A hybrid framework for data loss prevention and detection

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/CongresprocedureConferentiebijdrageAcademicpeer review

10 Citaten (Scopus)

Samenvatting

Data loss, i.e. the unauthorized/unwanted disclosure of data, is a major threat for modern organizations. Data Loss Protection (DLP) solutions in use nowadays, either employ patterns of known attacks (signature-based) or try to find deviations from normal behavior (anomaly-based). While signature-based solutions provide accurate identification of known attacks and, thus, are suitable for the prevention of these attacks, they cannot cope with unknown attacks, nor with attackers who follow unusual paths (like those known only to insiders) to carry out their attack. On the other hand, anomaly-based solutions can find unknown attacks but typically have a high false positive rate, limiting their applicability to the detection of suspicious activities. In this paper, we propose a hybrid DLP framework that combines signature-based and anomaly-based solutions, enabling both detection and prevention. The framework uses an anomaly-based engine that automatically learns a model of normal user behavior, allowing it to flag when insiders carry out anomalous transactions. Typically, anomaly-based solutions stop at this stage. Our framework goes further in that it exploits an operator's feedback on alerts to automatically build and update signatures of attacks that are used to timely block undesired transactions before they can cause any damage.

Originele taal-2Engels
TitelProceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016, 23-25 May 2016, San Jose, California
Plaats van productiePiscataway
UitgeverijInstitute of Electrical and Electronics Engineers
Pagina's324-333
Aantal pagina's10
ISBN van elektronische versie978-1-5090-3690-5
ISBN van geprinte versie978-1-5090-3691-2
DOI's
StatusGepubliceerd - 1 aug 2016
Evenement2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016 - San Jose, Verenigde Staten van Amerika
Duur: 23 mei 201625 mei 2016

Congres

Congres2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016
LandVerenigde Staten van Amerika
StadSan Jose
Periode23/05/1625/05/16

    Vingerafdruk

Citeer dit

Costante, E., Fauri, D., Etalle, S., Den Hartog, J., & Zannone, N. (2016). A hybrid framework for data loss prevention and detection. In Proceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016, 23-25 May 2016, San Jose, California (blz. 324-333). [7527785] Piscataway: Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/SPW.2016.24