SIMPLE MECHANISM FOR POSSIBLE INFORMATION LEAK DETECTION ON DATA NETWORKS

• Main Author: Javier Alfonso Valdés
• Format: Article
• Language: Spanish
• Published: Departamento de Telecomunicaciones y Telemática 2021-03-01
• Series: Telemática
• Subjects: fuga de información, periodicidad, tráfico de red, desviación estándar
• Online Access: https://revistatelematica.cujae.edu.cu/index.php/tele/article/view/431

The leakage of sensitive information is one of the main problems faced by institutions. Traditional rules-based tools like Snort or Suricata are able to efficiently detect known threats, but are useless against APTs (Advanced Persistent Threats). APTs use unknown vulnerabilities and standard protocols with encryption, simulating normal behavior. In this research a simple method based on the standard deviation of the times between the arrival of flows is proposed. It seeks to detect periodic outgoing connections that can be analyzed by specialists in search of information leakage. Suspicious periodic connections were identified, one of them corresponding to a poorly configured service that reported user data, effectively identifying a case of information leakage.