Data Exfiltration Anomaly Detection on Enterprise Networks using Deep Packet Inspection
DOI:
https://doi.org/10.30812/matrik.v22i3.3089Kata Kunci:
Advanced Persistent Threat, Data Exfiltration, Deep Packet Inspection, Network Anomaly Detection, Machine LearningAbstrak
Advanced persistent threats (APT) are threat actors with the advanced Technique, Tactic and Procedure (TTP) to gain covert control of the computer network for a long period of time. These threat actors are the highest cyber attack risk factor for enterprise companies and governments. A successful attack by the APT threat Actors has the capabilities to do physical damage. APT groups are typically state-sponsored and are considered the most effective and skilled cyber attackers. The ï¬nal goal for the APT Attack is to exï¬ltrate victims data or sabotage system. This aim of this research is to exercise multiple Machine Learning Approach such as k-Nearest Neighbors and H20 Deep Learning Model and also employ Deep Packet Inspection on enterprise network trafï¬c dataset in order to identify suitable approaches to detect data exï¬ltration by APT threat Actors. This study shows that combining machine learning techniques with Deep Packet Inspection signiï¬cantly improves the detection of data exï¬ltration attempts by Advanced Persistent Threat (APT) actors. The ï¬ndings suggest that this approach can enhance anomaly detection systems, bolstering the cybersecurity defenses of enterprises. Consequently, the research implications could lead to developing more robust strategies against sophisticated and covert cyber threats posed by APTs.
Unduhan
Data unduhan tidak tersedia.
Referensi
[1] A. Alshamrani, S. Myneni, A. Chowdhary, and D. Huang, “A Survey on Advanced Persistent Threats: Techniques, Solutions, Challenges, and Research Opportunities,†IEEE Communications Surveys & Tutorials, vol. 21, no. 2, pp. 1851–1877, 2019, https://doi.org/10.1109/COMST.2019.2891891. [Online]. Available: https://ieeexplore.ieee.org/document/8606252
[2] D. Rahmawati, “BSSN Temukan 1,6 Miliar Serangan Siber Sepanjang 2021, Mayoritas Malware.†[Online]. Available: https://news.detik.com/berita/d-5972491/bssn-temukan-1-6-miliar-serangan-siber-sepanjang-2021-mayoritas-malware
[3] S. Myneni, A. Chowdhary, A. Sabur, S. Sengupta, G. Agrawal, D. Huang, and M. Kang, “DAPT 2020 - Constructing a Benchmark Dataset for Advanced Persistent Threats: 1st International Workshop on Deployable Machine Learning for Security Defense, MLHat 2020, collocated with the 25th ACM SIGKDD Conference on Knowledge Discovery and Data Mining, KDD 2020,†Deployable Machine Learning for Security Defense - 1st International Workshop, MLHat 2020, Proceedings, pp. 138–163, 2020, https://doi.org/10.1007/978-3-030-59621-7 8. [Online]. Available: http://www.scopus.com/inward/record.url?scp=85096612402&partnerID=8YFLogxK
[4] J. Chen, C. Su, K.-H. Yeh, and M. Yung, “Special Issue on Advanced Persistent Threat,†Future Generation Computer Systems, vol. 79, pp. 243–246, Feb. 2018, https://doi.org/10.1016/j.future.2017.11.005. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0167739X17324913
[5] I. Ghafir, M. Hammoudeh, V. Prenosil, L. Han, R. Hegarty, K. Rabie, and F. J. Aparicio-Navarro, “Detection of advanced persistent threat using machine-learning correlation analysis,†Future Generation Computer Systems, vol. 89, pp. 349–359, Dec. 2018, https://doi.org/10.1016/j.future.2018.06.055. [Online]. Available: https://www.sciencedirect.com/science/article/ pii/S0167739X18307532
[6] W.-L. Chu, C.-J. Lin, and K.-N. Chang, “Detection and Classification of Advanced Persistent Threats and Attacks Using the Support Vector Machine,†Applied Sciences, vol. 9, no. 21, p. 4579, Jan. 2019, https://doi.org/10.3390/app9214579. [Online]. Available: https://www.mdpi.com/2076-3417/9/21/4579
[7] I. Ghafir, K. G. Kyriakopoulos, S. Lambotharan, F. J. Aparicio-Navarro, B. Assadhan, H. Binsalleeh, and D. M. Diab, “Hidden Markov Models and Alert Correlations for the Prediction of Advanced Persistent Threats,†IEEE Access, vol. 7, pp. 99 508–99 520, 2019, https://doi.org/10.1109/ACCESS.2019.2930200. [Online]. Available: https://ieeexplore.ieee.org/document/8767917
[8] B. Mukherjee, L. Heberlein, and K. Levitt, “Network intrusion detection,†IEEE Network, vol. 8, no. 3, pp. 26–41, May 1994, https://doi.org/10.1109/65.283931. [Online]. Available: https://ieeexplore.ieee.org/document/283931
[9] J. Hassannataj Joloudari, M. Haderbadi, A. Mashmool, M. Ghasemigol, S. S. Band, and A. Mosavi, “Early Detection of the Advanced Persistent Threat Attack Using Performance Analysis of Deep Learning,†IEEE Access, vol. 8, pp. 186 125–186 137, 2020, https://doi.org/10.1109/ACCESS.2020.3029202. [Online]. Available: https://ieeexplore.ieee.org/document/9214817/
[10] A. Dijk, “Detection of Advanced Persistent Threats using Artificial Intelligence for Deep Packet Inspection,†in 2021 IEEE International Conference on Big Data (Big Data), Dec. 2021, pp. 2092–2097, https://doi.org/10.1109/BigData52589.2021. 9671464. [Online]. Available: https://ieeexplore.ieee.org/document/9671464
[11] R.-H. Hwang, M.-C. Peng, C.-W. Huang, P.-C. Lin, and V.-L. Nguyen, “An Unsupervised Deep Learning Model for Early Network Traffic Anomaly Detection,†IEEE Access, vol. 8, pp. 30 387–30 399, 2020, https://doi.org/10.1109/ACCESS.2020.2973023. [Online]. Available: https://ieeexplore.ieee.org/document/8990084
[12] J. V. BibalBenifa, S. Krishnann, H. Long, R. Kumar, and D. Taniar, “Performance Analysis of Machine Learning and Pattern Matching Techniques for Deep Packet Inspection in Firewalls,†Sep. 2021, https://doi.org/10.21203/rs.3.rs-260788/v1. [Online]. Available: https://www.researchsquare.com/article/rs-260788/v1
[13] M. Lngkvist, L. Karlsson, and A. Loutfi, “A review of unsupervised feature learning and deep learning for time-series modeling,†Pattern Recognition Letters, vol. 42, pp. 11–24, Jun. 2014, https://doi.org/10.1016/j.patrec.2014.01.008. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0167865514000221
[14] S. Mojrian, G. Pinter, J. H. Joloudari, I. Felde, A. Szabo-Gali, L. Nadai, and A. Mosavi, “Hybrid Machine Learning Model of Extreme Learning Machine Radial basis function for Breast Cancer Detection and Diagnosis; a Multilayer Fuzzy Expert System,†in 2020 RIVF International Conference on Computing and Communication Technologies (RIVF), Oct. 2020, pp. 1–7, https://doi.org/10.1109/RIVF48685.2020.9140744. [Online]. Available: https://ieeexplore.ieee.org/document/9140744
[15] J. H. Joloudari, H. Saadatfar, A. Dehzangi, and S. Shamshirband, “Computer-aided decision-making for predicting liver disease using PSO-based optimized SVM with feature selection,†Informatics in Medicine Unlocked, vol. 17, p. 100255, Jan. 2019, https://doi.org/10.1016/j.imu.2019.100255. [Online]. Available: https://www.sciencedirect.com/science/article/pii/ S2352914819302539
[2] D. Rahmawati, “BSSN Temukan 1,6 Miliar Serangan Siber Sepanjang 2021, Mayoritas Malware.†[Online]. Available: https://news.detik.com/berita/d-5972491/bssn-temukan-1-6-miliar-serangan-siber-sepanjang-2021-mayoritas-malware
[3] S. Myneni, A. Chowdhary, A. Sabur, S. Sengupta, G. Agrawal, D. Huang, and M. Kang, “DAPT 2020 - Constructing a Benchmark Dataset for Advanced Persistent Threats: 1st International Workshop on Deployable Machine Learning for Security Defense, MLHat 2020, collocated with the 25th ACM SIGKDD Conference on Knowledge Discovery and Data Mining, KDD 2020,†Deployable Machine Learning for Security Defense - 1st International Workshop, MLHat 2020, Proceedings, pp. 138–163, 2020, https://doi.org/10.1007/978-3-030-59621-7 8. [Online]. Available: http://www.scopus.com/inward/record.url?scp=85096612402&partnerID=8YFLogxK
[4] J. Chen, C. Su, K.-H. Yeh, and M. Yung, “Special Issue on Advanced Persistent Threat,†Future Generation Computer Systems, vol. 79, pp. 243–246, Feb. 2018, https://doi.org/10.1016/j.future.2017.11.005. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0167739X17324913
[5] I. Ghafir, M. Hammoudeh, V. Prenosil, L. Han, R. Hegarty, K. Rabie, and F. J. Aparicio-Navarro, “Detection of advanced persistent threat using machine-learning correlation analysis,†Future Generation Computer Systems, vol. 89, pp. 349–359, Dec. 2018, https://doi.org/10.1016/j.future.2018.06.055. [Online]. Available: https://www.sciencedirect.com/science/article/ pii/S0167739X18307532
[6] W.-L. Chu, C.-J. Lin, and K.-N. Chang, “Detection and Classification of Advanced Persistent Threats and Attacks Using the Support Vector Machine,†Applied Sciences, vol. 9, no. 21, p. 4579, Jan. 2019, https://doi.org/10.3390/app9214579. [Online]. Available: https://www.mdpi.com/2076-3417/9/21/4579
[7] I. Ghafir, K. G. Kyriakopoulos, S. Lambotharan, F. J. Aparicio-Navarro, B. Assadhan, H. Binsalleeh, and D. M. Diab, “Hidden Markov Models and Alert Correlations for the Prediction of Advanced Persistent Threats,†IEEE Access, vol. 7, pp. 99 508–99 520, 2019, https://doi.org/10.1109/ACCESS.2019.2930200. [Online]. Available: https://ieeexplore.ieee.org/document/8767917
[8] B. Mukherjee, L. Heberlein, and K. Levitt, “Network intrusion detection,†IEEE Network, vol. 8, no. 3, pp. 26–41, May 1994, https://doi.org/10.1109/65.283931. [Online]. Available: https://ieeexplore.ieee.org/document/283931
[9] J. Hassannataj Joloudari, M. Haderbadi, A. Mashmool, M. Ghasemigol, S. S. Band, and A. Mosavi, “Early Detection of the Advanced Persistent Threat Attack Using Performance Analysis of Deep Learning,†IEEE Access, vol. 8, pp. 186 125–186 137, 2020, https://doi.org/10.1109/ACCESS.2020.3029202. [Online]. Available: https://ieeexplore.ieee.org/document/9214817/
[10] A. Dijk, “Detection of Advanced Persistent Threats using Artificial Intelligence for Deep Packet Inspection,†in 2021 IEEE International Conference on Big Data (Big Data), Dec. 2021, pp. 2092–2097, https://doi.org/10.1109/BigData52589.2021. 9671464. [Online]. Available: https://ieeexplore.ieee.org/document/9671464
[11] R.-H. Hwang, M.-C. Peng, C.-W. Huang, P.-C. Lin, and V.-L. Nguyen, “An Unsupervised Deep Learning Model for Early Network Traffic Anomaly Detection,†IEEE Access, vol. 8, pp. 30 387–30 399, 2020, https://doi.org/10.1109/ACCESS.2020.2973023. [Online]. Available: https://ieeexplore.ieee.org/document/8990084
[12] J. V. BibalBenifa, S. Krishnann, H. Long, R. Kumar, and D. Taniar, “Performance Analysis of Machine Learning and Pattern Matching Techniques for Deep Packet Inspection in Firewalls,†Sep. 2021, https://doi.org/10.21203/rs.3.rs-260788/v1. [Online]. Available: https://www.researchsquare.com/article/rs-260788/v1
[13] M. Lngkvist, L. Karlsson, and A. Loutfi, “A review of unsupervised feature learning and deep learning for time-series modeling,†Pattern Recognition Letters, vol. 42, pp. 11–24, Jun. 2014, https://doi.org/10.1016/j.patrec.2014.01.008. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0167865514000221
[14] S. Mojrian, G. Pinter, J. H. Joloudari, I. Felde, A. Szabo-Gali, L. Nadai, and A. Mosavi, “Hybrid Machine Learning Model of Extreme Learning Machine Radial basis function for Breast Cancer Detection and Diagnosis; a Multilayer Fuzzy Expert System,†in 2020 RIVF International Conference on Computing and Communication Technologies (RIVF), Oct. 2020, pp. 1–7, https://doi.org/10.1109/RIVF48685.2020.9140744. [Online]. Available: https://ieeexplore.ieee.org/document/9140744
[15] J. H. Joloudari, H. Saadatfar, A. Dehzangi, and S. Shamshirband, “Computer-aided decision-making for predicting liver disease using PSO-based optimized SVM with feature selection,†Informatics in Medicine Unlocked, vol. 17, p. 100255, Jan. 2019, https://doi.org/10.1016/j.imu.2019.100255. [Online]. Available: https://www.sciencedirect.com/science/article/pii/ S2352914819302539
Unduhan
Diterbitkan
2024-08-20
Terbitan
Bagian
Articles
Cara Mengutip
[1]
J. Asian, D. Erlangga, and M. Ayu, “Data Exfiltration Anomaly Detection on Enterprise Networks using Deep Packet Inspection”, MATRIK, vol. 22, no. 3, pp. 665–672, Aug. 2024, doi: 10.30812/matrik.v22i3.3089.
Artikel Serupa
- Edi Ismanto, Januar Al Amien, Vitriani Vitriani, A Comparison of Enhanced Ensemble Learning Techniques for Internet of Things Network Attack Detection , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol 23 No 3 (2024)
- Susandri Susandri, Ahmad Zamsuri, Nurliana Nasution, Yoyon Efendi, Hiba Basim Alwan, The Mitigating Overfitting in Sentiment Analysis Insights from CNN-LSTM Hybrid Models , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol 24 No 2 (2025)
- Aini Suri Talita, Aristiawan Wiguna, Implementasi Algoritma Long Short-Term Memory (LSTM) Untuk Mendeteksi Ujaran Kebencian (Hate Speech) Pada Kasus Pilpres 2019 , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol 19 No 1 (2019)
- Didih Rizki Chandranegara, Faras Haidar Pratama, Sidiq Fajrianur, Moch Rizky Eka Putra, Zamah Sari, Automated Detection of Breast Cancer Histopathology Image Using Convolutional Neural Network and Transfer Learning , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol 22 No 3 (2023)
- Miftahus Sholihin, Mohd Farhan Bin Md. Fudzee, Lilik Anifah, A Novel CNN-Based Approach for Classification of Tomato Plant Diseases , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol 24 No 3 (2025)
- Danang Wahyu Utomo, Christy Atika Sari, Folasade Olubusola Isinkaye, Quality Improvement for Invisible Watermarking using Singular Value Decomposition and Discrete Cosine Transform , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol 23 No 3 (2024)
- Firda Yunita Sari, Maharani sukma Kuntari, Hani Khaulasari, Winda Ari Yati, Comparison of Support Vector Machine Performance with Oversampling and Outlier Handling in Diabetic Disease Detection Classification , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol 22 No 3 (2023)
- Nurun Latifah, Ramaditia Dwiyansaputra, Gibran Satya Nugraha, Multiclass Text Classification of Indonesian Short Message Service (SMS) Spam using Deep Learning Method and Easy Data Augmentation , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol 23 No 3 (2024)
- Ni Wayan Sumartini Saraswati, I Gusti Ayu Agung Diatri Indradewi, Recognize The Polarity of Hotel Reviews using Support Vector Machine , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol 22 No 1 (2022)
- Ni Wayan Sumartini Saraswati, I Wayan Dharma Suryawan, Ni Komang Tri Juniartini, I Dewa Made Krishna Muku, Poria Pirozmand, Weizhi Song, Recognizing Pneumonia Infection in Chest X-Ray Using Deep Learning , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol 23 No 1 (2023)
1-10 dari 294
Berikutnya
Anda juga bisa Mulai pencarian similarity tingkat lanjut untuk artikel ini.
.png)
