Abstract: HYMONT
From MilcordWiki
- Toothaker, M., Drapeau, D., Caglayan, A, Bratus, S. and Arackaparambil , C. (2009) Hybrid Malicious Outbound Network Traffic flow detection (HYMONT) , Final Report, W911NF-08-C-0140US Army Research Office, Raleigh, NC. abstract
The data leak and exfiltration threat is broad-based and evolving. Two emerging threat vectors that are especially challenging and underrepresented in the cybersecurity community include the use of covert channel network and outbound DNS requests for data exfiltration. In this project, entitled Hybrid Malicious Outbound Network Traffic (HYMONT), we researched and developed a software prototype that applies machine learning algorithms to contextual metadata based and entropy based sensors in order to detect data exfiltration on a computer network in real time. Using our approach, we demonstrate the capability of detecting this malicious behavior, adapting to new and evolving threats, and alerting a user when such anomalous behavior is occurring, while reducing missed detections and false alarms.
