{"id":"https://openalex.org/W3111520820","doi":"https://doi.org/10.1145/3442181","title":"Machine Learning for Detecting Data Exfiltration","display_name":"Machine Learning for Detecting Data Exfiltration","publication_year":2021,"publication_date":"2021-05-08","ids":{"openalex":"https://openalex.org/W3111520820","doi":"https://doi.org/10.1145/3442181","mag":"3111520820"},"language":"en","primary_location":{"id":"doi:10.1145/3442181","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3442181","pdf_url":null,"source":{"id":"https://openalex.org/S157921468","display_name":"ACM Computing Surveys","issn_l":"0360-0300","issn":["0360-0300","1557-7341"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Computing Surveys","raw_type":"journal-article"},"type":"preprint","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/abs/2012.09344v1","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5089776133","display_name":"Bushra Sabir","orcid":"https://orcid.org/0000-0003-4303-5169"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I5681781","display_name":"The University of Adelaide","ror":"https://ror.org/00892tw58","country_code":"AU","type":"education","lineage":["https://openalex.org/I5681781"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Bushra Sabir","raw_affiliation_strings":["CREST - The Centre for Research on Engineering Software Technologies, University of Adelaide, CSIRO/Data61, Australia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"CREST - The Centre for Research on Engineering Software Technologies, University of Adelaide, CSIRO/Data61, Australia","institution_ids":["https://openalex.org/I1292875679","https://openalex.org/I42894916","https://openalex.org/I5681781"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101765155","display_name":"Faheem Ullah","orcid":"https://orcid.org/0000-0001-8476-1218"},"institutions":[{"id":"https://openalex.org/I5681781","display_name":"The University of Adelaide","ror":"https://ror.org/00892tw58","country_code":"AU","type":"education","lineage":["https://openalex.org/I5681781"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Faheem Ullah","raw_affiliation_strings":["CREST - The Centre for Research on Engineering Software Technologies, University of Adelaide, Australia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"CREST - The Centre for Research on Engineering Software Technologies, University of Adelaide, Australia","institution_ids":["https://openalex.org/I5681781"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103075476","display_name":"Muhammad Ali Babar","orcid":"https://orcid.org/0000-0001-9696-3626"},"institutions":[{"id":"https://openalex.org/I4210088899","display_name":"CO2CRC","ror":"https://ror.org/005xs3e07","country_code":"AU","type":"nonprofit","lineage":["https://openalex.org/I4210088899"]},{"id":"https://openalex.org/I5681781","display_name":"The University of Adelaide","ror":"https://ror.org/00892tw58","country_code":"AU","type":"education","lineage":["https://openalex.org/I5681781"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"M. Ali Babar","raw_affiliation_strings":["CREST - The Centre for Research on Engineering Software Technologies, University of Adelaide, CSCRC - Cyber Security Cooperative Research Centre, Australia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"CREST - The Centre for Research on Engineering Software Technologies, University of Adelaide, CSCRC - Cyber Security Cooperative Research Centre, Australia","institution_ids":["https://openalex.org/I4210088899","https://openalex.org/I5681781"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5110752696","display_name":"Raj Gaire","orcid":null},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Raj Gaire","raw_affiliation_strings":["CSIRO/Data61, Australia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"CSIRO/Data61, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.00756511,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"54","issue":"3","first_page":"1","last_page":"47"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.996399998664856,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.996399998664856,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9916999936103821,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9850999712944031,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8053287267684937},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5882838368415833},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5520253777503967},{"id":"https://openalex.org/keywords/feature-engineering","display_name":"Feature engineering","score":0.5507095456123352},{"id":"https://openalex.org/keywords/categorization","display_name":"Categorization","score":0.5135467052459717},{"id":"https://openalex.org/keywords/intersection","display_name":"Intersection (aeronautics)","score":0.49752309918403625},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.475831538438797},{"id":"https://openalex.org/keywords/feature","display_name":"Feature (linguistics)","score":0.4462008476257324},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.406799852848053},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.13000580668449402},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.10104012489318848}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8053287267684937},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5882838368415833},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5520253777503967},{"id":"https://openalex.org/C2778827112","wikidata":"https://www.wikidata.org/wiki/Q22245680","display_name":"Feature engineering","level":3,"score":0.5507095456123352},{"id":"https://openalex.org/C94124525","wikidata":"https://www.wikidata.org/wiki/Q912550","display_name":"Categorization","level":2,"score":0.5135467052459717},{"id":"https://openalex.org/C64543145","wikidata":"https://www.wikidata.org/wiki/Q162942","display_name":"Intersection (aeronautics)","level":2,"score":0.49752309918403625},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.475831538438797},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.4462008476257324},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.406799852848053},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.13000580668449402},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.10104012489318848},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C146978453","wikidata":"https://www.wikidata.org/wiki/Q3798668","display_name":"Aerospace engineering","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3442181","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3442181","pdf_url":null,"source":{"id":"https://openalex.org/S157921468","display_name":"ACM Computing Surveys","issn_l":"0360-0300","issn":["0360-0300","1557-7341"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Computing Surveys","raw_type":"journal-article"},{"id":"mag:3111520820","is_oa":true,"landing_page_url":"https://arxiv.org/abs/2012.09344v1","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"arXiv (Cornell University)","raw_type":null}],"best_oa_location":{"id":"mag:3111520820","is_oa":true,"landing_page_url":"https://arxiv.org/abs/2012.09344v1","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"arXiv (Cornell University)","raw_type":null},"sustainable_development_goals":[{"score":0.5199999809265137,"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":86,"referenced_works":["https://openalex.org/W34738725","https://openalex.org/W41554520","https://openalex.org/W149687307","https://openalex.org/W179875071","https://openalex.org/W327991062","https://openalex.org/W1487321909","https://openalex.org/W1516506771","https://openalex.org/W1603920809","https://openalex.org/W1656664476","https://openalex.org/W1766594731","https://openalex.org/W1817561967","https://openalex.org/W1962340579","https://openalex.org/W1966809779","https://openalex.org/W1968969471","https://openalex.org/W1975675278","https://openalex.org/W1979290264","https://openalex.org/W1987552279","https://openalex.org/W1988918299","https://openalex.org/W2008071701","https://openalex.org/W2016395266","https://openalex.org/W2026258420","https://openalex.org/W2029515984","https://openalex.org/W2031177898","https://openalex.org/W2035399628","https://openalex.org/W2037021247","https://openalex.org/W2064675550","https://openalex.org/W2078398370","https://openalex.org/W2082550445","https://openalex.org/W2097794234","https://openalex.org/W2115734893","https://openalex.org/W2124808847","https://openalex.org/W2132874238","https://openalex.org/W2143692712","https://openalex.org/W2151666086","https://openalex.org/W2155940963","https://openalex.org/W2161427420","https://openalex.org/W2161830378","https://openalex.org/W2167101736","https://openalex.org/W2169397725","https://openalex.org/W2181494315","https://openalex.org/W2271567685","https://openalex.org/W2296509296","https://openalex.org/W2312250904","https://openalex.org/W2337913447","https://openalex.org/W2342408547","https://openalex.org/W2467405173","https://openalex.org/W2513712568","https://openalex.org/W2533684757","https://openalex.org/W2535782755","https://openalex.org/W2560136348","https://openalex.org/W2562162676","https://openalex.org/W2562319768","https://openalex.org/W2587897831","https://openalex.org/W2595350342","https://openalex.org/W2603119212","https://openalex.org/W2613480438","https://openalex.org/W2732916693","https://openalex.org/W2757528734","https://openalex.org/W2758551931","https://openalex.org/W2761525350","https://openalex.org/W2765325683","https://openalex.org/W2766428736","https://openalex.org/W2766521509","https://openalex.org/W2780061022","https://openalex.org/W2790664081","https://openalex.org/W2792581684","https://openalex.org/W2794598542","https://openalex.org/W2884001105","https://openalex.org/W2887719218","https://openalex.org/W2890988085","https://openalex.org/W2894409651","https://openalex.org/W2924689635","https://openalex.org/W2943546107","https://openalex.org/W2962874122","https://openalex.org/W2963461515","https://openalex.org/W2965544581","https://openalex.org/W2988210345","https://openalex.org/W3011774524","https://openalex.org/W3016892025","https://openalex.org/W3149136141","https://openalex.org/W4231671104","https://openalex.org/W4247200422","https://openalex.org/W4288083473","https://openalex.org/W6601578796","https://openalex.org/W6627389111","https://openalex.org/W6654917571"],"related_works":["https://openalex.org/W3136232714","https://openalex.org/W3165414374","https://openalex.org/W2893123663","https://openalex.org/W3004179294","https://openalex.org/W3012467524","https://openalex.org/W3180062783","https://openalex.org/W3186172578","https://openalex.org/W3210837816","https://openalex.org/W2737787687","https://openalex.org/W3049613671","https://openalex.org/W2797664868","https://openalex.org/W3037427560","https://openalex.org/W2968117339","https://openalex.org/W3120192064","https://openalex.org/W2765323681","https://openalex.org/W2065146398","https://openalex.org/W3114442852","https://openalex.org/W2757893062","https://openalex.org/W3210162706","https://openalex.org/W3196224613"],"abstract_inverted_index":{"Context":[0],":":[1,53,97,112,168],"Research":[2],"at":[3,57,86],"the":[4,37,121,126,148,218],"intersection":[5],"of":[6,46,175,188,220,230],"cybersecurity,":[7],"Machine":[8],"Learning":[9],"(ML),":[10],"and":[11,35,66,75,107,130,144,154,157,177,192,215,226],"Software":[12],"Engineering":[13],"(SE)":[14],"has":[15,115],"recently":[16],"taken":[17],"significant":[18],"steps":[19],"in":[20,89,125,205],"proposing":[21],"countermeasures":[22,41,63,127,221],"for":[23,42,79,237],"detecting":[24,239],"sophisticated":[25],"data":[26,39,61,93,240],"exfiltration":[27,40,62,94,241],"attacks.":[28,242],"It":[29],"is":[30,185],"important":[31,50],"to":[32,64,105,209,222],"systematically":[33,58],"review":[34,83,108,114],"synthesize":[36],"ML-based":[38,60,92],"building":[43],"a":[44,186],"body":[45],"knowledge":[47],"on":[48,91],"this":[49],"topic.":[51],"Objective":[52],"This":[54,82],"article":[55],"aims":[56,85],"reviewing":[59],"identify":[65,159],"classify":[67,120,147],"ML":[68,122,199],"approaches,":[69],"feature":[70,232],"engineering":[71,233],"techniques,":[72],"evaluation":[73,149,195],"datasets,":[74],"performance":[76,161],"metrics":[77],"used":[78,99,124,163],"these":[80,165],"countermeasures.":[81,95],"also":[84],"identifying":[87],"gaps":[88],"research":[90],"Method":[96],"We":[98,169],"Systematic":[100],"Literature":[101],"Review":[102],"(SLR)":[103],"method":[104],"select":[106],"92":[109],"papers.":[110],"Results":[111],"The":[113,173,228],"enabled":[116],"us":[117],"to:":[118],"(a)":[119],"approaches":[123,179],"into":[128,136,151],"data-driven,":[129],"behavior-driven":[131,178],"approaches;":[132],"(b)":[133],"categorize":[134],"features":[135],"six":[137],"types:":[138],"behavioral,":[139],"content-based,":[140],"statistical,":[141],"syntactical,":[142],"spatial,":[143],"temporal;":[145],"(c)":[146],"datasets":[150],"simulated,":[152],"synthesized,":[153],"real":[155],"datasets;":[156,196],"(d)":[158],"11":[160],"measures":[162],"by":[164],"studies.":[166],"Conclusion":[167],"conclude":[170],"that:":[171],"(i)":[172],"integration":[174],"data-driven":[176],"should":[180,202,212,234],"be":[181,203,213,235],"explored;":[182],"(ii)":[183],"There":[184],"need":[187],"developing":[189],"high":[190],"quality":[191],"large":[193],"size":[194],"(iii)":[197],"Incremental":[198],"model":[200],"training":[201],"incorporated":[204],"countermeasures;":[206],"(iv)":[207],"Resilience":[208],"adversarial":[210],"learning":[211],"considered":[214],"explored":[216],"during":[217],"development":[219],"avoid":[223],"poisoning":[224],"attacks;":[225],"(v)":[227],"use":[229],"automated":[231],"encouraged":[236],"efficiently":[238]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}