cybersecurity Framework are often detected based on a large amount of data being transferred. However, the malicious behaviors of Data Exfiltration are similar to either web browsing or system backups, leading to a high false positive rate for conventional detection methods. In this paper, we proposed a cross-Tactic correlation system for Data Exfiltration detection, named CoDex, which detects and correlates potential cross-Tactics malicious behaviors related to Data Exfiltration, such as Discovery and Data Collection. In our experiments, we reproduced 3 popular APT campaigns to evaluate the detection accuracy. On average, CoDex achieved 98.5% of detection accuracy, increased 60% of F1 score, and reduced the false positive rate from 7.1% to 0.5%.

原文English
主出版物標題Proceedings - 2023 IEEE Conference on Dependable and Secure Computing, DSC 2023
發行者Institute of Electrical and Electronics Engineers Inc.
ISBN(電子)9798350382112
DOIs
出版狀態Published - 2023
事件6th IEEE Conference on Dependable and Secure Computing, DSC 2023 - Tampa, United States
持續時間: 7 11月 20239 11月 2023

出版系列

名字Proceedings - 2023 IEEE Conference on Dependable and Secure Computing, DSC 2023

Conference

Conference6th IEEE Conference on Dependable and Secure Computing, DSC 2023
國家/地區United States
城市Tampa
期間7/11/239/11/23

指紋

深入研究「CoDex: Cross-Tactic Correlation System for Data Exfiltration Detection」主題。共同形成了獨特的指紋。

引用此