New Perspectives on Data Exfiltration Detection for Advanced Persistent Threats Based on Ensemble Deep Learning Tree

Xiaojuan Cai; Hiroshi Koide

doi:10.5220/0012181200003584

New Perspectives on Data Exfiltration Detection for Advanced Persistent Threats Based on Ensemble Deep Learning Tree

Xiaojuan Cai, Hiroshi Koide

2023

Abstract

Data exfiltration of Advanced Persistent Threats (APTs) is a critical concern for high-value entities such as governments, large enterprises, and critical infrastructures, as attackers deploy increasingly sophisticated and stealthy tactics. Although extensive research has focused on methods to detect and halt APTs at the onset of an attack (e.g., examining data exfiltration over Domain Name System tunnels), there has been a lack of attention towards detecting sensitive data exfiltration once an APT has gained a foothold in the victim system. To address this gap, this paper analyzes data exfiltration detection from two new perspectives: exfiltration over a command-and-control channel and limitations on exfiltration transfer size, assuming that APT attackers have established a presence in the victim system. We introduce two detection mechanisms (Transfer Lifetime Volatility & Transfer Speed Volatility) and propose an ensemble deep learning tree model, EDeepXGB, based on eXtreme Gradient Boosting, to analyze data exfiltration from these perspectives. By comparing our approach with eight deep learning models (including four deep neural networks and four convolutional neural networks) and four traditional machine learning models (Naive Bayes, Quadratic Discriminant Analysis, Random Forest, and AdaBoost), our approach demonstrates competitive performance on the latest public real-world dataset (Unraveled-2023), with Precision of 91.89%, Recall of 93.19%, and F1-Score of 92.49%.

Download

Paper Citation

in Harvard Style

Cai X. and Koide H. (2023). New Perspectives on Data Exfiltration Detection for Advanced Persistent Threats Based on Ensemble Deep Learning Tree. In Proceedings of the 19th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST; ISBN 978-989-758-672-9, SciTePress, pages 276-285. DOI: 10.5220/0012181200003584

in Bibtex Style

@conference{webist23,
author={Xiaojuan Cai and Hiroshi Koide},
title={New Perspectives on Data Exfiltration Detection for Advanced Persistent Threats Based on Ensemble Deep Learning Tree},
booktitle={Proceedings of the 19th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST},
year={2023},
pages={276-285},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012181200003584},
isbn={978-989-758-672-9},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 19th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST
TI - New Perspectives on Data Exfiltration Detection for Advanced Persistent Threats Based on Ensemble Deep Learning Tree
SN - 978-989-758-672-9
AU - Cai X.
AU - Koide H.
PY - 2023
SP - 276
EP - 285
DO - 10.5220/0012181200003584
PB - SciTePress