survey

Implementing Data Exfiltration Defense in Situ: A Survey of Countermeasures and Human Involvement

Authors:

Mark H. ChignellAuthors Info & Claims

ACM Computing Surveys, Volume 55, Issue 14s

Article No.: 303, Pages 1 - 37

https://doi.org/10.1145/3582077

Published: 17 July 2023 Publication History

Abstract

In this article we consider the problem of defending against increasing data exfiltration threats in the domain of cybersecurity. We review existing work on exfiltration threats and corresponding countermeasures. We consider current problems and challenges that need to be addressed to provide a qualitatively better level of protection against data exfiltration. After considering the magnitude of the data exfiltration threat, we outline the objectives of this article and the scope of the review. We then provide an extensive discussion of present methods of defending against data exfiltration. We note that current methodologies for defending against data exfiltration do not connect well with domain experts, both as sources of knowledge and as partners in decision-making. However, human interventions continue to be required in cybersecurity. Thus, cybersecurity applications are necessarily socio-technical systems that cannot be safely and efficiently operated without considering relevant human factor issues. We conclude with a call for approaches that can more effectively integrate human expertise into defense against data exfiltration.

References

[1]

2019. Nodoze: Combatting threat alert fatigue with automated provenance triage. Network and Distributed Systems Security Symposium (NDSS’19).

[2]

Islam Abdalla and Mohamed Abass. 2018. Social engineering threat and defense: A literature survey. Journal of Information Security 9 (2018), 257–264.

[3]

Qasem Abu Al-Haija and Abdelraouf Ishtaiwi. 2021. Machine learning based model to identify firewall decisions to improve cyber-defense. International Journal on Advanced Science Engineering and Information Technology 11, 4 (2021).

[4]

M. Afshar, S. Samet, and H. Usefi. 2021. Incorporating behavior in attribute based access control model using machine learning. In 2021 IEEE International Systems Conference (SysCon). IEEE, 1–8.

[5]

Alfred V. Aho and Margaret J. Corasick. 1975. Efficient string matching. Commun. ACM 18, 6 (June1975), 333–340.

Digital Library

[6]

Rawan Al-Shaer, Jonathan M. Spring, and Eliana Christou. 2020. Learning the associations of MITRE ATT CK adversarial techniques. In 2020 IEEE Conference on Communications and Network Security (CNS’20).

[7]

Wajdi Alhakami, Abdullah Alharbi, Sami Bourouis, Roobaea Alroobaea, and Nizar Bouguila. 2019. Network anomaly intrusion detection using a nonparametric Bayesian approach and feature selection. IEEE Access 7 (2019), 52181–52190.

[8]

Sultan Alneyadi, Elankayer Sithirasenan, and Vallipuram Muthukkumarasamy. 2016. A survey on data leakage prevention systems. Journal of Network and Computer Applications 62 (Feb.2016), 137–152.

Digital Library

[9]

Dennis Appelt, Cu D. Nguyen, and Lionel Briand. 2015. Behind an application firewall, are we safe from SQL injection attacks? In 2015 IEEE 8th International Conference on Software Testing, Verification and Validation (ICST’15) - Proceedings.

[10]

Abir Awad, Sara Kadry, Guraraj Maddodi, Saul Gill, and Brian Lee. 2016. Data leakage detection using system call provenance. Proceedings - 2016 International Conference on Intelligent Networking and Collaborative Systems, IEEE (INCoS’16), 486–491.

[11]

Amos Azaria, Ariella Richardson, Sarit Kraus, and V. S. Subrahmanian. 2014. Behavioral analysis of insider threat: A survey and bootstrapped prediction in imbalanced data. 135–155 pages.

[12]

P. Baecher, M. Koetter, T. Holz, M. Dornseif, and F. Freiling. 2006. The nepenthes platform: An efficient approach to collect malware. In Recent Advances in Intrusion Detection: 9th International Symposium, (RAID’06 Hamburg, Germany, September 20-22, 2006 Proceedings 9), Springer Berlin Heidelberg, 165–184.

[13]

Ashutosh Bahuguna, R. K. Bisht, and Jeetendra Pande. 2020. Country-level cybersecurity posture assessment:Study and analysis of practices. Information Security Journal 29, 5 (Sept.2020), 250–266.

[14]

Wade Baker, Mark Goudie, Alexander Hutton, C. David Hylender, Jelle Niemantsverdriet, Christopher Novak, David Ostertag, Christopher Porter, Mike Rosen, Bryan Sartin, et al. 2011. 2011 Data Breach Investigations Report. Verizon RISK Team. www.verizonbusiness.com/resources/reports/rp_databreach-investigationsreport-2011_en_xg.pdf. 1–72.

[15]

Tao Ban, Ndichu Samuel, Takeshi Takahashi, and Daisuke Inoue. 2021. Combat security alert fatigue with AI-assisted techniques. In ACM International Conference Proceeding Series. 9–16.

[16]

Gagan Bansal, Raymond Fok, Marco Tulio Ribeiro, Tongshuang Wu, Joyce Zhou, Ece Kamar, Daniel S. Weld, and Besmira Nushi. 2021. Does the whole exceed its parts? The effect of AI explanations on complementary team performance. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems. 1–16.

[17]

Gagan Bansal, Besmira Nushi, Ece Kamar, Walter S. Lasecki, Daniel S. Weld, and Eric Horvitz. 2019. Beyond Accuracy: The Role of Mental Models in Human-AI Team Performance. Technical Report 1. 19 pages. www.aaai.org.

[18]

Gagan Bansal, Besmira Nushi, Ece Kamar, Daniel S. Weld, Walter S. Lasecki, and Eric Horvitz. 2019. Updates in human-AI teams: Understanding and addressing the performance/compatibility tradeoff. In 33rd AAAI Conference on Artificial Intelligence (AAAI’19), 31st Innovative Applications of Artificial Intelligence Conference (IAAI’19), and the 9th AAAI Symposium on Educational Advances in Artificial Intelligence (EAAI’19). 2429–2437.

Digital Library

[19]

Paul Barford, Marc Dacier, Thomas G. Dietterich, Matt Fredrikson, Jon Giffin, Sushil Jajodia, Somesh Jha, Jason Li, Peng Liu, Peng Ning, Xinming Ou, Dawn Song, Laura Strater, Vipin Swarup, George Tadda, Cliff Wang, and John Yen. 2010. Cyber SA: Situational awareness for cyber defense. Advances in Information Security 46 (2010), 3–13.

[20]

Punam Bedi, Vandana Gandotra, Archana Singhal, Himanshi Narang, and Sumit Sharma. 2012. Threat-oriented security framework in risk management using multiagent system. Wiley Online Library 43, 9 (Sept. 2012), 1013–1038.

[21]

Maya Bercovitch, Meir Renford, Lior Hasson, Asaf Shabtai, Lior Rokach, and Yuval Elovici. 2011. HoneyGen: An automated honeytokens generator. In Proceedings of 2011 IEEE International Conference on Intelligence and Security Informatics (ISI’11). 131–136.

[22]

Deepavali Bhagwat, Laura Chiticariu, Wang-Chiew Tan, Gaurav Vijayvargiya, D. Bhagwat, L. Chiticariu, W.-C. Tan, and G. Vijayvargiya. 2005. An annotation management system for relational databases. VLDB Journal 14, 4 (Oct.2005), 373–396.

[23]

Sandeep Bhatt, Pratyusa K. Manadhata, and Loai Zomlot. 2014. The operational role of security information and event management systems. IEEE Security and Privacy 12, 5 (2014), 35–41.

[24]

R. M. Blank. 2011. Guide for conducting risk assessments. (2011).

[25]

James P. Bliss and Richard D. Gilson. 1998. Emergency signal failure: Implications and recommendations. Ergonomics 41, 1 (Jan.1998), 57–72.

[26]

D. J. Bodeau, C. D. McCollum, and D. B. Fox. 2018. Cyber threat modeling: Survey, assessment, and representative framework. (2018).

[27]

Lance Bonner. 2012. Cyber risk: How the 2011 Sony data breach and the need for cyber risk insurance policies should direct the federal response to rising data breaches. Wash. UJL & Pol’y 40 (2012), 257.

[28]

Blake D. Bryant and Hossein Saiedian. 2020. Improving SIEM alert metadata aggregation with a novel kill-chain based classification model. Computers & Security 94 (2020), 101817.

[29]

Peter Buneman, Sanjeev Khanna, and Wang Chiew Tan. 2001. Why and where: A characterization of data provenance. In International Conference on Database Theory, Vol. 1973, Springer, Berlin, 316–330.

[30]

Peter Buneman and Wang-Chiew Tan. 2018. Data provenance: What next? ACM SIGMOD Record 47, 3 (2018), 5–13.

Digital Library

[31]

S. Caltagirone, A. Pendergast, and C. Betz. 2013. The Diamond Model of Intrusion Analysis. Center for Cyber Intelligence Analysis and Threat Research.

[32]

J. J. Cash. 2009. Alert fatigue. American Journal of Health-System Pharmacy 66, 23 (2009), 2098–2101.

[33]

Davide Castelvecchi. 2020. Quantum-computing pioneer warns of complacency over internet security - document - gale academic onefile. Nature 587, 7833 (2020), 189–190.

[34]

S. A. Chamkar, Y. Maleh, and N. Gherabi. 2022. The human factor capabilities in security operation center (SOC). EDPACS 66, 1 (2022), 1–14.

[35]

S. Chandel, S. Yu, T. Yitian, Z. Zhili, and H. Yusheng. 2019. Endpoint protection: Measuring the effectiveness of remediation technologies and methodologies for insider threat. In 2019 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC’19). 81–89.

[36]

J. D. Chaparro, C. Hussain, J. A. Lee, J. Hehmeyer, M. Nguyen, and J. Hoffman. 2020. Reducing interruptive alert burden using quality improvement methodology. Applied Clinical Informatics 11, 01(2020), 046–058.

[37]

Suresh N. Chari and Pau-Chen Cheng. 2003. BlueBoX: A policy-driven, host-based intrusion detection system. ACM Transactions on Information and System Security 6, 2 (2003), 173–200.

Digital Library

[38]

Ping Chen, Lieven Desmet, and Christophe Huygens. 2014. A study on advanced persistent threats. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 8735 LNCS (2014), 63–72.

[39]

Zouhair Chiba, Noureddine Abghour, Khalid Moussaid, Amina El Omri, and Mohamed Rida. 2018. A novel architecture combined with optimal parameters for back propagation neural networks applied to anomaly network intrusion detection. Computers & Security 75 (June2018), 36–58.

[40]

Mu Huan Chung, Mark Chignell, Lu Wang, Alexandra Jovicic, and Abhay Raman. 2020. Interactive machine learning for data exfiltration detection: Active learning with human expertise. IEEE Transactions on Systems, Man, and Cybernetics: Systems (Oct. 2020), 280–287.

[41]

M. Cinque, D. Cotroneo, and A. Pecchia. 2018. Challenges and directions in security information and event management (SIEM). In 2018 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW). IEEE, 95–99.

[42]

Clearswift. 2013. The Enemy Within: An Emerging Threat...https://www.clearswift.com/blog/2013/05/02/enemy-within-emerging-threat.

[43]

Chris W. Clegg. 2000. Sociotechnical principles for system design. Applied Ergonomics 31, 5 (2000), 463–477.

[44]

Victor Clincy and Hossain Shahriar. 2018. Web application firewall: Network security models and configuration. Proceedings - International Computer Software and Applications Conference 1 (June2018), 835–836.

[45]

B. Commentz-Walter. 1979. A string matching algorithm fast on the average. In Springer- International Colloquium on Automata, Languages, and Programming. 118–132.

[46]

U. S. Congress. 1982. Security Classification Policy and Executive Order 12356, 13–20 pages.

[47]

Jose Antonio Coret. 2006. Kojoney - A honeypot for the SSH Service.

[48]

Lorrie Faith Cranor. 2008. A framework for reasoning about the human in the loop. In Usability, Psychology, and Security (UPSEC’08).

[49]

CrowdStrike. 2022. 2022 global threat report. (2022). https://www.crowdstrike.com/resources/reports/global-threat-report/.

[50]

Joan Daemen and Vincent Rijmen. 1999. AES proposal: Rijndael. (1999).

[51]

R. N. Dahbul, C. Lim, and J. Purnama. 2017. Enhancing honeypot deception capability through network service fingerprinting. Journal of Physics: Conference Series 801, 1 (Jan.2017), 012057.

[52]

K. Daniel and J. Andreas. 2022. Evaluation of AI-based use cases for enhancing the cyber security defense of small and medium-sized companies (SMEs). Electronic Imaging 34 (2022), 1–8.

[53]

Ruth M. Davis. 1978. The data encryption standard in perspective. IEEE Communications Society Magazine 16, 6 (1978), 5–9.

[54]

T. Dierks and E. Rescorla. [n.d.]. The Transport Layer Security (TLS) Protocol Version 1.2.

[55]

W. Diffie and M. E. Hellman. 2022. New directions in cryptography. In Democratizing Cryptography: The Work of Whitfield Diffie and Martin Hellman. 365–390.

[56]

Deborah D. Downs, Jerzy R. Rub, Kenneth C. Kung, and Carole S. Jordan. 1985. Issues in discretionary access control. In Proceedings - IEEE Symposium on Security and Privacy. 208–218.

[57]

Mahmoud Elkhodr and Belal Alsinglawi. 2020. Data provenance and trust establishment in the Internet of Things. Security and Privacy 3, 3 (May2020), e99.

[58]

Mica R. Endsley. 1988. Design and evaluation for situation awareness enhancement. Proceedings of the Human Factors Society Annual Meeting 32, 2 (Oct.1988), 97–101.

[59]

Eden Estopace. 2016. Massive data breach exposes all Philippines voters. https://www.telecomasia.net/content/massive-data-breach-exposes-all-philippines-voters.

[60]

Daren Fadolalkarim and Elisa Bertino. 2019. A-PANDDE: Advanced provenance-based anomaly detection of data exfiltration. Computers & Security 84 (July2019), 276–287.

Digital Library

[61]

Daren Fadolalkarim, Asmaa Sallam, and Elisa Bertino. 2016. PANDDE: Provenance-based anomaly detection of data exfiltration. In Proceedings of the 6th ACM Conference on Data and Application Security and Privacy (CODASPY’16), 267–276.

[62]

B. S. Fakiha. 2020. Effectiveness of security incident event management (SIEM) system for cyber security situation awareness. Indian Journal of Forensic Medicine and Toxicology 14, 4 (2020), 802–808.

[63]

D. Ferraiolo, J. Cugini, and D. R. Kuhn. 1995. Role-based access control (RBAC): Features and motivations In. Proceedings of 11th Computer Security Application Conference. 241–248.

[64]

David F. Ferraiolo, Ravi Sandhu, Serban Gavrila, D. Richard Kuhn, and Ramaswamy Chandramouli. 2001. Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security (TISSEC) 4, 3 (Aug.2001), 224–274.

Digital Library

[65]

U. Franke and J. Brynielsson Security. 2014. Cyber situational awareness-A systematic review of the literature. Computers & security 46 (2014), 18–31.

[66]

Maxime Frydman, Guifré Ruiz, Elisa Heymann, Eduardo César, and Barton P. Miller. 2014. Automating risk analysis of software design models. Scientific World Journal (2014).

[67]

Sean Gallagher. 2015. At first cyber meeting, China claims OPM hack is “criminal case” [Updated]. | Ars Technica. https://arstechnica.com/tech-policy/2015/12/at-first-cyber-meeting-china-claims-opm-hack-is-criminal-case/.

[68]

P. García-Teodoro, J. Díaz-Verdejo, G. Maciá-Fernández, and E. Vázquez. 2009. Anomaly-based network intrusion detection: Techniques, systems and challenges. Computers and Security 28, 1–2 (2009), 18–28.

Digital Library

[69]

Jill Gerhardt-Powals. 1996. Cognitive engineering principles for enhancing human-computer performance. Plastics, Rubber and Composites Processing and Applications 8, 2 (1996), 189–211.

[70]

Iffat A. Gheyas and Ali E. Abdallah. 2016. Detection and prediction of insider threats to cyber security: A systematic literature review and meta-analysis. Big Data Analytics 1, 1 (2016), 1–29.

[71]

Shafi Goldwasser and Silvio Micali. 1984. Probabilistic encryption. J. Comput. System Sci. 28, 2 (April1984), 270–299.

[72]

Gustavo González-Granadillo, Susana González-Zarzosa, and Rodrigo Diaz. 2021. Security information and event management (SIEM): Analysis, trends, and usage in critical infrastructures. Sensors 21, 14 (2021), 4759.

[73]

Stephanie Gootman. 2016. OPM hack: The most dangerous threat to the federal government today. Journal of Applied Security Research 11, 4 (2016), 517–525.

[74]

Frank L. Greitzer and Deborah A. Frincke. 2010. Combining traditional cyber security audit data with psychosocial data: Towards predictive modeling for insider threat mitigation. In Insider Threats in Cyber Security. Springer, 85–113.

[75]

Wenbo Guo, Dongliang Mu, Jun Xu, Purui Su, Gang Wang, and Xinyu Xing. 2018. Lemna: Explaining deep learning based security applications. In Proceedings of the ACM Conference on Computer and Communications Security. 364–379.

[76]

Hani Hagras. 2018. Toward human-understandable, explainable AI. Computer 51, 9 (Sept.2018), 28–36.

Digital Library

[77]

P. A. Hancock, Tara Kajaks, Jeff K. Caird, Mark H. Chignell, Sachi Mizobuchi, Peter C. Burns, Jing Feng, Geoff R. Fernie, Martin Lavallière, Ian Y. Noy, Donald A. Redelmeier, and Brenda H. Vrkljan. 2020. Challenges to human drivers in increasingly automated vehicles. Human Factors 62, 2 (March2020), 310–328.

[78]

Richard Harang and Peter Guarino. 2012. Clustering of snort alerts to identify patterns and reduce analyst workload. In Proceedings - IEEE Military Communications Conference (MILCOM’12).

[79]

Michael Hart, Pratyusa Manadhata, and Rob Johnson. 2011. Text classification for data loss prevention. Privacy Enhancing Technologies (2011), 18–37.

[80]

W. U. Hassan, M. A. Noureddine, P. Datta, and A. Bates. 2020. OmegaLog: High-fidelity attack investigation via transparent multi-layer log analysis. In Network and Distributed System Security Symposium.

[81]

Morgan Henrie. 2013. Cyber security risk management in the scada critical infrastructure environment. EMJ - Engineering Management Journal 25, 2 (June2013), 38–45.

[82]

Robert R. Hoffman, Shane T. Mueller, Gary Klein, and Jordan Litman. 2018. Metrics for Explainable AI: Challenges and Prospects. arxiv:1812.04608.

[83]

Andreas Holzinger, Markus Plass, Michael Kickmeier-Rust, Katharina Holzinger, Gloria Cerasela Crişan, Camelia M. Pintea, and Vasile Palade. 2019. Interactive machine learning: Experimental evidence for the human in the algorithmic loop: A case study on ant colony optimization. Applied Intelligence 49, 7 (July2019), 2401–2414.

Digital Library

[84]

Ivan Homoliak, Flavio Toffalini, Juan Guarnizo, Yuval Elovici, and Martín Ochoa. 2019. Insight into insiders and it: A survey of insider threat taxonomies, analysis, modeling, and countermeasures. ACM Computing Surveys (CSUR) 52, 2 (2019), 1–40.

Digital Library

[85]

Anne Honkaranta, Tiina Leppanen, and Andrei Costin. 2021. Towards practical cybersecurity mapping of STRIDE and CWE - A multi-perspective approach. Conference of Open Innovation Association (FRUCT’21), 150–159.

[86]

Feng-Yung Hu. 2016. Russian intervention: Paranoia or weapon for national security? From the perspective on public diplomacy. Washington Post.

[87]

Rui Hu, Zheng Yan, Wenxiu Ding, and Laurence T. Yang. 2020. A survey on data provenance in IoT. World Wide Web 23, 2 (March2020), 1441–1463.

[88]

Vincent C. Hu, David Ferraiolo, Rick Kuhn, Arthur R. Friedman, Alan J. Lang, Margaret M. Cogdell, Adam Schnitzer, Kenneth Sandlin, Robert Miller, Karen Scarfone, et al. 2013. Guide to attribute based access control (ABAC) definition and considerations (draft). NIST Special Publication 800, 162 (2013).

[89]

Sebastiaan P. Huber, Spyros Zoupanos, Martin Uhrin, Leopold Talirz, Leonid Kahle, Rico Häuselmann, Dominik Gresch, Tiziano Müller, Aliaksandr V. Yakutovich, Casper W. Andersen, Francisco F. Ramirez, Carl S. Adorf, Fernando Gargiulo, Snehal Kumbhar, Elsa Passaro, Conrad Johnston, Andrius Merkys, Andrea Cepellotti, Nicolas Mounet, Nicola Marzari, Boris Kozinsky, and Giovanni Pizzi. 2020. AiiDA 1.0, a scalable computational infrastructure for automated reproducible workflows and data provenance. Scientific Data 7, 1 (Sept.2020), 1–18. arxiv:2003.12476.

[90]

Jeffrey Hunker and Christian W. Probst. 2011. Insiders and insider threats-an overview of definitions and mitigation techniques. J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl. 2, 1 (2011), 4–27.

[91]

E. M. Hutchins, M. J. Cloppert, and R. M. Amin. 2011. Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Leading Issues in Information Warfare & Security Research 1, 1 (2011), 80.

[92]

Sotiris Ioannidis, Angelos D. Keromytis, Steve M. Bellovin, and Jonathan M. Smith. 2000. Implementing a distributed firewall. In Proceedings of the 7th ACM Conference on Computer and Communications Security. 190–199.

[93]

Graeme Jenkinson, Lucian Carata, Nikilesh Balakrishnan, Thomas Bytheway, Ripduman Sohan, Robert N. M. Watson, Jonathan Anderson, Brian Kidney, Amanda Strnad, and Arun Thomas. 2017. Applying provenance in APT monitoring and analysis: Practical challenges for scalable, efficient and trustworthy distributed provenance. In 9th USENIX Workshop on the Theory and Practice of Provenance.

[94]

Xin Jin, Ram Krishnan, and Ravi Sandhu. 2012. A unified attribute-based access control model covering DAC, MAC and RBAC. In Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). 41–55.

[95]

Shijoe Jose, D. Malathi, Bharath Reddy, and Dorathi Jayaseeli. 2018. A survey on anomaly based host intrusion detection system. In Journal of Physics: Conference Series, Vol. 1000. Institute of Physics Publishing, 12049.

[96]

N. Kaloudi and J. Li. 2020. The ai-based cyber threat landscape: A survey. ACM Computing Surveys (CSUR) 53, 1 (2020), 1–34.

[97]

A. Karahasanovic, P. Kleberger, and M. Almgren. 2017. Adapting threat modeling methods for the automotive industry. In Proceedings of the 15th ESCAR Conference. 1–10.

[98]

Mike Karp. 2005. Keep on truckin’ your back-up tapes? You’ve got to be kidding! | Network World. https://www.networkworld.com/article/2320740/keep-on-truckin--your-back-up-tapes--you-ve-got-to-be-kidding-.html.

[99]

Grigoris Karvounarakis, Zachary G. Ives, and Val Tannen. 2010. Querying data provenance. In Proceedings of the ACM SIGMOD International Conference on Management of Data. 951–962.

[100]

Kelly M. Kavanagh, Oliver Rochford, and Toby Bussa. 2015. Magic quadrant for security information and event management. Gartner Group Research Note.

[101]

Salman Khaliq, Zain Ul Abideen Tariq, and Ammar Masood. 2020. Role of user and entity behavior analytics in detecting insider attacks. 1st Annual International Conference on Cyber Warfare and Security (ICCWS’20) - Proceedings.

[102]

Rafiullah Khan, Kieran McLaughlin, David Laverty, and Sakir Sezer. 2017. STRIDE-based threat modeling for cyber-physical systems. In 2017 IEEE PES Innovative Smart Grid Technologies Conference Europe (ISGT-Europe’17) - Proceedings. 1–6.

[103]

Dennis Kiwia, Ali Dehghantanha, Kim Kwang Raymond Choo, and Jim Slaughter. 2018. A cyber kill chain based taxonomy of banking trojans for evolutionary computational intelligence. Journal of Computational Science 27 (July2018), 394–409.

[104]

L. Kohnfelder and P. Garg. 1999. The Threats to Our Products. Microsoft Interface, Microsoft Corporation, 33.

[105]

Maria Korolov and Lysa Myers. 2018. What is the Cyber Kill Chain? Why It’s Not Always the Right Approach to Cyber Attacks. CSO.

[106]

Igor Kotenko and Evgenia Novikova. 2014. Visualization of security metrics for cyber situation awareness. In Proceedings - 9th International Conference on Availability, Reliability and Security (ARES’14), 506–513.

Digital Library

[107]

Srinivas Krishnan, Kevin Z. Snow, and Fabian Monrose. 2012. Trail of bytes: New techniques for supporting data provenance and limiting privacy breaches. IEEE Transactions on Information Forensics and Security 7, 6 (2012), 1876–1889.

Digital Library

[108]

Sailesh Kumar. 2007. Survey of Current Network Intrusion Detection Techniques. Washington Univ. in St. Louis.

[109]

Roger Kwon, Travis Ashley, Jerry Castleberry, Penny McKenzie, and Sri Nikhil Gupta Gourisetti. 2020. Cyber threat dictionary using MITRE ATTCK matrix and NIST cybersecurity framework mapping. In 2020 Resilience Week (RWS’20). 106–112.

[110]

Butler W. Lampson. 1974. Protection. ACM SIGOPS Operating Systems Review 8, 1 (Jan.1974), 18–24.

Digital Library

[111]

Aleksandar Lazarevic, Levent Ertoz, Vipin Kumar, Aysel Ozgur, and Jaideep Srivastava. 2003. A comparative study of anomaly detection schemes in network intrusion detection. In Proceedings of the 2003 SIAM International Conference on Data Mining (SDM’03). 25–36.

[112]

Duc C. Le, Nur Zincir-Heywood, and Malcolm I. Heywood. 2020. Analyzing data granularity levels for insider threat detection using machine learning. IEEE Transactions on Network and Service Management 17, 1 (2020), 30–44.

Digital Library

[113]

Hyunjung Lee, Suryeon Lee, Kyounggon Kim, and Huy Kang Kim. 2021. HSViz: Hierarchy simplified visualizations for firewall policy analysis. IEEE Access 9 (2021), 71737–71753.

[114]

John D. Lee and Neville Moray. 1994. Trust, self-confidence, and operators’ adaptation to automation. International Journal of Human - Computer Studies 40, 1 (1994), 153–184.

Digital Library

[115]

John D. Lee and Katrina A. See. 2004. Trust in automation: Designing for appropriate reliance, 50–80 pages.

[116]

Xueping Liang, Sachin Shetty, Deepak Tosh, Charles Kamhoua, Kevin Kwiat, and Laurent Njilla. 2017. ProvChain: A blockchain-based data provenance architecture in cloud environment with enhanced privacy and availability. Proceedings - 2017 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID’17). 468–477.

Digital Library

[117]

Liu Liu, Olivier De Vel, Qing-Long Han, Jun Zhang, and Yang Xiang. 2018. Detecting and preventing cyber insider threats: A survey. IEEE Communications Surveys & Tutorials 20, 2 (2018), 1397–1417.

[118]

Simon Liu and Rick Kuhn. 2010. Data loss prevention. IT Professional 12, 2 (March2010), 10–13.

Digital Library

[119]

Lockheed Martin. 2022. Cyber Kill Chain. https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html.

[120]

Xin Luo, Richard Brody, Alessandro Seazzu, and Stephen Burd. 2011. Social engineering: The neglected human factor for information security management. Information Resources Management Journal (IRMJ) 24, 3 (2011). 1–8.

Digital Library

[121]

T. Macaulay. 2016. RIoT control: understanding and managing risks and the internet of things. Morgan Kaufmann.

[122]

Florian Mansmann, Timo Göbel, and William Cheswick. 2012. Visual analysis of complex firewall configurations. In ACM International Conference Proceeding Series, 1–8.

[123]

Aaron Marback, Hyunsook Do, Ke He, Samuel Kondamarri, and Dianxiang Xu. 2013. A threat model-based approach to security testing. Software: Practice and Experience 43, 2 (Feb.2013), 241–258.

Digital Library

[124]

Goncalo Martins, Sajal Bhatia, Xenofon Koutsoukos, Keith Stouffer, Cheeyee Tang, and Richard Candell. 2015. Towards a systematic threat modeling approach for cyber-physical systems. Proceedings - 2015 Resilience Week (RSW’15). 114–119.

[125]

Earl D. Matthews, Harold J. Arata III, and Brian L. Hale. 2016. Cyber situational awareness. JSTOR: The Cyber Defense Review 1, 1 (2016), 35–46.

[126]

Vasileios Mavroeidis and Audun Jøsang. 2018. Data-driven threat hunting using Sysmon. In Proceedings of the 2nd International Conference on Cryptography, Security and Privacy.

Digital Library

[127]

McAfee. 2021. Advanced threat research report.

[128]

CSIS McAfee. 2014. Net Losses: Estimating the Global Cost of Cybercrime. McAfee, Centre for Strategic & International Studies.

[129]

Michael Mesnier, Eno Thereska, Gregory R. Ganger, Daniel Ellard, and Margo Seltzer. 2004. File classification in self-* storage systems. In Proceedings - International Conference on Autonomic Computing. 44–51.

[130]

Md Nazmus Sakib Miazi, Mir Mehedi A. Pritom, Mohamed Shehab, Bill Chu, and Jinpeng Wei. 2017. The design of cyber threat hunting games: A case study. In 2017 26th International Conference on Computer Communications and Networks (ICCCN’17).

[131]

MITRE ATT&CK. [n.d.]. ATT&CK Matrix for Enterprise. https://attack.mitre.org/.

[132]

Iyatiti Mokube and Michele Adams. 2007. Honeypots: Concepts, approaches, and challenges. In Proceedings of the Annual Southeast Conference, Vol. 2007. 321–326.

Digital Library

[133]

B. Mukherjee, L. T. Heberlein, and K. N. Levitt. 1994. Network intrusion detection. IEEE Network 8, 3 (1994), 26–41.

Digital Library

[134]

Masoud Narouei, Hamed Khanpour, Hassan Takabi, Natalie Parde, and Rodney Nielsen. 2017. Towards a top-down policy engineering framework for attribute-based access control. In Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT’17). 103–114.

[135]

Rida Nasir, Mehreen Afzal, Rabia Latif, and Waseem Iqbal. 2021. Behavioral based insider threat detection using deep learning. IEEE Access 9 (2021), 143266–143274.

[136]

Peter G. Neumann. 2010. Combatting insider threats. In Insider Threats in Cyber Security. Springer, 17–44.

[137]

Jakob Nielsen. 2004. Usability engineering. In Computer Science Handbook, Second Edition. 45–1–45–21.

[138]

Kaiti Norton. 2020. Antivirus vs. EPP vs. EDR: How to Secure Your Endpoints. https://www.esecurityplanet.com/endpoint/antivirus-vs-epp-vs-edr/.

[139]

Evgenia Novikova and Igor Kotenko. 2013. Analytical visualization techniques for security information and event management. In Proceedings of the 2013 21st Euromicro International Conference on Parallel, Distributed, and Network-Based Processing (PDP’13). 519–525.

Digital Library

[140]

Jason R. C. Nurse, Oliver Buckley, Philip A. Legg, Michael Goldsmith, Sadie Creese, Gordon R. T. Wright, and Monica Whitty. 2014. Understanding insider threat: A framework for characterising attacks. In 2014 IEEE Security and Privacy Workshops. IEEE, 214–228.

Digital Library

[141]

Sylvia Osborn. 1997. Mandatory access control and role-based access control revisited. In Proceedings of the ACM Workshop on Role-based Access Control. 31–40.

Digital Library

[142]

Y. Ou, Y. Lin, and Y. Zhang. 2010. The design and implementation of host-based intrusion detection system. In The Design and Implementation of Host-based Intrusion Detection System. 595–598.

[143]

Vassilis Papaspirou, Leandros Maglaras, Mohamed Amine Ferrag, Ioanna Kantzavelou, Helge Janicke, and Christos Douligeris. 2021. A novel two-factor honeytoken authentication mechanism In. Proceedings - International Conference on Computer Communications and Networks (ICCCN’21). arxiv:2012.08782.

[144]

Jaehong Park and Ravi Sandhu. 2004. The UCONABC usage control model. ACM Transactions on Information and System Security (TISSEC) 7, 1 (Feb.2004), 128–174.

Digital Library

[145]

Kamran Parsaye and Mark Chignell. 1988. Expert systems for experts. New York.

[146]

Charles Perrow. 1981. Normal Accident at Three Mile Island. Technical Report 5. 17–26 pages.

[147]

John Pescatore. 2021. SANS 2021 top new attacks and threat report. https://www.rapid7.com/info/sans-2021-new-attacks-threat-report/.

[148]

A. B. Robert Petrunić. 2015. Honeytokens as active defense. In 38th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO’15) - Proceedings. 1313–1317.

[149]

Shari Lawrence Pfleeger, Joel B. Predd, Jeffrey Hunker, and Carla Bulford. 2009. Insiders behaving badly: Addressing bad actors and their actions. IEEE Transactions on Information Forensics and Security 5, 1 (2009), 169–179.

[150]

Charles E. Phillips, T. C. Ting, and Steven A. Demurjian. 2002. Information sharing and security in dynamic coalitions. In Proceedings of the 7th ACM Symposium on Access Control Models and Technologies (SACMAT’02).

Digital Library

[151]

Oskars Podzins and Andrejs Romanovs. 2019. Why SIEM is irreplaceable in a secure IT environment? In 2019 Open Conference of Electrical, Electronic and Information Sciences (eStream’19) - Proceedings.

[152]

Davy Preuveneers and Wouter Joosen. 2021. Sharing machine learning models as indicators of compromise for cyber threat intelligence. Journal of Cybersecurity and Privacy 1, 1 (Feb.2021), 140–163.

[153]

D. Dhillon Privacy. 2011. Developer-driven threat modeling: Lessons learned in the trenches. IEEE Security & Privacy 9, 4 (2011), 41–47.

[154]

Niels Provos. 2004. A virtual honeypot framework. In Proceedings of the 13th USENIX Security Symposium.

[155]

Ben Quinn and Charles Arthur. 2011. PlayStation network hackers access data of 77 million users. The Guardian, 27.

[156]

Fahimeh Raja, Kirstie Hawkey, and Konstantin Beznosov. 2009. Towards improving mental models of personal firewall users. In Conference on Human Factors in Computing Systems - Proceedings. 4633–4638.

[157]

Fahimeh Raja, Kai Le Clement Wang, Kirstie Hawkey, Konstantin Beznosov, and Steven Hsu. 2011. Promoting a physical security mental model for personal firewall warnings. In Conference on Human Factors in Computing Systems - Proceedings. 1585–1590.

[158]

Pedro Ramos Brandao and João Nunes. 2021. Extended detection and response importance of events context. Kriative.tech (2021).

[159]

R. Rengarajan and S. Babu. 2021. Anomaly detection using user entity behavior analytics and data visualization. In 8th International Conference on Computing for Sustainable Global Development. 842–847.

[160]

Ian Reynolds. 2020. 2020 SANS network visibility and threat detection survey. SANS Institute. https://www.sans.org/webcasts/network-visibility-threat-detection-survey-112595.

[161]

Marco Tulio Ribeiro, Sameer Singh, and Carlos Guestrin. 2016. “Why should i trust you?” Explaining the predictions of any classifier. In Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. 1135–1144. arxiv:1602.04938.

Digital Library

[162]

R. L. Rivest, A. Shamir, and L. Adleman. 1978. A method for obtaining digital signatures and public-key cryptosystems. ACM Secure Communications and Asymmetric Cryptosystems 21, 2 (Feb.1978), 120–126.

Digital Library

[163]

Scott Rose, Oliver Borchert, Stu Mitchell, and Sean Connelly. 2019. Zero Trust Architecture. Technical Report.

[164]

Bushra Sabir, Faheem Ullah, M. Ali Babar, and Raj Gaire. 2021. Machine learning for detecting data exfiltration: A review. ACM Computing Surveys (CSUR) 54, 3 (2021), 1–47.

[165]

Fatima Salahdine and Naima Kaabouch. 2019. Social engineering attacks: A survey. Future Internet 11, 4 (42019), 89.

[166]

Malek Ben Salem, Shlomo Hershkop, and Salvatore J. Stolfo. 2008. A survey of insider attack detection research. Insider Attack and Cyber Security (2008), 69–90.

[167]

Ravi S. Sandhu. 1993. Lattice-based access control models. Computer 26, 11 (1993), 9–19.

Digital Library

[168]

Ravi S. Sandhu. 1998. Role-based access control. Advances in Computers 46, C (Jan.1998), 237–286.

[169]

Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, and Charles E. Youman. 1996. Computer role-based access control models. Computer 29, 2 (Feb.1996), 38–47.

Digital Library

[170]

Ravi S. Sandhu and Pierangela Samarati. 1994. Access control: Principles and practice. IEEE Communications Magazine 32, 9 (1994), 40–48.

Digital Library

[171]

Riccardo Scandariato, Kim Wuyts, and Wouter Joosen. 2015. A descriptive study of Microsoft’s threat modeling technique. Requirements Engineering 20, 2 (March2015), 163–180.

Digital Library

[172]

Peter Schaab, Kristian Beckers, and Sebastian Pape. 2017. Social engineering defence mechanisms and counteracting training strategies. Information and Computer Security 25, 2 (2017), 206–222.

[173]

G. Scott Graham and Peter J. Denning. 1972. Protection-principles and practice. In Proceedings of the Spring Joint Computer Conference (AFIPS’72). 417–429.

[174]

Daniel Servos and Sylvia L. Osborn. 2017. Current research and open problems in attribute-based access control. ACM Computing Surveys (CSUR) 49, 4 (2017), 1–45.

Digital Library

[175]

Burr Settles. 2009. Active Learning Literature Survey. Technical Report (2009).

[176]

Burr Settles. 2011. From theories to queries: Active learning in practice. JMLR: Workshop and Conference Proceedings 16 (2011), 1–18.

[177]

William Seymour. 2019. Privacy therapy with ARETHA: What if your firewall could talk? In Conference on Human Factors in Computing Systems - Proceedings.

[178]

A. Shabtai, Y. Elovici, and L. Rokach. 2012. A survey of data leakage detection and prevention solutions. Springer Science & Business Media.

[179]

Dave Shackleford. 2016. SANS 2016 Security Analytics Survey. SANS Institute, Swansea.

[180]

Adi Shamir. 1979. How to share a secret. Commun. ACM 22, 11 (Nov.1979), 612–613.

Digital Library

[181]

Balaram Sharma, Prabhat Pokharel, and Basanta Joshi. 2020. User behavior analytics for anomaly detection using LSTM autoencoder: Insider threat detection. In Proceedings of the 11th International Conference on Advances in Information Technology. 1–9.

[182]

Rupam Kumar Sharma, Hemanta Kumar Kalita, and Biju Issac. 2014. Different firewall techniques: A survey. In 5th International Conference on Computing Communication and Networking Technologies (ICCCNT’14).

[183]

Thomas B. Sheridan and Robert T. Hennessy. 1984. Research and Modeling of Supervisory Control Behavior. Technical Report.

[184]

N. Shevchenko, T. A. Chick, P. O’Riordan, and T. P. Scanlon. 2018. Threat Modeling: A Summary of Available Methods. Carnegie Mellon University Software Engineering Institute.

[185]

Adam Shostack. 2008. Experiences threat modeling at Microsoft. MODSEC@ MoDELS, 2008, 35.

[186]

Adam Shostack. 2014. Threat Modeling: Designing for Security. John Wiley & Sons.

Digital Library

[187]

Yogesh L. Simmhan, Beth Plale, and Dennis Gannon. 2005. A survey of data provenance in e-science. ACM SIGMOD Record 34, 3 (Sept.2005), 31–36.

Digital Library

[188]

Jussi Simola and Jyri Rajamäki. 2017. Hybrid emergency response model: Improving cyber situational awareness. In European Conference on Information Warfare and Security (ECCWS’17). 442–451. www.laurea.fi.

[189]

Michael Sivak, Daniel J. Weintraub, and Michael Flannagan. 1991. Nonstop flying is safer than driving. Risk Analysis 11, 1 (1991), 145–148.

[190]

Miles E. Smid and Dennis K. Branstad. 1988. The data encryption standard: Past and future. Proc. IEEE 76, 5 (1988), 550–559.

[191]

Philip J. Smith, C. Elaine McCoy, and Charles Layton. 1997. Brittleness in the design of cooperative problem-solving systems: The effects on user performance. IEEE Transactions on Systems, Man, and Cybernetics Part A:Systems and Humans. 27, 3 (1997), 360–371.

Digital Library

[192]

L. S. Snyder, Y. S. Lin, M. Karimzadeh, D. Goldwasser, and D. S. Ebert. 2019. Interactive learning for identifying relevant tweets to support real-time situational awareness. IEEE Transactions on Visualization and Computer Graphics 26, 1 (2019), 558–568.

[193]

Lance Spitzner. 2003. Honeypots: Catching the insider threat. In Proceedings - Annual Computer Security Applications Conference (ACSAC’03). 170–179.

[194]

L. Spitzner. 2003. Honeytokens: The other honeypot.

[195]

Lance Spitzner. 2003. The honeynet project: Trapping the hackers. IEEE Security and Privacy 1, 2 (2003), 15–23.

Digital Library

[196]

Shreyas Srinivasa, Jens Myrup Pedersen, and Emmanouil Vasilomanolakis. 2020. Towards systematic honeytoken fingerprinting. In 13th International Conference on Security of Information and Networks.

[197]

J. Steven. 2010. Threat modeling-perhaps it’s time. IEEE Security & Privacy 8, 3 (2010), 83–86.

Digital Library

[198]

S. J. Stolfo, S. M. Bellovin, S. Hershkop, A. D. Keromytis, S. Sinclair, and S. W. Smith. (Eds.). 2008. Insider attack and cyber security: Beyond the hacker, Vol. 39. Springer Science & Business Media.

[199]

Jeremy Straub. 2020. Modeling attack, defense and threat trees and the cyber kill chain, ATTCK and STRIDE frameworks as blackboard architecture networks. In Proceedings - 2020 IEEE International Conference on Smart Cloud (SmartCloud’20). 148–153.

[200]

B. E. Strom, A. Applebaum, D. P. Miller, K. C. Nickels, A. G. Pennington, and C. B. Thomas. 2018. Mitre att&ck: Design and Philosophy. Technical Report (2018).

[201]

Frank Swiderski and Window Snyder. 2004. Threat Modeling. Microsoft Press.

Digital Library

[202]

Dan Swinhoe. 2019. The biggest data breach fines, penalties and settlements so far. CSO, Framingham.

[203]

Dan Swinhoe. 2020. The 15 biggest data breaches of the 21st century. CSO. Last Modified2020.

[204]

Mohammad M. Bany Taha, Sivadon Chaisiri, and Ryan K. L. Ko. 2015. Trusted tamper-evident data provenance. Proceedings - 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom’15). 646–653.

[205]

Radwan Tahboub and Yousef Saleh. 2014. Data leakage/loss prevention systems (DLP). In 2014 World Congress on Computer Applications and Information Systems (WCCAIS’14).

[206]

Baoming Tang, Qiaona Hu, and Derek Lin. 2017. Reducing false positives of user-to-entity first-access alerts for user behavior analytics. In IEEE International Conference on Data Mining Workshops (ICDMW’17). 804–811.

[207]

Adem Tekerek, Cemal Gemci, and Omer Faruk Bay. 2014. Development of a hybrid web application firewall to prevent web based attacks. In 8th IEEE International Conference on Application of Information and Communication Technologies (AICT’14) - Conference Proceedings.

[208]

Erdem Ucar and Erkan Ozhan. 2017. The analysis of firewall policy through machine learning and data mining. Wireless Personal Communications 96, 2 (Sept.2017), 2891–2909.

Digital Library

[209]

Faheem Ullah, Matthew Edwards, Rajiv Ramdhany, Ruzanna Chitchyan, M. Ali Babar, and Awais Rashid. 2018. Data exfiltration: A review of external attack vectors and countermeasures. Journal of Network and Computer Applications 101 (2018), 18–54.

Digital Library

[210]

A. V. Uzunov and E. B. Fernandez. 2014. An extensible pattern-based library and taxonomy of security threats for distributed systems. Computer Standards & Interfaces 36, 4 (2014), 734–747.

[211]

Antonio Varriale, Paolo Prinetto, Alberto Carelli, and Pascal Trotta. 2016. SEcube™: Data at rest and data in motion protection. In International Conference Security and Management. 138–145.

[212]

Verizon. 2020. 2020 Data Breach Investigations Report. https://enterprise.verizon.com/resources/reports/dbir/.

[213]

Rakesh Verma, Murat Kantarcioglu, David Marchette, Ernst Leiss, and Thamar Solorio. 2015. Security analytics: Essential data analytics knowledge for cybersecurity professionals and students. IEEE Security and Privacy 13, 6 (2015), 60–65.

Digital Library

[214]

Luca Vigano and Daniele Magazzeni. 2020. Explainable security. In Proceedings - 5th IEEE European Symposium on Security and Privacy Workshops (Euro S and PW’20). 293–300. arxiv:1807.04178.

[215]

Ke Wang and Salvatore J. Stolfo. 2004. Anomalous payload-based network intrusion detection. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 3224 (2004), 203–222.

[216]

Qi Wang, Wajih Ul Hassan, Ding Li, Kangkook Jee, Xiao Yu, Kexuan Zou, Junghwan Rhee, Zhengzhang Chen, Wei Cheng, Carl A. Gunter, and Haifeng Chen. 2020. You Are what you do: Hunting stealthy malware via data provenance analysis. In Network and Distributed Systems Security (NDSS’00) Symposium 2020.

[217]

David Watson and Jamie Riden. 2008. The Honeynet Project: Data Collection Tools, Infrastructure, Archives and Analysis. Technical Report. 24–30 pages.

[218]

Imano Williams and Xiaohong Yuan. 2015. Evaluating the effectiveness of microsoft threat modeling tool. In Proceedings of the 2015 Information Security Curriculum Development Conference.

Digital Library

[219]

Martyn Williams. 2017. Inside the Russian hack of Yahoo: How they did it. https://www.csoonline.com/article/3180762/inside-the-russian-hack-of-yahoo-how-they-did-it.html.

[220]

Avishai Wool. 2004. A quantitative study of firewall configuration errors. Computer 37, 6 (2004), 62–67.

Digital Library

[221]

S. Wu and U. Manber. 1994. A Fast Algorithm for Multi-pattern Searching. Department of Computer Science, Tucson, AZ: University of Arizona. 1–11.

[222]

Tobias Wüchner and Alexander Pretschner. 2012. Data loss prevention based on data-driven usage control. In Proceedings - International Symposium on Software Reliability Engineering (ISSRE’12). 151–160.

[223]

Wenjun Xiong, Emeline Legrand, Oscar Åberg, and Robert Lagerström. 2022. Cyber security threat modeling based on the MITRE enterprise ATT&CK Matrix. Software and Systems Modeling 21, 1 (Feb.2022), 157–177.

Digital Library

[224]

W. Xiong and R. Lagerström. 2019. Threat modeling-A systematic literature review. Computers & Security 84 (2019), 53–69.

[225]

Kaiping Xue, Weikeng Chen, Wei Li, Jianan Hong, and Peilin Hong. 2018. Combining data owner-side and cloud-side access control for encrypted cloud storage. IEEE Transactions on Information Forensics and Security 13, 8 (Aug.2018), 2062–2074.

[226]

T. Yadav and A. M. Rao. 2015. Technical aspects of cyber kill chain. In International Symposium on Security in Computing and Communication. 438–452.

[227]

R. Yahalom, E. Shmueli, and T. Zrihen. 2010. Constrained anonymization of production data: a constraint satisfaction problem approach. In Secure Data Management: 7th VLDB Workshop, (SDM’10, Singapore, September 17, 2010. Proceedings 7), Springer Berlin Heidelberg, 41–53.

[228]

Jae yeol Kim and Hyuk Yoon Kwon. 2022. Threat classification model for security information event management focusing on model efficiency. Computers & Security 120 (92022), 102789.

Digital Library

[229]

Faheem Zafar, Abid Khan, Saba Suhail, Idrees Ahmed, Khizar Hameed, Hayat Mohammad Khan, Farhana Jabeen, and Adeel Anjum. 2017. Trustworthy data: A survey, taxonomy and future trends of secure provenance schemes. Journal of Network and Computer Applications 94 (Sept.2017), 50–68.

Digital Library

[230]

Marzia Zaman and Chung Horng Lung. 2018. Evaluation of machine learning techniques for network intrusion detection. In IEEE/IFIP Network Operations and Management Symposium: Cognitive Management in a Cyber World (NOMS’18). 1–5.

[231]

Xiaopeng Zhang. 2022. Phishing Campaign Delivering Three Fileless Malware: AveMariaRAT / BitRAT / PandoraHVNC - Part I. FortiGuard Labs.

[232]

Xinyou Zhang, Chengzhong Li, and Wenbin Zheng. 2004. Intrusion prevention system design. In Proceedings - The 4th International Conference on Computer and Information Technology (CIT’04). 386–390.

Cited By

Tilbury JFlowerday S(2024)Humans and Automation: Augmenting Security Operation CentersJournal of Cybersecurity and Privacy10.3390/jcp40300204:3(388-409)Online publication date: 1-Jul-2024
https://doi.org/10.3390/jcp4030020
Tilbury JFlowerday S(2024)Automation Bias and Complacency in Security Operation CentersComputers10.3390/computers1307016513:7(165)Online publication date: 3-Jul-2024
https://doi.org/10.3390/computers13070165
Javadpour AJa'fari FTaleb TShojafar MBenzaïd C(2024)A comprehensive survey on cyber deception techniques to improve honeypot performanceComputers and Security10.1016/j.cose.2024.103792140:COnline publication date: 1-May-2024
https://dl.acm.org/doi/10.1016/j.cose.2024.103792
Show More Cited By

Index Terms

Implementing Data Exfiltration Defense in Situ: A Survey of Countermeasures and Human Involvement
1. General and reference
  1. Document types
    1. Surveys and overviews

Recommendations

Machine Learning for Detecting Data Exfiltration: A Review

Context: Research at the intersection of cybersecurity, Machine Learning (ML), and Software Engineering (SE) has recently taken significant steps in proposing countermeasures for detecting sophisticated data exfiltration attacks. It is important to ...
Detecting Insider Theft of Trade Secrets

Trusted insiders who misuse their privileges to gather and steal sensitive information represent a potent threat to businesses. Applying access controls to protect sensitive information can reduce the threat but has significant limitations. Even if ...
Data exfiltration

ContextOne of the main targets of cyber-attacks is data exfiltration, which is the leakage of sensitive or private data to an unauthorized entity. Data exfiltration can be perpetrated by an outsider or an insider of an organization. Given the increasing ...

Comments

Information & Contributors

Information

Published In

cover image ACM Computing Surveys

ACM Computing Surveys Volume 55, Issue 14s

December 2023

1355 pages

ISSN:0360-0300

EISSN:1557-7341

DOI:10.1145/3606253

Editor:
Albert Zomaya
University of Sydney, Australia

Issue’s Table of Contents

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 July 2023

Online AM: 25 January 2023

Accepted: 18 January 2023

Revised: 01 December 2022

Received: 02 June 2022

Published in CSUR Volume 55, Issue 14s

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Survey

Funding Sources

Mitacs

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
1,120
Total Downloads

Downloads (Last 12 months)394
Downloads (Last 6 weeks)46

Reflects downloads up to 13 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Tilbury JFlowerday S(2024)Humans and Automation: Augmenting Security Operation CentersJournal of Cybersecurity and Privacy10.3390/jcp40300204:3(388-409)Online publication date: 1-Jul-2024
https://doi.org/10.3390/jcp4030020
Tilbury JFlowerday S(2024)Automation Bias and Complacency in Security Operation CentersComputers10.3390/computers1307016513:7(165)Online publication date: 3-Jul-2024
https://doi.org/10.3390/computers13070165
Javadpour AJa'fari FTaleb TShojafar MBenzaïd C(2024)A comprehensive survey on cyber deception techniques to improve honeypot performanceComputers and Security10.1016/j.cose.2024.103792140:COnline publication date: 1-May-2024
https://dl.acm.org/doi/10.1016/j.cose.2024.103792
Wurzenberger MHöld GLandauer MSkopik F(2024)Analysis of statistical properties of variables in log data for advanced anomaly detection in cyber securityComputers and Security10.1016/j.cose.2023.103631137:COnline publication date: 12-Apr-2024
https://dl.acm.org/doi/10.1016/j.cose.2023.103631
Jaiswal ADwivedi PDewang R(2024)Machine learning approaches to detect, prevent and mitigate malicious insider threats: State-of-the-art reviewMultimedia Tools and Applications10.1007/s11042-024-20273-0Online publication date: 4-Oct-2024
https://doi.org/10.1007/s11042-024-20273-0
Kreutz HJahankhani H(2024)Impact of Artificial Intelligence on Enterprise Information Security Management in the Context of ISO 27001 and 27002: A Tertiary Systematic Review and Comparative AnalysisCybersecurity and Artificial Intelligence10.1007/978-3-031-52272-7_1(1-34)Online publication date: 18-Apr-2024
https://doi.org/10.1007/978-3-031-52272-7_1
Jagannath RJain A(2024)Browser‐in‐the‐middle attacksSecurity and Privacy10.1002/spy2.4107:5Online publication date: 28-May-2024
https://dl.acm.org/doi/10.1002/spy2.410
Osmëi TAli M(2023)Hands-on Cyber Risk Management Scepticism2023 International Conference on Computing, Electronics & Communications Engineering (iCCECE)10.1109/iCCECE59400.2023.10238544(89-94)Online publication date: 14-Aug-2023
https://doi.org/10.1109/iCCECE59400.2023.10238544
Silaen KMeyliana MWarnars HPrabowo HHidayanto AAnggreainy M(2023)Usefulness of Honeypots Towards Data Security: A Systematic Literature Review2023 International Workshop on Artificial Intelligence and Image Processing (IWAIIP)10.1109/IWAIIP58158.2023.10462777(422-427)Online publication date: 1-Dec-2023
https://doi.org/10.1109/IWAIIP58158.2023.10462777

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Full Text

View this article in Full Text.

Media

Figures

Other

Tables

View full text|Download PDF

View Issue’s Table of Contents