Data Exfiltration Threats and Prevention Techniques
Machine Learning and Memory-Based Data Security
1. Edition May 2023
288 Pages, Hardcover
Wiley & Sons Ltd
Further versions
DATA EXFILTRATION THREATS AND PREVENTION TECHNIQUES
Comprehensive resource covering threat prevention techniques for data exfiltration and applying machine learning applications to aid in identification and prevention
Data Exfiltration Threats and Prevention Techniques provides readers the knowledge needed to prevent and protect from malware attacks by introducing existing and recently developed methods in malware protection using AI, memory forensic, and pattern matching, presenting various data exfiltration attack vectors and advanced memory-based data leakage detection, and discussing ways in which machine learning methods have a positive impact on malware detection.
Providing detailed descriptions of the recent advances in data exfiltration detection methods and technologies, the authors also discuss details of data breach countermeasures and attack scenarios to show how the reader may identify a potential cyber attack in the real world.
Composed of eight chapters, this book presents a better understanding of the core issues related to the cyber-attacks as well as the recent methods that have been developed in the field.
In Data Exfiltration Threats and Prevention Techniques, readers can expect to find detailed information on:
* Sensitive data classification, covering text pre-processing, supervised text classification, automated text clustering, and other sensitive text detection approaches
* Supervised machine learning technologies for intrusion detection systems, covering taxonomy and benchmarking of supervised machine learning techniques
* Behavior-based malware detection using API-call sequences, covering API-call extraction techniques and detecting data stealing behavior based on API-call sequences
* Memory-based sensitive data monitoring for real-time data exfiltration detection and advanced time delay data exfiltration attack and detection
Aimed at professionals and students alike, Data Exfiltration Threats and Prevention Techniques highlights a range of machine learning methods that can be used to detect potential data theft and identifies research gaps and the potential to make change in the future as technology continues to grow.
Acknowledgments xvii
Acronyms xix
Abstract xxi
1 Introduction 1
1.1 Data Exfiltration Methods 3
1.2 Important Questions 7
1.3 Book Scope 9
1.4 Book Summary 11
1.5 Book Structure 15
2 Background19
2.1 Hidden Markov Model 19
2.2 Memory Forensics 24
2.3 Bag-of-Words Model 27
2.4 Sparse Distributed Representation 28
2.5 Summary 29
3 Data Security Threats 31
3.1 Data Security 32
3.2 Security vs. Protection vs. Privacy 35
3.3 Advanced Persistent Threats Attacks 36
3.4 Cybersecurity Threats 38
3.5 Conclusion 59
4 Use Cases Data Leakage Attacks 63
4.1 Most Significant Attacks 63
4.2 Top Infection Vectors 68
4.3 Top Threats of Recent Years 70
4.4 Malware Development Trends 71
4.5 Geographic Trends 75
4.6 Industry Trends 78
4.7 Conclusion 80
5 Survey on Building Block Technologies 83
5.1 Motivation 83
5.2 Background 87
5.3 Taxonomy 96
5.4 Supervised Learning Methods 98
5.5 Systematic Literature Review 107
5.6 Evaluation of Supervised Learning Methods 108
5.7 Key Open Problems 125
5.8 Summary 127
6 Behavior-Based Data Exfiltration Detection Methods 141
6.1 Motivation 141
6.2 Existing Methods 144
6.3 Sub-Curve HMM Method 148
6.4 Evaluation 159
6.5 Experimental Results 164
6.6 Discussion 172
6.7 Summary 173
7 Memory-Based Data Exfiltration Detection Methods 181
7.1 Motivation 181
7.2 Existing Methods 183
7.3 Concepts 186
7.4 Fast Lookup Bag-of-Words (FBoW) 191
7.5 Evaluation 199
7.6 Summary 215
8 Temporal-Based Data Exfiltration Detection Methods 221
8.1 Motivation 221
8.2 Existing Methods 223
8.3 Definitions 225
8.4 Temporary Memory Bag-of-Words (TMBoW) 229
8.5 Experimental Results 234
8.6 Summary 245
9 Conclusion 249
9.1 Summary 249
9.2 What Is Innovative in the Described Methods? 251
9.3 What Is Next? 253
Index 255
Nasrin Sohrabi received a PhD in Computer Science from RMIT University, Australia. She is a Postdoctoral Research Fellow in Cloud, Systems and Security discipline, School of Computing Technologies, RMIT University and a core member of the RMIT Centre of Cyber Security Research and Innovation (CCSRI). She has several publications in highly ranked conferences and journals, including ICDE, IEEE Transactions on Services Computings, ACM Computing surveys, IEEE Transactions on Transportation systems, IEEE Transactions on Smart Grids.
Yasaman Samadi is a PhD student in Computer Science at RMIT University, Australia and a researcher in Quantum Cybersecurity. Yasaman has a Master's in Computer Architecture and worked as a quantum engineer at QBee.
Jakapan Suaboot received his PhD in Cybersecurity from RMIT, Australia. He previously worked as a Lecturer for the Department of Computer Engineering from Prince of Songkla University, Phuket, Thailand.
