Automatic Identification & Mitigation of Unauthorized Information Leaking from Enterprise Networks

Abstract

Malicious code such as spyware, adware, key loggers, Trojans, rootkits, botnets and other unauthorized software pose serious threats to the DoD enterprise as they may be used to collect information, provide access, respond to remote commands, and exfiltrate data. The goal of this project was to develop and evaluate novel mechanisms to classify and identify malicious software running in the enterprise by examining program network traffic and automatically generate the appropriate profiles of network behavior for each program, which we call application network behavior signatures. Where current approaches develop signatures of known attacks, our approach is to validate all outgoing network sessions based on their application network behavior signatures. Our approach is two pronged: (1) we passively examine the network characteristics of applications using a set of transparent proxies located on the network edges that use packet fingerprinting algorithms, and (2) in addition to pure passive monitoring, we are developing active content challenge approaches to verifying the authenticity of programs sending outbound data.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Nov 27, 2012
Accession Number
ADA625882

Entities

People

  • Angelos Stavrou
  • Anup Ghosh
  • Christopher Greamo

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Command And Control
  • Contracts
  • Department Of Defense
  • Detection
  • Engineering
  • Identification
  • Intellectual Property
  • Internet
  • Intrusion Detection
  • Malware
  • Mathematics
  • Network Protocols
  • Patents
  • Reliability
  • Students
  • Voice Over Internet Protocol
  • Web Browsers

Fields of Study

  • Computer science

Readers

  • Computer Networking
  • Cybersecurity.
  • Sensor Fusion and Tracking Systems.