The reviewed record of science sign in
Pith

arxiv: 2310.03667 · v1 · pith:IPPAEZ7F · submitted 2023-10-05 · cs.CR

Enhancing Exfiltration Path Analysis Using Reinforcement Learning

Reviewed by Pithpith:IPPAEZ7Fopen to challenge →

classification cs.CR
keywords exfiltrationpayloadprotocolpathsadversarialbehaviorconsiderationsemulate
0
0 comments X
read the original abstract

Building on previous work using reinforcement learning (RL) focused on identification of exfiltration paths, this work expands the methodology to include protocol and payload considerations. The former approach to exfiltration path discovery, where reward and state are associated specifically with the determination of optimal paths, are presented with these additional realistic characteristics to account for nuances in adversarial behavior. The paths generated are enhanced by including communication payload and protocol into the Markov decision process (MDP) in order to more realistically emulate attributes of network based exfiltration events. The proposed method will help emulate complex adversarial considerations such as the size of a payload being exported over time or the protocol on which it occurs, as is the case where threat actors steal data over long periods of time using system native ports or protocols to avoid detection. As such, practitioners will be able to improve identification of expected adversary behavior under various payload and protocol assumptions more comprehensively.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.