SIMPLE MECHANISM FOR POSSIBLE INFORMATION LEAK DETECTION ON DATA NETWORKS

SIMPLE MECHANISM FOR POSSIBLE INFORMATION LEAK DETECTION ON DATA NETWORKS

The leakage of sensitive information is one of the main problems faced by institutions. Traditional rules-based tools like Snort or Suricata are able to efficiently detect known threats, but are useless against APTs (Advanced Persistent Threats). APTs use unknown vulnerabilities and standard protoco...

Full description

Bibliographic Details
Main Author: Javier Alfonso Valdés
Format: Article
Language:Spanish
Published: Departamento de Telecomunicaciones y Telemática 2021-03-01
Series:Telemática
Subjects:
fuga de información, periodicidad, tráfico de red, desviación estándar
Online Access:https://revistatelematica.cujae.edu.cu/index.php/tele/article/view/431
Description
Summary:The leakage of sensitive information is one of the main problems faced by institutions. Traditional rules-based tools like Snort or Suricata are able to efficiently detect known threats, but are useless against APTs (Advanced Persistent Threats). APTs use unknown vulnerabilities and standard protocols with encryption, simulating normal behavior. In this research a simple method based on the standard deviation of the times between the arrival of flows is proposed. It seeks to detect periodic outgoing connections that can be analyzed by specialists in search of information leakage. Suspicious periodic connections were identified, one of them corresponding to a poorly configured service that reported user data, effectively identifying a case of information leakage.
ISSN:1729-3804

Similar Items