Sciweavers

HICSS
2009
IEEE

SIDD: A Framework for Detecting Sensitive Data Exfiltration by an Insider Attack

13 years 10 months ago
SIDD: A Framework for Detecting Sensitive Data Exfiltration by an Insider Attack
Detecting and mitigating insider threat is a critical element in the overall information protection strategy. By successfully implementing tactics to detect this threat, organizations mitigate the loss of sensitive information and also potentially protect against future attacks. Within the broader scope of mitigating insider threat, we focus on detecting exfiltration of sensitive data through a protected network. We propose a multilevel framework called SIDD (Sensitive Information Dissemination Detection) system which is a high-speed transparent network bridge located at the edge of the protected network. SIDD consists of three main components: 1) network-level application identification, 2) content signature generation and detection, and 3) covert communication detection. Further, we introduce a model implementation of the key components, demonstrating how our system can be deployed. Our approach is based on the application of statistical and signal processing techniques on traffic f...
Yali Liu, Cherita L. Corbett, Ken Chiang, Rennie A
Added 19 May 2010
Updated 19 May 2010
Type Conference
Year 2009
Where HICSS
Authors Yali Liu, Cherita L. Corbett, Ken Chiang, Rennie Archibald, Biswanath Mukherjee, Dipak Ghosal
Comments (0)