Home > Research > Publications & Outputs > Data Exfiltration

Links

Text available via DOI:

View graph of relations

Data Exfiltration: A Review of External Attack Vectors and Countermeasures

Research output: Contribution to journalJournal article

Published

Standard

Data Exfiltration : A Review of External Attack Vectors and Countermeasures. / Ullah, Faheem; Edwards, Matthew; Ramdhany, Rajiv; Chitchyan, Ruzanna; Babar, M. Ali; Rashid, Awais.

In: Journal of Network and Computer Applications, Vol. 101, 01.01.2018, p. 18-54.

Research output: Contribution to journalJournal article

Harvard

Ullah, F, Edwards, M, Ramdhany, R, Chitchyan, R, Babar, MA & Rashid, A 2018, 'Data Exfiltration: A Review of External Attack Vectors and Countermeasures' Journal of Network and Computer Applications, vol 101, pp. 18-54. DOI: 10.1016/j.jnca.2017.10.016

APA

Vancouver

Ullah F, Edwards M, Ramdhany R, Chitchyan R, Babar MA, Rashid A. Data Exfiltration: A Review of External Attack Vectors and Countermeasures. Journal of Network and Computer Applications. 2018 Jan 1;101:18-54. Available from, DOI: 10.1016/j.jnca.2017.10.016

Author

Ullah, Faheem; Edwards, Matthew; Ramdhany, Rajiv; Chitchyan, Ruzanna; Babar, M. Ali; Rashid, Awais / Data Exfiltration : A Review of External Attack Vectors and Countermeasures.

In: Journal of Network and Computer Applications, Vol. 101, 01.01.2018, p. 18-54.

Research output: Contribution to journalJournal article

Bibtex

@article{d7053f1093f749be9c17caa2d06da1ef,
title = "Data Exfiltration: A Review of External Attack Vectors and Countermeasures",
abstract = "AbstractContext One of the main targets of cyber-attacks is data exfiltration, which is the leakage of sensitive or private data to an unauthorized entity. Data exfiltration can be perpetrated by an outsider or an insider of an organization. Given the increasing number of data exfiltration incidents, a large number of data exfiltration countermeasures have been developed. These countermeasures aim to detect, prevent, or investigate exfiltration of sensitive or private data. With the growing interest in data exfiltration, it is important to review data exfiltration attack vectors and countermeasures to support future research in this field. Objective This paper is aimed at identifying and critically analysing data exfiltration attack vectors and countermeasures for reporting the status of the art and determining gaps for future research. Method We have followed a structured process for selecting 108 papers from seven publication databases. Thematic analysis method has been applied to analyse the extracted data from the reviewed papers. Results We have developed a classification of (1) data exfiltration attack vectors used by external attackers and (2) the countermeasures in the face of external attacks. We have mapped the countermeasures to attack vectors. Furthermore, we have explored the applicability of various countermeasures for different states of data (i.e., in use, in transit, or at rest). Conclusion This review has revealed that (a) most of the state of the art is focussed on preventive and detective countermeasures and significant research is required on developing investigative countermeasures that are equally important; (b) Several data exfiltration countermeasures are not able to respond in real-time, which specifies that research efforts need to be invested to enable them to respond in real-time (c) A number of data exfiltration countermeasures do not take privacy and ethical concerns into consideration, which may become an obstacle in their full adoption (d) Existing research is primarily focussed on protecting data in ‘in use’ state, therefore, future research needs to be directed towards securing data in ‘in rest’ and ‘in transit’ states (e) There is no standard or framework for evaluation of data exfiltration countermeasures. We assert the need for developing such an evaluation framework.",
keywords = "Data Exfiltration, Data Leakage, Data Theft, Data Breach, External Attack Vector, Countermeasure",
author = "Faheem Ullah and Matthew Edwards and Rajiv Ramdhany and Ruzanna Chitchyan and Babar, {M. Ali} and Awais Rashid",
note = "This is the author’s version of a work that was accepted for publication in Journal of Network and Computer Applications. Changes resulting from the publishing process, such as peer review, editing, corrections, structural formatting, and other quality control mechanisms may not be reflected in this document. Changes may have been made to this work since it was submitted for publication. A definitive version was subsequently published in Journal of Network and Computer Applications, 101, 2018 DOI: 10.1016/j.jnca.2017.10.016",
year = "2018",
month = "1",
doi = "10.1016/j.jnca.2017.10.016",
volume = "101",
pages = "18--54",
journal = "Journal of Network and Computer Applications",
issn = "1084-8045",
publisher = "Academic Press Inc.",

}

RIS

TY - JOUR

T1 - Data Exfiltration

T2 - Journal of Network and Computer Applications

AU - Ullah,Faheem

AU - Edwards,Matthew

AU - Ramdhany,Rajiv

AU - Chitchyan,Ruzanna

AU - Babar,M. Ali

AU - Rashid,Awais

N1 - This is the author’s version of a work that was accepted for publication in Journal of Network and Computer Applications. Changes resulting from the publishing process, such as peer review, editing, corrections, structural formatting, and other quality control mechanisms may not be reflected in this document. Changes may have been made to this work since it was submitted for publication. A definitive version was subsequently published in Journal of Network and Computer Applications, 101, 2018 DOI: 10.1016/j.jnca.2017.10.016

PY - 2018/1/1

Y1 - 2018/1/1

N2 - AbstractContext One of the main targets of cyber-attacks is data exfiltration, which is the leakage of sensitive or private data to an unauthorized entity. Data exfiltration can be perpetrated by an outsider or an insider of an organization. Given the increasing number of data exfiltration incidents, a large number of data exfiltration countermeasures have been developed. These countermeasures aim to detect, prevent, or investigate exfiltration of sensitive or private data. With the growing interest in data exfiltration, it is important to review data exfiltration attack vectors and countermeasures to support future research in this field. Objective This paper is aimed at identifying and critically analysing data exfiltration attack vectors and countermeasures for reporting the status of the art and determining gaps for future research. Method We have followed a structured process for selecting 108 papers from seven publication databases. Thematic analysis method has been applied to analyse the extracted data from the reviewed papers. Results We have developed a classification of (1) data exfiltration attack vectors used by external attackers and (2) the countermeasures in the face of external attacks. We have mapped the countermeasures to attack vectors. Furthermore, we have explored the applicability of various countermeasures for different states of data (i.e., in use, in transit, or at rest). Conclusion This review has revealed that (a) most of the state of the art is focussed on preventive and detective countermeasures and significant research is required on developing investigative countermeasures that are equally important; (b) Several data exfiltration countermeasures are not able to respond in real-time, which specifies that research efforts need to be invested to enable them to respond in real-time (c) A number of data exfiltration countermeasures do not take privacy and ethical concerns into consideration, which may become an obstacle in their full adoption (d) Existing research is primarily focussed on protecting data in ‘in use’ state, therefore, future research needs to be directed towards securing data in ‘in rest’ and ‘in transit’ states (e) There is no standard or framework for evaluation of data exfiltration countermeasures. We assert the need for developing such an evaluation framework.

AB - AbstractContext One of the main targets of cyber-attacks is data exfiltration, which is the leakage of sensitive or private data to an unauthorized entity. Data exfiltration can be perpetrated by an outsider or an insider of an organization. Given the increasing number of data exfiltration incidents, a large number of data exfiltration countermeasures have been developed. These countermeasures aim to detect, prevent, or investigate exfiltration of sensitive or private data. With the growing interest in data exfiltration, it is important to review data exfiltration attack vectors and countermeasures to support future research in this field. Objective This paper is aimed at identifying and critically analysing data exfiltration attack vectors and countermeasures for reporting the status of the art and determining gaps for future research. Method We have followed a structured process for selecting 108 papers from seven publication databases. Thematic analysis method has been applied to analyse the extracted data from the reviewed papers. Results We have developed a classification of (1) data exfiltration attack vectors used by external attackers and (2) the countermeasures in the face of external attacks. We have mapped the countermeasures to attack vectors. Furthermore, we have explored the applicability of various countermeasures for different states of data (i.e., in use, in transit, or at rest). Conclusion This review has revealed that (a) most of the state of the art is focussed on preventive and detective countermeasures and significant research is required on developing investigative countermeasures that are equally important; (b) Several data exfiltration countermeasures are not able to respond in real-time, which specifies that research efforts need to be invested to enable them to respond in real-time (c) A number of data exfiltration countermeasures do not take privacy and ethical concerns into consideration, which may become an obstacle in their full adoption (d) Existing research is primarily focussed on protecting data in ‘in use’ state, therefore, future research needs to be directed towards securing data in ‘in rest’ and ‘in transit’ states (e) There is no standard or framework for evaluation of data exfiltration countermeasures. We assert the need for developing such an evaluation framework.

KW - Data Exfiltration

KW - Data Leakage

KW - Data Theft

KW - Data Breach

KW - External Attack Vector

KW - Countermeasure

U2 - 10.1016/j.jnca.2017.10.016

DO - 10.1016/j.jnca.2017.10.016

M3 - Journal article

VL - 101

SP - 18

EP - 54

JO - Journal of Network and Computer Applications

JF - Journal of Network and Computer Applications

SN - 1084-8045

ER -