SIMPLE MECHANISM FOR POSSIBLE INFORMATION LEAK DETECTION ON DATA NETWORKS

Javier Alfonso Valdés

Abstract


The leakage of sensitive information is one of the main problems faced by institutions. Traditional rules-based tools like Snort or Suricata are able to efficiently detect known threats, but are useless against APTs (Advanced Persistent Threats). APTs use unknown vulnerabilities and standard protocols with encryption, simulating normal behavior. In this research a simple method based on the standard deviation of the times between the arrival of flows is proposed. It seeks to detect periodic outgoing connections that can be analyzed by specialists in search of information leakage. Suspicious periodic connections were identified, one of them corresponding to a poorly configured service that reported user data, effectively identifying a case of information leakage.


Keywords


fuga de información, periodicidad, tráfico de red, desviación estándar

Refbacks

  • There are currently no refbacks.


Telemática journal. ISSN 1729-3804

Havana University of Technology "José Antonio Echeverría", CUJAE.

School of Telecommunications and Electronics.

Calle 114, No. 11901, e/ Ciclovía y Rotonda, Marianao, La Habana, Cuba. CP 10390.

telematica@tesla.cujae.edu.cu

https://revistatelematica.cujae.edu.cu

This is open access journal.

 This website follows Licencia de Creative Commons Reconocimiento-NoComercial 4.0 Internacional.