{"title":"PANDDE:基于来源的数据泄露异常检测","authors":"Daren Fadolalkarim, Asmaa Sallam, E. Bertino","doi":"10.1145/2857705.2857710","DOIUrl":null,"url":null,"abstract":"Preventing data exfiltration by insiders is a challenging process since insiders are users that have access permissions to the data. Existing mechanisms focus on tracking users' activities while they are connected to the database, and are unable to detect anomalous actions that the users perform on the data once they gain access to it. Being able to detect anomalous actions on the data is critical as these actions are often sign of attempts to misuse data. In this paper, we propose an approach to detect anomalous actions executed on data returned to the users from a database. The approach has been implemented as part of the Provenance-based ANomaly Detection of Data Exfiltration (PANDDE) tool. PANDDE leverages data provenance information captured at the operating system level. Such information is then used to create profiles of users' actions on the data once retrieved from the database. The profiles indicate actions that are consistent with the tasks of the users. Actions recorded in the profiles include data printing, emailing, and storage. Profiles are then used at run-time to detect anomalous actions.","PeriodicalId":377412,"journal":{"name":"Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy","volume":"22 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-03-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"PANDDE: Provenance-based ANomaly Detection of Data Exfiltration\",\"authors\":\"Daren Fadolalkarim, Asmaa Sallam, E. Bertino\",\"doi\":\"10.1145/2857705.2857710\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Preventing data exfiltration by insiders is a challenging process since insiders are users that have access permissions to the data. Existing mechanisms focus on tracking users' activities while they are connected to the database, and are unable to detect anomalous actions that the users perform on the data once they gain access to it. Being able to detect anomalous actions on the data is critical as these actions are often sign of attempts to misuse data. In this paper, we propose an approach to detect anomalous actions executed on data returned to the users from a database. The approach has been implemented as part of the Provenance-based ANomaly Detection of Data Exfiltration (PANDDE) tool. PANDDE leverages data provenance information captured at the operating system level. Such information is then used to create profiles of users' actions on the data once retrieved from the database. The profiles indicate actions that are consistent with the tasks of the users. Actions recorded in the profiles include data printing, emailing, and storage. Profiles are then used at run-time to detect anomalous actions.\",\"PeriodicalId\":377412,\"journal\":{\"name\":\"Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy\",\"volume\":\"22 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-03-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2857705.2857710\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2857705.2857710","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
PANDDE: Provenance-based ANomaly Detection of Data Exfiltration
Preventing data exfiltration by insiders is a challenging process since insiders are users that have access permissions to the data. Existing mechanisms focus on tracking users' activities while they are connected to the database, and are unable to detect anomalous actions that the users perform on the data once they gain access to it. Being able to detect anomalous actions on the data is critical as these actions are often sign of attempts to misuse data. In this paper, we propose an approach to detect anomalous actions executed on data returned to the users from a database. The approach has been implemented as part of the Provenance-based ANomaly Detection of Data Exfiltration (PANDDE) tool. PANDDE leverages data provenance information captured at the operating system level. Such information is then used to create profiles of users' actions on the data once retrieved from the database. The profiles indicate actions that are consistent with the tasks of the users. Actions recorded in the profiles include data printing, emailing, and storage. Profiles are then used at run-time to detect anomalous actions.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
