TY - GEN
T1 - CoDex
T2 - 6th IEEE Conference on Dependable and Secure Computing, DSC 2023
AU - Lee, Shanhsin
AU - Chen, Yung Shiu
AU - Shieh, Shiuhpyng Winston
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - Advanced Persistence Threats (APTs) have become one of the major threats to enterprise security. In the past three years, over 70% of APT campaigns involved Data Exfiltration for double and even triple extortion, causing tremendous financial lost. The data exfiltration tactic illustrated in the MITRE Cybersecurity Framework are often detected based on a large amount of data being transferred. However, the malicious behaviors of Data Exfiltration are similar to either web browsing or system backups, leading to a high false positive rate for conventional detection methods. In this paper, we proposed a cross-Tactic correlation system for Data Exfiltration detection, named CoDex, which detects and correlates potential cross-Tactics malicious behaviors related to Data Exfiltration, such as Discovery and Data Collection. In our experiments, we reproduced 3 popular APT campaigns to evaluate the detection accuracy. On average, CoDex achieved 98.5% of detection accuracy, increased 60% of F1 score, and reduced the false positive rate from 7.1% to 0.5%.
AB - Advanced Persistence Threats (APTs) have become one of the major threats to enterprise security. In the past three years, over 70% of APT campaigns involved Data Exfiltration for double and even triple extortion, causing tremendous financial lost. The data exfiltration tactic illustrated in the MITRE Cybersecurity Framework are often detected based on a large amount of data being transferred. However, the malicious behaviors of Data Exfiltration are similar to either web browsing or system backups, leading to a high false positive rate for conventional detection methods. In this paper, we proposed a cross-Tactic correlation system for Data Exfiltration detection, named CoDex, which detects and correlates potential cross-Tactics malicious behaviors related to Data Exfiltration, such as Discovery and Data Collection. In our experiments, we reproduced 3 popular APT campaigns to evaluate the detection accuracy. On average, CoDex achieved 98.5% of detection accuracy, increased 60% of F1 score, and reduced the false positive rate from 7.1% to 0.5%.
KW - APT
KW - Cross-Tactic Correlation
KW - Data Exfiltration
KW - Threat Generator
UR - http://www.scopus.com/inward/record.url?scp=85182257526&partnerID=8YFLogxK
U2 - 10.1109/DSC61021.2023.10354203
DO - 10.1109/DSC61021.2023.10354203
M3 - Conference contribution
AN - SCOPUS:85182257526
T3 - Proceedings - 2023 IEEE Conference on Dependable and Secure Computing, DSC 2023
BT - Proceedings - 2023 IEEE Conference on Dependable and Secure Computing, DSC 2023
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 7 November 2023 through 9 November 2023
ER -