Smart data extraction attacks on computing systems with ML-driven malware

Cao, Yurui

Permalink

https://hdl.handle.net/2142/107238 Copy

Description

Title

Smart data extraction attacks on computing systems with ML-driven malware

Author(s)

Cao, Yurui

Contributor(s)

Kalbarczyk, Zbigniew

Issue Date

2020-05

Keyword(s)

• Cyber Security
• Data Breach Attacks
• Smart Malware
• Machine Learning
• ARIMA

Abstract

With data breach attacks on the rise, sensitive data and private information are at high risk of exposure by malicious activities. Therefore, preventing potential data breaches and ensuring the security of sensitive information has become an important research topic in the cybersecurity domain. While more security monitors and policies are deployed to protect the system, attackers conceal the traces of their activities in several ways. One common approach is the ‘low and slow’ method, where the attacker limits the volume of data extraction for a fixed time interval so as to reduce the chances of the data extraction being observed by network traffic monitors. In this thesis, we consider an advancement in data breach attacks where an attacker applies machine learning methods to maximize the extraction rate of the data while minimizing the impact of the network traffic so as to hide within the bounds of the normal traffic. To assess the potential of the advanced threat, we designed, implemented, and demonstrated an ML-driven smart malware that (i) monitors the real-time network traffic flow of the victim system, (ii) analyzes the collected traffic data to identify the most opportune time to trigger data extraction and (iii) optimizes the strategy in planning the data extraction. Our study indicates the need to proactively investigate the possibility of advanced threats so as to stay ahead of sophisticated attacks.

Type of Resource

other

Language

en

Permalink

http://hdl.handle.net/2142/107238

Owning Collections