Detecting Sensitive Data Exfiltration by an Insider Attack

Dipak Ghosal

Methods to detect and mitigate insider threats are critical elements in the overall information protection strategy. Within the broader scope of insider threats, we focus on detecting exfiltration of sensitive data through the high-speed network. We propose a multilevel approach that consists of three main components: 1) network level application identification, 2) content signature generation and detection, and 3) covert communication detection. The key scientific approach used for all the above components is applying statistical and signal processing techniques on network traffic to generate signatures and/or extract features for classification purposes. In this talk, I will present the overall research directions and some preliminary results.

 

 

 

 

 

---

Home Page	Planned Agenda	Invitation (PDF)
Summary (1 page, PDF)	Current Attendee List	R. S. V. P.
Meeting on June 17 in 1003 John D. Kemper Hall, UC Davis