The Library
A flow-based multi-agent data exfiltration detection architecture for ultra-low latency networks
Tools
Marques, Rafael Salema, Epiphaniou, Gregory, Al-Khateeb, Haider, Maple, Carsten, Hammoudeh, Mohammad, Lima de Castro, Paulo Andre, Dehghantanha, Ali and Choo, Kim-Kwang Raymond (2020) A flow-based multi-agent data exfiltration detection architecture for ultra-low latency networks. ACM Transactions on Internet Technology, 21 (4). 103. doi:10.1145/3419103 ISSN 1533-5399.
|
PDF
WRAP-Flow-based-multi-agent-data-exfiltration-detection-architecture-Maple-2020.pdf - Accepted Version - Requires a PDF viewer. Download (1957Kb) | Preview |
Official URL: https://doi.org/10.1145/3419103
Abstract
Modern network infrastructures host converged applications that demand rapid elasticity of services, increased security and ultra-fast reaction times. The Tactile Internet promises to facilitate the delivery of these services while enabling new economies of scale for high-fidelity of machine-to-machine and human-to-machine interactions. Unavoidably, critical mission systems served by the Tactile Internet manifest high-demands not only for high speed and reliable communications but equally, the ability to rapidly identify and mitigate threats and vulnerabilities. This paper proposes a novel Multi-Agent Data Exfiltration Detector Architecture (MADEX) inspired by the mechanisms and features present in the human immune system. MADEX seeks to identify data exfiltration activities performed by evasive and stealthy malware that hides malicious traffic from an infected host in low-latency networks. Our approach uses cross-network traffic information collected by agents to effectively identify unknown illicit connections by an operating system subverted. MADEX does not require prior knowledge of the characteristics or behaviour of the malicious code or a dedicated access to a knowledge repository. We tested the performance of MADEX in terms of its capacity to handle real-time data and the sensitivity of our algorithm’s classification when exposed to malicious traffic. Experimental evaluation results show that MADEX achieved 99.97% sensitivity, 98.78% accuracy and an error rate of 1.21% when compared to its best rivals. We created a second version of MADEX, called MADEX level 2 that further improves its overall performance with a slight increase in computational complexity. We argue for the suitability of MADEX level 1 in non-critical environments, while MADEX level 2 can be used to avoid data exfiltration in critical mission systems. To the best of our knowledge, this is the first article in the literature that addresses the detection of rootkits real-time in an agnostic way using an artificial immune system approach while it satisfies strict latency requirements.
Item Type: | Journal Article | ||||||
---|---|---|---|---|---|---|---|
Subjects: | Q Science > QA Mathematics > QA76 Electronic computers. Computer science. Computer software | ||||||
Divisions: | Faculty of Science, Engineering and Medicine > Engineering > WMG (Formerly the Warwick Manufacturing Group) | ||||||
Journal or Publication Title: | ACM Transactions on Internet Technology | ||||||
Publisher: | Association for Computing Machinery, Inc. | ||||||
ISSN: | 1533-5399 | ||||||
Official Date: | 16 July 2020 | ||||||
Dates: |
|
||||||
Volume: | 21 | ||||||
Number: | 4 | ||||||
Article Number: | 103 | ||||||
DOI: | 10.1145/3419103 | ||||||
Status: | Peer Reviewed | ||||||
Publication Status: | Published | ||||||
Reuse Statement (publisher, data, author rights): | "© ACM, 2021. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in ACM Transactions on Internet Technology 21(4) July 2021 http://doi.acm.org/10.1145/3419103 | ||||||
Access rights to Published version: | Restricted or Subscription Access | ||||||
Date of first compliant deposit: | 25 August 2020 | ||||||
Date of first compliant Open Access: | 10 August 2021 | ||||||
Related URLs: |
Request changes or add full text files to a record
Repository staff actions (login required)
View Item |
Downloads
Downloads per month over past year