Data Exfiltration Anomaly Detection on Enterprise Networks using Deep Packet Inspection
DOI:
https://doi.org/10.30812/matrik.v22i3.3089Keywords:
Advanced Persistent Threat, Data Exfiltration, Deep Packet Inspection, Network Anomaly Detection, Machine LearningAbstract
Advanced persistent threats (APT) are threat actors with the advanced Technique, Tactic and Procedure (TTP) to gain covert control of the computer network for a long period of time. These threat actors are the highest cyber attack risk factor for enterprise companies and governments. A successful attack by the APT threat Actors has the capabilities to do physical damage. APT groups are typically state-sponsored and are considered the most effective and skilled cyber attackers. The ï¬nal goal for the APT Attack is to exï¬ltrate victims data or sabotage system. This aim of this research is to exercise multiple Machine Learning Approach such as k-Nearest Neighbors and H20 Deep Learning Model and also employ Deep Packet Inspection on enterprise network trafï¬c dataset in order to identify suitable approaches to detect data exï¬ltration by APT threat Actors. This study shows that combining machine learning techniques with Deep Packet Inspection signiï¬cantly improves the detection of data exï¬ltration attempts by Advanced Persistent Threat (APT) actors. The ï¬ndings suggest that this approach can enhance anomaly detection systems, bolstering the cybersecurity defenses of enterprises. Consequently, the research implications could lead to developing more robust strategies against sophisticated and covert cyber threats posed by APTs.
Downloads
Download data is not yet available.
References
[1] A. Alshamrani, S. Myneni, A. Chowdhary, and D. Huang, “A Survey on Advanced Persistent Threats: Techniques, Solutions, Challenges, and Research Opportunities,” IEEE Communications Surveys & Tutorials, vol. 21, no. 2, pp. 1851–1877, 2019, https://doi.org/10.1109/COMST.2019.2891891. [Online]. Available: https://ieeexplore.ieee.org/document/8606252
[2] D. Rahmawati, “BSSN Temukan 1,6 Miliar Serangan Siber Sepanjang 2021, Mayoritas Malware.” [Online]. Available: https://news.detik.com/berita/d-5972491/bssn-temukan-1-6-miliar-serangan-siber-sepanjang-2021-mayoritas-malware
[3] S. Myneni, A. Chowdhary, A. Sabur, S. Sengupta, G. Agrawal, D. Huang, and M. Kang, “DAPT 2020 - Constructing a Benchmark Dataset for Advanced Persistent Threats: 1st International Workshop on Deployable Machine Learning for Security Defense, MLHat 2020, collocated with the 25th ACM SIGKDD Conference on Knowledge Discovery and Data Mining, KDD 2020,” Deployable Machine Learning for Security Defense - 1st International Workshop, MLHat 2020, Proceedings, pp. 138–163, 2020, https://doi.org/10.1007/978-3-030-59621-7 8. [Online]. Available: http://www.scopus.com/inward/record.url?scp=85096612402&partnerID=8YFLogxK
[4] J. Chen, C. Su, K.-H. Yeh, and M. Yung, “Special Issue on Advanced Persistent Threat,” Future Generation Computer Systems, vol. 79, pp. 243–246, Feb. 2018, https://doi.org/10.1016/j.future.2017.11.005. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0167739X17324913
[5] I. Ghafir, M. Hammoudeh, V. Prenosil, L. Han, R. Hegarty, K. Rabie, and F. J. Aparicio-Navarro, “Detection of advanced persistent threat using machine-learning correlation analysis,” Future Generation Computer Systems, vol. 89, pp. 349–359, Dec. 2018, https://doi.org/10.1016/j.future.2018.06.055. [Online]. Available: https://www.sciencedirect.com/science/article/ pii/S0167739X18307532
[6] W.-L. Chu, C.-J. Lin, and K.-N. Chang, “Detection and Classification of Advanced Persistent Threats and Attacks Using the Support Vector Machine,” Applied Sciences, vol. 9, no. 21, p. 4579, Jan. 2019, https://doi.org/10.3390/app9214579. [Online]. Available: https://www.mdpi.com/2076-3417/9/21/4579
[7] I. Ghafir, K. G. Kyriakopoulos, S. Lambotharan, F. J. Aparicio-Navarro, B. Assadhan, H. Binsalleeh, and D. M. Diab, “Hidden Markov Models and Alert Correlations for the Prediction of Advanced Persistent Threats,” IEEE Access, vol. 7, pp. 99 508–99 520, 2019, https://doi.org/10.1109/ACCESS.2019.2930200. [Online]. Available: https://ieeexplore.ieee.org/document/8767917
[8] B. Mukherjee, L. Heberlein, and K. Levitt, “Network intrusion detection,” IEEE Network, vol. 8, no. 3, pp. 26–41, May 1994, https://doi.org/10.1109/65.283931. [Online]. Available: https://ieeexplore.ieee.org/document/283931
[9] J. Hassannataj Joloudari, M. Haderbadi, A. Mashmool, M. Ghasemigol, S. S. Band, and A. Mosavi, “Early Detection of the Advanced Persistent Threat Attack Using Performance Analysis of Deep Learning,” IEEE Access, vol. 8, pp. 186 125–186 137, 2020, https://doi.org/10.1109/ACCESS.2020.3029202. [Online]. Available: https://ieeexplore.ieee.org/document/9214817/
[10] A. Dijk, “Detection of Advanced Persistent Threats using Artificial Intelligence for Deep Packet Inspection,” in 2021 IEEE International Conference on Big Data (Big Data), Dec. 2021, pp. 2092–2097, https://doi.org/10.1109/BigData52589.2021. 9671464. [Online]. Available: https://ieeexplore.ieee.org/document/9671464
[11] R.-H. Hwang, M.-C. Peng, C.-W. Huang, P.-C. Lin, and V.-L. Nguyen, “An Unsupervised Deep Learning Model for Early Network Traffic Anomaly Detection,” IEEE Access, vol. 8, pp. 30 387–30 399, 2020, https://doi.org/10.1109/ACCESS.2020.2973023. [Online]. Available: https://ieeexplore.ieee.org/document/8990084
[12] J. V. BibalBenifa, S. Krishnann, H. Long, R. Kumar, and D. Taniar, “Performance Analysis of Machine Learning and Pattern Matching Techniques for Deep Packet Inspection in Firewalls,” Sep. 2021, https://doi.org/10.21203/rs.3.rs-260788/v1. [Online]. Available: https://www.researchsquare.com/article/rs-260788/v1
[13] M. Lngkvist, L. Karlsson, and A. Loutfi, “A review of unsupervised feature learning and deep learning for time-series modeling,” Pattern Recognition Letters, vol. 42, pp. 11–24, Jun. 2014, https://doi.org/10.1016/j.patrec.2014.01.008. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0167865514000221
[14] S. Mojrian, G. Pinter, J. H. Joloudari, I. Felde, A. Szabo-Gali, L. Nadai, and A. Mosavi, “Hybrid Machine Learning Model of Extreme Learning Machine Radial basis function for Breast Cancer Detection and Diagnosis; a Multilayer Fuzzy Expert System,” in 2020 RIVF International Conference on Computing and Communication Technologies (RIVF), Oct. 2020, pp. 1–7, https://doi.org/10.1109/RIVF48685.2020.9140744. [Online]. Available: https://ieeexplore.ieee.org/document/9140744
[15] J. H. Joloudari, H. Saadatfar, A. Dehzangi, and S. Shamshirband, “Computer-aided decision-making for predicting liver disease using PSO-based optimized SVM with feature selection,” Informatics in Medicine Unlocked, vol. 17, p. 100255, Jan. 2019, https://doi.org/10.1016/j.imu.2019.100255. [Online]. Available: https://www.sciencedirect.com/science/article/pii/ S2352914819302539
[2] D. Rahmawati, “BSSN Temukan 1,6 Miliar Serangan Siber Sepanjang 2021, Mayoritas Malware.” [Online]. Available: https://news.detik.com/berita/d-5972491/bssn-temukan-1-6-miliar-serangan-siber-sepanjang-2021-mayoritas-malware
[3] S. Myneni, A. Chowdhary, A. Sabur, S. Sengupta, G. Agrawal, D. Huang, and M. Kang, “DAPT 2020 - Constructing a Benchmark Dataset for Advanced Persistent Threats: 1st International Workshop on Deployable Machine Learning for Security Defense, MLHat 2020, collocated with the 25th ACM SIGKDD Conference on Knowledge Discovery and Data Mining, KDD 2020,” Deployable Machine Learning for Security Defense - 1st International Workshop, MLHat 2020, Proceedings, pp. 138–163, 2020, https://doi.org/10.1007/978-3-030-59621-7 8. [Online]. Available: http://www.scopus.com/inward/record.url?scp=85096612402&partnerID=8YFLogxK
[4] J. Chen, C. Su, K.-H. Yeh, and M. Yung, “Special Issue on Advanced Persistent Threat,” Future Generation Computer Systems, vol. 79, pp. 243–246, Feb. 2018, https://doi.org/10.1016/j.future.2017.11.005. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0167739X17324913
[5] I. Ghafir, M. Hammoudeh, V. Prenosil, L. Han, R. Hegarty, K. Rabie, and F. J. Aparicio-Navarro, “Detection of advanced persistent threat using machine-learning correlation analysis,” Future Generation Computer Systems, vol. 89, pp. 349–359, Dec. 2018, https://doi.org/10.1016/j.future.2018.06.055. [Online]. Available: https://www.sciencedirect.com/science/article/ pii/S0167739X18307532
[6] W.-L. Chu, C.-J. Lin, and K.-N. Chang, “Detection and Classification of Advanced Persistent Threats and Attacks Using the Support Vector Machine,” Applied Sciences, vol. 9, no. 21, p. 4579, Jan. 2019, https://doi.org/10.3390/app9214579. [Online]. Available: https://www.mdpi.com/2076-3417/9/21/4579
[7] I. Ghafir, K. G. Kyriakopoulos, S. Lambotharan, F. J. Aparicio-Navarro, B. Assadhan, H. Binsalleeh, and D. M. Diab, “Hidden Markov Models and Alert Correlations for the Prediction of Advanced Persistent Threats,” IEEE Access, vol. 7, pp. 99 508–99 520, 2019, https://doi.org/10.1109/ACCESS.2019.2930200. [Online]. Available: https://ieeexplore.ieee.org/document/8767917
[8] B. Mukherjee, L. Heberlein, and K. Levitt, “Network intrusion detection,” IEEE Network, vol. 8, no. 3, pp. 26–41, May 1994, https://doi.org/10.1109/65.283931. [Online]. Available: https://ieeexplore.ieee.org/document/283931
[9] J. Hassannataj Joloudari, M. Haderbadi, A. Mashmool, M. Ghasemigol, S. S. Band, and A. Mosavi, “Early Detection of the Advanced Persistent Threat Attack Using Performance Analysis of Deep Learning,” IEEE Access, vol. 8, pp. 186 125–186 137, 2020, https://doi.org/10.1109/ACCESS.2020.3029202. [Online]. Available: https://ieeexplore.ieee.org/document/9214817/
[10] A. Dijk, “Detection of Advanced Persistent Threats using Artificial Intelligence for Deep Packet Inspection,” in 2021 IEEE International Conference on Big Data (Big Data), Dec. 2021, pp. 2092–2097, https://doi.org/10.1109/BigData52589.2021. 9671464. [Online]. Available: https://ieeexplore.ieee.org/document/9671464
[11] R.-H. Hwang, M.-C. Peng, C.-W. Huang, P.-C. Lin, and V.-L. Nguyen, “An Unsupervised Deep Learning Model for Early Network Traffic Anomaly Detection,” IEEE Access, vol. 8, pp. 30 387–30 399, 2020, https://doi.org/10.1109/ACCESS.2020.2973023. [Online]. Available: https://ieeexplore.ieee.org/document/8990084
[12] J. V. BibalBenifa, S. Krishnann, H. Long, R. Kumar, and D. Taniar, “Performance Analysis of Machine Learning and Pattern Matching Techniques for Deep Packet Inspection in Firewalls,” Sep. 2021, https://doi.org/10.21203/rs.3.rs-260788/v1. [Online]. Available: https://www.researchsquare.com/article/rs-260788/v1
[13] M. Lngkvist, L. Karlsson, and A. Loutfi, “A review of unsupervised feature learning and deep learning for time-series modeling,” Pattern Recognition Letters, vol. 42, pp. 11–24, Jun. 2014, https://doi.org/10.1016/j.patrec.2014.01.008. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0167865514000221
[14] S. Mojrian, G. Pinter, J. H. Joloudari, I. Felde, A. Szabo-Gali, L. Nadai, and A. Mosavi, “Hybrid Machine Learning Model of Extreme Learning Machine Radial basis function for Breast Cancer Detection and Diagnosis; a Multilayer Fuzzy Expert System,” in 2020 RIVF International Conference on Computing and Communication Technologies (RIVF), Oct. 2020, pp. 1–7, https://doi.org/10.1109/RIVF48685.2020.9140744. [Online]. Available: https://ieeexplore.ieee.org/document/9140744
[15] J. H. Joloudari, H. Saadatfar, A. Dehzangi, and S. Shamshirband, “Computer-aided decision-making for predicting liver disease using PSO-based optimized SVM with feature selection,” Informatics in Medicine Unlocked, vol. 17, p. 100255, Jan. 2019, https://doi.org/10.1016/j.imu.2019.100255. [Online]. Available: https://www.sciencedirect.com/science/article/pii/ S2352914819302539
Downloads
Published
2024-08-20
How to Cite
Asian, J., Erlangga, D., & Ayu, M. (2024). Data Exfiltration Anomaly Detection on Enterprise Networks using Deep Packet Inspection. MATRIK : Jurnal Manajemen, Teknik Informatika Dan Rekayasa Komputer, 22(3), 665–672. https://doi.org/10.30812/matrik.v22i3.3089
Issue
Section
Articles
.png)
