Host-based data exfiltration detection via system call sequences

Brian Jewell, Justin Beaver

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

10 Scopus citations

Abstract

The host-based detection of malicious data exfiltration activities is currently a sparse area of research and mostly limited to methods that analyze network traffic or signature based detection methods that target specific processes. In this paper we explore an alternative method to host-based detection that exploits sequences of system calls and new collection methods that allow us to catch these activities in real time. We show that system call sequences can be found to reach a steady state across processes and users, and explore the viability of new methods as heuristics for profiling user behaviors.

Original languageEnglish
Title of host publication6th International Conference on Information Warfare and Security, ICIW 2011
PublisherAcademic Conferences Ltd
Pages134-142
Number of pages9
ISBN (Print)9781622766758
StatePublished - 2011
Externally publishedYes
Event6th International Conference on Information Warfare and Security, ICIW 2011 - Washington, DC, United States
Duration: Mar 17 2011Mar 18 2011

Publication series

Name6th International Conference on Information Warfare and Security, ICIW 2011

Conference

Conference6th International Conference on Information Warfare and Security, ICIW 2011
Country/TerritoryUnited States
CityWashington, DC
Period03/17/1103/18/11

Keywords

  • Data exfiltration
  • Data security
  • Intrusion detection

Fingerprint

Dive into the research topics of 'Host-based data exfiltration detection via system call sequences'. Together they form a unique fingerprint.

Cite this