Show simple item record

dc.contributor.advisorMcCarrin, Michael
dc.contributor.advisorRobert, Beverly
dc.contributor.authorHaycraft, Aaron
dc.dateMar-17
dc.date.accessioned2017-05-10T16:31:37Z
dc.date.available2017-05-10T16:31:37Z
dc.date.issued2017-03
dc.identifier.urihttp://hdl.handle.net/10945/52989
dc.descriptionApproved for public release; distribution is unlimiteden_US
dc.description.abstractData exfiltration over a network poses a threat to confidential information. Due to the possibility of malicious insiders, this threat is especially difficult to mitigate. Our goal is to contribute to the development of a method to detect exfiltration of many targeted files without incurring the full cost of reassembling flows. One strategy for accomplishing this would be to implement an approximate matching scheme that attempts to determine whether a file is being transmitted over the network by analyzing the quantity of payload data that matches fragments of the targeted file. Ourwork establishes the basic feasibility of such an approach by matching Transmission Control Protocol (TCP) payloads of traffic containing exfiltrated data against a database of MD5 hashes, each representing a fragment of our target data. We tested against a database of 415 million fragment hashes, where the length of the fragments was chosen to be smaller than the payload size expected for most common Maximum Transmission Units (MTUs), and we simulated exfiltration by sending a sample of our targeted data across the network along with other non-target files representing noise. We demonstrate that under these conditions, we are able to detect the targeted content with a recall of 98.3% and precision of 99.1%.en_US
dc.description.urihttp://archive.org/details/detectingtargetd1094552989
dc.publisherMonterey, California: Naval Postgraduate Schoolen_US
dc.rightsCopyright is reserved by the copyright owner.en_US
dc.titleDetecting target data in network trafficen_US
dc.typeThesisen_US
dc.contributor.departmentComputer Science (CS)
dc.subject.authorexfiltrationen_US
dc.subject.authorinformationen_US
dc.subject.authorflowsen_US
dc.subject.authorhashesen_US
dc.description.serviceCivilian, Federal Reserve Bank of San Franciscoen_US
etd.thesisdegree.nameMaster of Science in Computer Scienceen_US
etd.thesisdegree.levelMastersen_US
etd.thesisdegree.disciplineComputer Scienceen_US
etd.thesisdegree.grantorNaval Postgraduate Schoolen_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record