Standard

A Hybrid Framework for Data Loss Prevention and Detection. / Costante, Elisa; Fauri, Davide; Etalle, Sandro; Hartog, Jerry Den; Zannone, Nicola.

Proceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016. IEEE, 2016. p. 324-333 7527785.

Research output: Scientific - peer-reviewConference contribution

Harvard

Costante, E, Fauri, D, Etalle, S, Hartog, JD & Zannone, N 2016, A Hybrid Framework for Data Loss Prevention and Detection. in Proceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016., 7527785, IEEE, pp. 324-333, 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016, San Jose, United States, 23/05/16. DOI: 10.1109/SPW.2016.24

APA

Costante, E., Fauri, D., Etalle, S., Hartog, J. D., & Zannone, N. (2016). A Hybrid Framework for Data Loss Prevention and Detection. In Proceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016 (pp. 324-333). [7527785] IEEE. DOI: 10.1109/SPW.2016.24

Vancouver

Costante E, Fauri D, Etalle S, Hartog JD, Zannone N. A Hybrid Framework for Data Loss Prevention and Detection. In Proceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016. IEEE. 2016. p. 324-333. 7527785. Available from, DOI: 10.1109/SPW.2016.24

Author

Costante, Elisa ; Fauri, Davide ; Etalle, Sandro ; Hartog, Jerry Den ; Zannone, Nicola. / A Hybrid Framework for Data Loss Prevention and Detection. Proceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016. IEEE, 2016. pp. 324-333

BibTeX

@inbook{776529c139e84e37b6da4b37a78c8be1,
title = "A Hybrid Framework for Data Loss Prevention and Detection",
abstract = "Data loss, i.e. the unauthorized/unwanted disclosure of data, is a major threat for modern organizations. Data Loss Protection (DLP) solutions in use nowadays, either employ patterns of known attacks (signature-based) or try to find deviations from normal behavior (anomaly-based). While signature-based solutions provide accurate identification of known attacks and, thus, are suitable for the prevention of these attacks, they cannot cope with unknown attacks, nor with attackers who follow unusual paths (like those known only to insiders) to carry out their attack. On the other hand, anomaly-based solutions can find unknown attacks but typically have a high false positive rate, limiting their applicability to the detection of suspicious activities. In this paper, we propose a hybrid DLP framework that combines signature-based and anomaly-based solutions, enabling both detection and prevention. The framework uses an anomaly-based engine that automatically learns a model of normal user behavior, allowing it to flag when insiders carry out anomalous transactions. Typically, anomaly-based solutions stop at this stage. Our framework goes further in that it exploits an operator's feedback on alerts to automatically build and update signatures of attacks that are used to timely block undesired transactions before they can cause any damage.",
keywords = "data loss, detection, prevention, white-box anomaly detection",
author = "Elisa Costante and Davide Fauri and Sandro Etalle and Hartog, {Jerry Den} and Nicola Zannone",
year = "2016",
month = "8",
doi = "10.1109/SPW.2016.24",
isbn = "978-1-5090-3691-2",
pages = "324--333",
booktitle = "Proceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016",
publisher = "IEEE",
address = "United States",

}

RIS

TY - CHAP

T1 - A Hybrid Framework for Data Loss Prevention and Detection

AU - Costante,Elisa

AU - Fauri,Davide

AU - Etalle,Sandro

AU - Hartog,Jerry Den

AU - Zannone,Nicola

PY - 2016/8/1

Y1 - 2016/8/1

N2 - Data loss, i.e. the unauthorized/unwanted disclosure of data, is a major threat for modern organizations. Data Loss Protection (DLP) solutions in use nowadays, either employ patterns of known attacks (signature-based) or try to find deviations from normal behavior (anomaly-based). While signature-based solutions provide accurate identification of known attacks and, thus, are suitable for the prevention of these attacks, they cannot cope with unknown attacks, nor with attackers who follow unusual paths (like those known only to insiders) to carry out their attack. On the other hand, anomaly-based solutions can find unknown attacks but typically have a high false positive rate, limiting their applicability to the detection of suspicious activities. In this paper, we propose a hybrid DLP framework that combines signature-based and anomaly-based solutions, enabling both detection and prevention. The framework uses an anomaly-based engine that automatically learns a model of normal user behavior, allowing it to flag when insiders carry out anomalous transactions. Typically, anomaly-based solutions stop at this stage. Our framework goes further in that it exploits an operator's feedback on alerts to automatically build and update signatures of attacks that are used to timely block undesired transactions before they can cause any damage.

AB - Data loss, i.e. the unauthorized/unwanted disclosure of data, is a major threat for modern organizations. Data Loss Protection (DLP) solutions in use nowadays, either employ patterns of known attacks (signature-based) or try to find deviations from normal behavior (anomaly-based). While signature-based solutions provide accurate identification of known attacks and, thus, are suitable for the prevention of these attacks, they cannot cope with unknown attacks, nor with attackers who follow unusual paths (like those known only to insiders) to carry out their attack. On the other hand, anomaly-based solutions can find unknown attacks but typically have a high false positive rate, limiting their applicability to the detection of suspicious activities. In this paper, we propose a hybrid DLP framework that combines signature-based and anomaly-based solutions, enabling both detection and prevention. The framework uses an anomaly-based engine that automatically learns a model of normal user behavior, allowing it to flag when insiders carry out anomalous transactions. Typically, anomaly-based solutions stop at this stage. Our framework goes further in that it exploits an operator's feedback on alerts to automatically build and update signatures of attacks that are used to timely block undesired transactions before they can cause any damage.

KW - data loss

KW - detection

KW - prevention

KW - white-box anomaly detection

UR - http://www.scopus.com/inward/record.url?scp=85008686925&partnerID=8YFLogxK

U2 - 10.1109/SPW.2016.24

DO - 10.1109/SPW.2016.24

M3 - Conference contribution

SN - 978-1-5090-3691-2

SP - 324

EP - 333

BT - Proceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016

PB - IEEE

ER -

ID: 32864140