{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,31]],"date-time":"2026-01-31T02:31:04Z","timestamp":1769826664100,"version":"3.49.0"},"publisher-location":"Cham","reference-count":40,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783031063640","type":"print"},{"value":"9783031063657","type":"electronic"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-031-06365-7_9","type":"book-chapter","created":{"date-parts":[[2022,6,3]],"date-time":"2022-06-03T07:04:08Z","timestamp":1654239848000},"page":"139-158","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Towards Mitigation of\u00a0Data Exfiltration Techniques Using the\u00a0MITRE ATT&CK Framework"],"prefix":"10.1007","author":[{"given":"Michael","family":"Mundt","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Harald","family":"Baier","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2022,6,4]]},"reference":[{"key":"9_CR1","unstructured":"Object Management Group (OMG). Business Process Model and Notation (2021). https:\/\/www.bpmn.org\/. Accessed 27 Apr 2021"},{"key":"9_CR2","unstructured":"Organization for the Advancement of Structured Information Standards (OASIS). OASIS TC Open Repository: Python APIs for STIX 2 (2020). https:\/\/github.com\/oasis-open\/cti-python-stix2. Accessed 10 May 2021"},{"key":"9_CR3","doi-asserted-by":"crossref","unstructured":"Sabir, B., Ullah, F., Babar, M.A., Gaire, R.: Machine learning for detecting data exfiltration: a review. Comput. Sci. (2020)","DOI":"10.1145\/3442181"},{"key":"9_CR4","unstructured":"Cohen, F.: Bad decision-making OR Making bad decisions (2021). http:\/\/all.net\/. Accessed 05 May 2021"},{"key":"9_CR5","unstructured":"OASIS Cyber Threat Intelligence Technical Committee: STIX 2 Python API Documentation (2021). https:\/\/stix2.readthedocs.io\/en\/latest\/. Accessed 10 May 2021"},{"key":"9_CR6","unstructured":"MITRE Cooperation: MITRE ATT&CK Group Silver Terrier (2021). https:\/\/attack.mitre.org\/groups\/G0083\/. Accessed 31 May 2021"},{"key":"9_CR7","unstructured":"MITRE Cooperation: MITRE ATT&CK Scripts (2021). https:\/\/github.com\/mitre-attack\/attack-scripts\/tree\/master\/scripts. Accessed 15 May 2021"},{"key":"9_CR8","unstructured":"MITRE Cooperation: MITRE ATT&CK Software Agent Tesla (2021). https:\/\/attack.mitre.org\/software\/S0331\/. Accessed 31 May 2021"},{"key":"9_CR9","unstructured":"MITRE Cooperation: MITRE ATT&CK Technique Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted\/Obfuscated Non-C2 Protocol (2021). https:\/\/attack.mitre.org\/techniques\/T1048\/003\/. Accessed 31 May 2021"},{"key":"9_CR10","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-73951-9","volume-title":"Cyber threat intelligence","author":"A Dehghantanha","year":"2018","unstructured":"Dehghantanha, A., Conti, M., Dargahi, T.: Cyber threat intelligence. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-73951-9"},{"key":"9_CR11","doi-asserted-by":"crossref","unstructured":"Tychalas, D., Keliris, A., Maniatakos, M.: LED alert: supply chain threats for stealthy data exfiltration in industrial control systems. In: 2019 IEEE 25th International Symposium on On-Line Testing and Robust System Design (IOLTS) On-Line Testing and Robust System Design (IOLTS) (2019)","DOI":"10.1109\/IOLTS.2019.8854451"},{"key":"9_CR12","doi-asserted-by":"publisher","unstructured":"Ghinita, G., Bertino, E.: Towards mechanisms for detection and prevention of data exfiltration by insiders: keynote talk paper. In: ASIACCS 2011: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (2011). https:\/\/doi.org\/10.1145\/1966913.1966916","DOI":"10.1145\/1966913.1966916"},{"key":"9_CR13","volume-title":"Prozessmanagement f\u00fcr Experten, Impulse f\u00fcr aktuelle und wiederkehrende Themen","author":"H K\u00fchn","year":"2013","unstructured":"K\u00fchn, H., Bayer, F.: Prozessmanagement f\u00fcr Experten, Impulse f\u00fcr aktuelle und wiederkehrende Themen. Springer, Heidelberg (2013)"},{"key":"9_CR14","unstructured":"Louvieris, P., Ioannou, G., Powel, G.: A Markov multi-phase transferable belief model: an application for predicting data exfiltration APTs. In: Proceedings of the 16th International Conference on Information Fusion Information Fusion (FUSION) (2013)"},{"key":"9_CR15","unstructured":"Halder, S., Ozdemir, S.: Hands-On Machine Learning for Cybersecurity: Safeguard Your System by Making Your Machines Intelligent Using the Python Ecosystem. 9781788992282. 9781788990967. Packt Publishing, Birmingham (2018)"},{"key":"9_CR16","unstructured":"Anaconda Inc. Anaconda - Data Science technology for human sensemaking (2021). https:\/\/www.anaconda.com\/. Accessed 01 Apr 2021"},{"key":"9_CR17","unstructured":"International Electronical Commission (IEC) International Standard Organization (ISO): Information Security Management (2013). https:\/\/www.iso.org\/isoiec-27001-information-security.html. Accessed 30 Apr 2021"},{"key":"9_CR18","unstructured":"International Electronical Commission (IEC) International Standard Organization (ISO): Information technology\u2014Security techniques\u2014Code of practice for information security controls (2013). https:\/\/www.iso.org\/isoiec-27001-information-security.html. Accessed 30 Apr 2021"},{"key":"9_CR19","unstructured":"International Electronical Commission (IEC) International Standard Organization (ISO): Information technology\u2014Security techniques\u2014Information security management systems\u2014Overview and vocabulary (2018). https:\/\/standards.iso.org\/ittf\/PubliclyAvailableStandards\/c073906_ISO_IEC_27000_2018_E.zip. Accessed 30 Apr 2021"},{"key":"9_CR20","doi-asserted-by":"crossref","unstructured":"Sherry, J., Lan, C., Popa, R.A., Ratnasamy, S.: Blind-box: deep packet inspection over encrypted traffic. In: SIGCOMM 2015: Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication (2015). https:\/\/dl.acm.org\/doi\/10.1145\/2785956.2787502","DOI":"10.1145\/2785956.2787502"},{"key":"9_CR21","doi-asserted-by":"publisher","unstructured":"Benton, K., Camp, L.J.: Firewalling scenic routes: preventing data exfiltration via political and geographic routing policies In: SafeConfig 2016: Proceedings of the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense (2016). https:\/\/doi.org\/10.1145\/2994475.2994477","DOI":"10.1145\/2994475.2994477"},{"key":"9_CR22","doi-asserted-by":"publisher","unstructured":"Liu, Y., Corbett, C., Chiang, K., Archibald, R., Mukherjee, B., Ghosal, D.: Detecting sensitive data exfiltration by an insider attack. In: CSIIRW 2008: Proceedings of the 4th Annual Workshop on Cyber Security and Information Intelligence Research: Developing Strategies to Meet the Cyber Security and Information Intelligence Challenges Ahead (2008). https:\/\/doi.org\/10.1145\/1413140.1413159","DOI":"10.1145\/1413140.1413159"},{"key":"9_CR23","unstructured":"Tatam, M., Shanmugam, B., Azam, S., Kannoorpatti, K.: A review of threat modelling approaches for APT-style attacks. In: Heliyon (2021). https:\/\/www.cell.com\/heliyon\/fulltext\/S2405-8440(21)00074-8"},{"key":"9_CR24","unstructured":"Mavroeidis, V., Bromander, S.: Cyber Threat Intelligence Model: An Evaluation of Taxonomies, Sharing Standards, and Ontologies within Cyber Threat Intelligence (2021). https:\/\/www.duo.uio.no\/bitstream\/handle\/10852\/58492\/CTI_Mavroeidis.pdf?sequence=4. Accessed 02 May 2021"},{"key":"9_CR25","doi-asserted-by":"crossref","unstructured":"Miloslavskaya, N.: Stream data analytics for network attacks prediction. Procedia Comput. Sci. 169, 57\u201362 (2020). https:\/\/www.sciencedirect.com\/science\/article\/pii\/S1877050920302374","DOI":"10.1016\/j.procs.2020.02.114"},{"key":"9_CR26","unstructured":"MITRE. ATT&CK Version 9.0. The Cyber Threat Intelligence Repository of MITRE ATTCK and CAPED catalogs expressed in STIX 2.0 JSON (2021). https:\/\/github.com\/mitre\/cti. Accessed 10 May 2021"},{"key":"9_CR27","unstructured":"MITRE. MITRE ATT&CK Framework (2021). https:\/\/attack.mitre.org\/. Accessed 30 Mar 2021"},{"key":"9_CR28","unstructured":"MITRE: MITRE ATT&CK NAVIGATOR (2021). https:\/\/mitreattack.github.io\/attack-navigator\/. Accessed 30 Mar 2021"},{"key":"9_CR29","doi-asserted-by":"crossref","unstructured":"Allawi, M.A.A., Hadi, A., Awajan, A.: MLDED: multi-layer data exfiltration detection system. In: 2015 Fourth International Conference on Cyber Security, Cyber Warfare, and Digital Forensic (2015)","DOI":"10.1109\/CyberSec.2015.29"},{"key":"9_CR30","doi-asserted-by":"crossref","unstructured":"Guri, M., Solewicz, Y., Daidakulov, A., Elovici, Y.: Fansmitter: acoustic data exfiltration from (speakerless) air-gapped computers. Comput. Sci. (2016)","DOI":"10.1007\/978-3-319-66399-9_6"},{"key":"9_CR31","doi-asserted-by":"crossref","unstructured":"Haber, M.J., Hibbert, B.: Asset Attack Vectors: Building Effective Vulnerability Management Strategies to Protect Organizations. Apress, Berkeley (2018). ISBN 9781484236260","DOI":"10.1007\/978-1-4842-3627-7"},{"key":"9_CR32","unstructured":"MWR InfoSecurity (Head Office). Detecting and Deterring Data Exfiltration - Guide for Implementers. In: Centre for the Protection of National Infrastructure (2014). https:\/\/www.researchgate.net\/profile\/Mohamed_ Mourad_Lafifi\/ post\/Any _good_ ICS_Dataset_ contains_exfiltration_data_leakages\/attachment\/5be5a43fcfe4a7645500ee64\/AS%3A691074662141959%401541776447655\/download\/Detecting-Deterring-Data-Exfiltration-Guide-for-Implementers-.pdf"},{"key":"9_CR33","unstructured":"Maltego Organization: Website Maltego (2021). https:\/\/www.maltego.com\/. Accessed 20 Apr 2021"},{"key":"9_CR34","doi-asserted-by":"publisher","unstructured":"Rajba, P., Mazurczyk, W.: Exploiting minification for data hiding purposes. In: ARES 2020: Proceedings of the 15th International Conference on Availability, Reliability and Security (2020). https:\/\/doi.org\/10.1145\/3407023.3409209","DOI":"10.1145\/3407023.3409209"},{"key":"9_CR35","unstructured":"Ashley, T., Kwon, R., Sri, N.: Cyber threat dictionary using MITRE ATT&CK matrix and NIST cybersecurity framework mapping. In: 2020 Resilience Week (RWS) Resilience Week (RWS), pp. 106\u2013112 (2020)"},{"key":"9_CR36","unstructured":"Ruef, M.: Monitoring-Detecting Attacks with MITRE ATT&CK. In: scip Labs, Zenodo (2019)"},{"key":"9_CR37","doi-asserted-by":"crossref","unstructured":"Antonatos, S., Braghin, S.: 4Kdump: exfiltrating files via hexdump and video capture. In: CS2 2019: Proceedings of the Sixth Workshop on Cryptography and Security in Computing Systems (2019). https:\/\/dl.acm.org\/doi\/10.1145\/3304080.3304081","DOI":"10.1145\/3304080.3304081"},{"key":"9_CR38","unstructured":"Sparx Systems. Website Sparx Systems - Enterprise Architect (2021). https:\/\/www.sparxsystems.de\/. Accessed 21 Apr 2021"},{"key":"9_CR39","doi-asserted-by":"crossref","unstructured":"Xu, Y., Yang, Y., He, Y.: A representation of business oriented cyber threat intelligence and the objects assembly. In: IEEE 10th International Conference on Information Science and Technology (ICIST) Information Science and Technology (ICIST) (2020). https:\/\/ieeexplore.ieee.org\/stamp\/stamp.jsp?tp=&arnumber=7795373","DOI":"10.1109\/ICIST49303.2020.9202271"},{"key":"9_CR40","unstructured":"Yoon, S.: Steganography in the modern attack landscape. In: Carbon Black (2019). https:\/\/www.carbonblack.com\/blog\/steganography-in-the-modern-attack-landscape\/"}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Digital Forensics and Cyber Crime"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-06365-7_9","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,2,7]],"date-time":"2023-02-07T04:06:51Z","timestamp":1675742811000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-06365-7_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783031063640","9783031063657"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-06365-7_9","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"value":"1867-8211","type":"print"},{"value":"1867-822X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"4 June 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICDF2C","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Digital Forensics and Cyber Crime","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"6 December 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 December 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"12","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"icdf2c2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/icdf2c.eai-conferences.org\/2021\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EAI Confy+","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"52","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"22","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"42% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}