Malicious Data Leak Prevention and Purposeful
Evasion Attacks: An Approach to Advanced
Persistent Threat (APT) Management
Tarique Mustafa,
Founder & Chief Executive Officer / Chief Technology Officer
nexTier Networks, Inc.
2953, Bunker Hill Lane, Ste: 400, Santa Clara, CA-95054, USA
Tarique@nextiernetworks.com
Abstract— Existing Data Leak Prevention (DLP) solutions are
inherently incapable of scaling beyond trivial scenarios of
“Accidental Data Leak” wherein no “Purposeful Evasion
Attack” is encountered. Nevertheless, these attacks can render a
DLP system completely useless (or greatly depreciate the
effectiveness/usefulness of any DLP solution). A true DLP
solution, therefore, must support “Malicious Data Leak
Prevention” capability wherein “Purposeful Evasion Attacks”
can be effectively detected and prevented.
With the advent of Advanced Persistent Threats (APTs) against
Information Security and DLP Systems, “Purposeful Evasion
Attacks” have emerged as the most sophisticated class of threats
against DLP solutions. Unfortunately, “Purposeful Evasion
Attacks” have also remained un-addressed in their most basic
forms.
This paper presents (1) an insight into the lifecycle of APTs
launched against Information Security and DLP systems, (2) a
classification of real-life “Purposeful Evasion Attacks” against
Information Security and DLP systems, (3) a reference model for
enabling Malicious Data Leak Prevention (called 3-D Correlation
Paradigm).
Keywords— Data Leak Prevention, Malicious DLP, Evasion
Attack, Information Security, Advanced Persistent Threat, APT,
False Negative, Egress Control.
I. INTRODUCTION
A security solution is only as good as its weakest
vulnerability. Conventional DLP approaches are effective for
Accidental Data Leak (ADL) only. An example of ADL is the
scenario where an “unintended” recipient is included in the
‘To List’ of an email, utterly by mistake. Conventional ADL
based DLP solutions are inherently incapable of scaling
beyond trivial scenarios of ADL wherein no “Purposeful
Evasion Attack” is encountered.
Nevertheless, these “Purposeful Evasion Attacks” can
render a DLP system completely useless (or greatly depreciate
the effectiveness/usefulness of any DLP solution). A true DLP
solution, therefore, must support “Malicious Data Leak
978-1-4673-6195-8/13/$31.00 ©2013 IEEE
Prevention” capability wherein “Purposeful Evasion Attacks”
can be effectively detected and prevented.
With the advent of Advanced Persistent Threats (APTs)
against Information Security Systems, “Purposeful Evasion
Attacks” have assumed even more serious significance. In fact
“Purposeful Evasion Attacks” have emerged as the most
sophisticated class of threats against DLP solutions.
Unfortunately, the “Purposeful Evasion Attacks” have also
remained un-addressed in their most basic forms, primarily
because, 1) “Purposeful Evasion Attacks” are difficult to
address, and 2) “Purposeful Evasion Attacks” pose
unparalleled challenges at the basic algorithmic level.
In Section II this paper provides an insight into the anatomy
and lifecycle of APTs that launch Evasion Attacks against the
DLP systems after infiltrating the target infrastructure. In
Section III an in-depth analysis and classification of various
real-life Evasion Attacks against Information Security and
DLP systems is presented. The specific algorithms targeted by
each type of Evasion Attacks are also described. Section IV
presents a reference model for Malicious Data Leak
Prevention System that enables mechanisms for protection
against “Purposeful Evasion Attacks” launched via APTs (or
by a ‘Mole’) in the target infrastructure. Section V
summarizes some conclusions.
This paper will enable the audience to, 1) Better understand
the real-life significance of “Purposeful Evasion Attacks” in
the context of Information Security and Data Leak Prevention,
2) Evaluate the inherent limitations of existing DLP
algorithms that further aggravate vulnerability to “Purposeful
Evasion Attacks”, 3) Design and implement methods to
counter the “Purposeful Evasion Attacks” against Information
Security and Data Leak Prevention solutions, 4) Establish
business processes and guidelines to help mitigate
vulnerabilities against various “Purposeful Evasion Attacks”,
5) Improve their overall strategy against APTs and eliminate
compliance violation issues that result from “Purposeful
Evasion Attacks”.
 II. MALICIOUS DATA LEAK – AS A CLASS OF ADVANCED
PERSISTENT THREAT
Malicious Data Leak (MDL) is one of the most serious
challenges facing the information security industry [6], both
the commercial market and the Government
departments/agencies. It involves the scenario wherein an
agent (whether a human actor or a malicious process, such as
a malware or bot) causes a deliberate unauthorized
exfiltration of confidential and/or mission critical information.
If the MDL is caused by a human actor, it is regarded as a
classical case of industrial (or military) espionage where the
human actor is a mole or a spy. If the MDL is effectuated via
non-human actors (such as malicious process, malware, bot,
etc.) it takes the form of a quintessential Advanced Persistent
Threat (APT).
A. How is Malicious Data Leak Invoked?
An MDL follows a distinct lifecycle and pattern as listed
below;
1) Infiltration Phase: In this phase the Actor (human mole
or non-human malicious process) infiltrates the target
infrastructure.
2) Identity Acquisition Phase: In this phase the Actor
(human mole or non-human malicious process) acquires a
legitimate Identity and corresponding Authorizations in the
target infrastructure.
3) Discovery and Access Phase: In this phase the Actor
(using its Identity and Authorizations) launches discovery
campaign to locate the target information on the target
infrastructure. Once the target information is located, access
processes are invoked to gain access to the target information.
4) Exfiltration Phase: In this phase the Actor invokes the
exfiltration process. Depending upon the sophistication of the
Actor multiple actions are taken, including,
• Protocol and Communication Channel Selection
• Target Destination Selection
• Evasion Attack Selection
could range from (a) Identity Theft and Masquerading, to (b)
Exploitation of the known “Vulnerability” of the Data/Content
Identification and Matching Algorithms.
III. EVASION ATTACKS
Evasion Attacks are a new class of cyber attack against the
Information Security and DLP infrastructure [5], [6]. Evasion
Attacks can be invoked either manually (by a ‘Mole’) or via
APTs.
Evasion Attacks can render Information Security and DLP
infrastructure completely useless (or greatly depreciate its
usefulness). Real-life impact of Evasion Attacks on
Information Security and DLP infrastructure manifests itself
as False Negatives i.e. failure to control Egress,
• Very frequently for Unstructured & Semi-structured
information (e.g. emails, spreadsheets, ad-hoc
documents, etc.).
• Relatively frequently for Structured Data &
Information (e.g. database information, PCI, PII, etc.).
These attacks are extremely difficult to detect as they
involve sophisticated techniques that exploit vulnerability of
the underlying Information Security and DLP constructs at the
systemic and algorithmic levels. Fig. 1 illustrates a formal
layout of an exemplary construct for Information Security and
DLP process. The two main variables in this model are (a)
Identity of the Actor, and (b) the Content itself. Hence, these
two variables constitute the key vulnerability of Information
Security and DLP constructs forming the main focus of
Evasion Attacks (whether manual through a ‘Mole’ or via an
APT).

Depending upon the sophistication of the Actor, these

decisions are made either autonomously by the Actor or in
conjunction with the Command & Control (C2) mechanism of
the APT.
B. Why is Malicious Data Leak More Complex?
Malicious Data Leak is more difficult to address not only
due to the presence of intent to exfiltrate on part of the
Actor(s) but also due to the absence of foolproof underlying
technology for automated identification of important classified
data and information. Data and content identification and Fig. 1 Information/Data Exfiltration Prevention: Formal Definition
matching algorithms employed in conventional DLP solutions
to protect against ADL can be easily gamed. Depending upon
its sophistication an MDL usually involves invocation of
“Purposeful Evasion Techniques” (called Evasion Attacks)
against the Information Security and DLP systems deployed
on the target infrastructure. Examples of Evasion Attacks
A. Types of Evasion Attacks
Evasion Attacks can be broadly classified into two
categories;
1) Identity Based Evasion Attacks: It is to be noted here
that the most likely source of Evasion Attacks against
Information Security and DLP infrastructure is “Mole” within
the enterprise with proper Identity and Access Rights. Or an
APT wherein the malicious process assumes a legitimate
Identity and Access Rights.
Hence, Identity based Evasion Attacks involve obtaining a
‘legitimate’ Identity and Access Rights for an Actor either via
a properly prescribed process (e.g. in the case of a ‘Mole’) or
through stealth in the case of APT. Since most of the
Information Security and DLP solutions rely exclusively on
the ability to protect the Identity, once the Identity is
compromised the rogue Actor has no obstacles and Fig. 1 Content Identification and Matching Process: Epicentre of Content
exfiltration can be performed unhindered. based Evasion Attacks

Identity based Evasion Attacks in the context of

Information Security and DLP has been an ongoing topic of
B. Classification of Content based Evasion Attacks
research [5], [6], [7], [8], [9]. Many remedial means [1], [4]
have been devised with varying levels of success. Content based Evasion Attacks involve data/content
manipulation to exploit the vulnerability of the underlying
2) Content Based Evasion Attacks: Content based matching algorithms. Fig. 3 displays a taxonomy of Content
Evasion Attacks constitute some of the most challenging based Evasion Attacks.
attacks against Information Security and DLP infrastructure.
Fig. 2 illustrates an exemplary algorithmic construct for
Content Identification and Matching used in Information
Security and DLP infrastructure. As is evident from the logic
flow in Fig. 2, the most vulnerable part of the algorithm is the
ideal ‘Epicenter’ for Evasion Attacks.
Content based Evasion Attacks may involve multiple
techniques including,
• Manipulation of structural, lexical or temporal
composition of the content (e.g. emails, spreadsheets,
ad-hoc documents, etc.).
• Content Encoding and Steganographic techniques.
• Exploitation of the known “Vulnerability” of the
Data/Content Identification and Matching Algorithms.

Content Encoding and Steganographic techniques are Fig. 3 Classification of Content Based Evasion Attacks
complex challenges. However, challenges posed by Evasion
Attacks based on these techniques have been either addressed
Table I provides a description of various types of Content
or greatly mitigated by making it relatively easier to detect in
based Evasion Attacks and the corresponding algorithmic
the context of Information Security and DLP [2], [5], [6].
vulnerability that each of these attacks exploits. Information
Security and DLP systems normally employ a suite of content
Evasion Attacks based on manipulation of structural,
identification and matching algorithms.
lexical or temporal composition of data or content are by far
the most difficult to detect and neutralize. These techniques
It is to be noted here that the more precise a content
exploit the vulnerabilities of content Identification and
identification and matching algorithm is the more vulnerable it
Matching Algorithms. Few remedial means exist [1], [2], [5],
is to Content based Evasion Attacks. Thus, precision 1 ,
[6]. The key objective behind manipulation of the content
tolerance 2 and rigorousness 3 are equally important (although
itself is to avoid matching, and hence identification, with the
declared instances of data or content that is being protected. 1
Accuracy of algorithm for exact matching of content
2
Ability for partial matching of content
3
Ability to Identify similarity of content in a particular context
at times contradictory) characteristics of content matching evade many Data/Content Matching Algorithms
algorithms in order to build a formidable and robust defence Evasion • Fingerprinting Algorithms
against Content based Evasion Attacks. Target: • Keyword Matching Algorithms
• Pattern matching Algorithms
• LSI Algorithms
TABLE I 2 Polysemy Attack
SUMMARY OF CONTENT BASED EVASION ATTACKS Description: This involves using polysyms for key
words to Obfuscate or Ambiguate the original
Data/Content. Simply changing certain key words will
No. Structural Alteration Attacks evade many Data/Content Matching Algorithms
1 Transposition Attack Evasion • Fingerprinting Algorithms
Description: This involves moving around phrases or Target: • Keyword Matching Algorithms
sections of a document out of order. For example • Pattern matching Algorithms
transposing sections of a document. • LSI Algorithms
Evasion • Fingerprinting Algorithms 3 Book Cipher Attack
Target:
Description: This involves using a cipher for certain
2 Sentence Structure Alteration (SSA) Attack words. For example, using the word “seven” for the
Description: This involves altering the structure of a number “7” in a Social Security Number
sentence to make it seem different, even though the Evasion • Fingerprinting Algorithms
semantic mean is the same. As in our previous Target: • Keyword Matching Algorithms
example, “Someone will buy Company X” vs. • Pattern matching Algorithms
“Company X is going to be acquired by a buyer”. • LSI Algorithms
Evasion • Fingerprinting Algorithms
Target: • NLP Algorithms
3 Substitution Attack
Description: This involves substituting a word or IV. ADVANCED PERSISTENT THREAT MANAGEMENT IN DLP
phrase for part of a sentence or section of a document SYSTEMS
Evasion • Fingerprinting Algorithms As described in Sections II and III, real-life scenarios
Target: • NLP Algorithms
require the ability to protect against MDL that is caused via
• Keyword Matching Algorithms
No.
externally planted APTs using sophisticated Evasion Attacks.
Transformation Attacks
1 Mapping & Hashing
These attacks may include combination of Identity based and
Description: This involves using a mapping function
Content based Evasion Attacks.
F(Map) or a hashing function H(c1 … ck) to transform
a given Data/Content into a unique non-lexical In this section a unique paradigm called “3-D Correlation”
sequence to evade Content Matching Algorithms. will be presented. This provides an effective security
Evasion • Fingerprinting Algorithms framework against data exfiltration caused by Evasion Attacks
Target: • NLP Algorithms launched by APTs (Malware, Bots, Agents, etc.). This unique
• Keyword Matching Algorithms approach correlates ‘Actors~Information~Operations’ using
• Pattern matching Algorithms multiple criteria including ‘Identity and Roles’ and ‘Security
2 Encryption Transforms Profile’ of Actors.
Description: This involves using encryption to evade
Content Identification Algorithms As shown in Fig. 4, the 3-D Correlation is a ‘Formal
Evasion • Fingerprinting Algorithms Definition” of generalized Data Leak Prevention scenarios.
Target: • NLP Algorithms
• Keyword Matching Algorithms
• Pattern matching Algorithms
• Transform matching Algorithms
3 Substitution Cipher Attack
Description: This usually involves using advanced
derivatives of classical Caesar Cipher (e.g. Rot(N)
Algorithms) as a means of camouflaging the Content
Evasion • Fingerprinting Algorithms
Target: • NLP Algorithms
• Keyword Matching Algorithms
• Pattern matching Algorithms
• Transform matching Algorithms
No. Obfuscation Attacks
1 Synonymy Attack
Description: This involves using synonyms for key
words, for example, “purchase” vs. “buy” vs. Fig. 4 Formal Definition of Generalized Data Leak Prevention
“acquire”. Simply changing certain key words will
 The paradigm is comprised of four main components;
1. Actors: An Actor is either a human agent (e.g. an
employee, a user), or a process (e.g. a malware, botnet,
software, B2B process, etc.), or a machine (e.g. a USB
drive, CD drive, WiFi port, etc.).
Each Actor has two key attributes,
(a) Identity – that uniquely identifies the Actor
(b) Security Profile – that specifies the ‘Security
Clearance Level’ of the Actor.
2. Information Elements: An Information Element
(IE) is a piece of data or information that is of interest.
Each IE has two key attributes,
(a) Classification Type – that uniquely identifies the type
of information the IE represents (e.g. financial
information PCI, healthcare information HIPAA,
personal information PII, etc.).
(b) Confidentiality Level – that specifies the
‘Contextual Value’ of the IE.
3. Operations: An Operation is an action that can be
performed on an IE (e.g. Print, Copy, USB transfer, etc.)
by means of data communication or data transfer (e.g. a
communication protocol or application).
4. Accessibility Map: The Accessibility Map is a
mapping between Actors and IEs. It specifies which
Actor is allowed to have access to which IE type or
instance.
A. Advanced 3-D Correlation for Malicious DLP~APT:
The 3-D Correlation entails a Canonical Representation of
Segmentation of Duty (SoD) based abstraction of Information
Communication Infrastructure so that Information Access
Control can be enforced.
One of the key capabilities of the 3-D Correlation paradigm
is its ability to address the “Zero Date Document” use case
scenarios. It incorporates an Ontology driven technology for
real-time automatic ‘Identification’, ‘Classification’ and
‘Correlation’ of confidential and compliance regulated
data/information without human intervention. Thus, any “Zero
Day Document” or “Virgin Data” can be automatically in
real-time identified, classified and correlated for any potential
violation. Simultaneously, the ‘Policy Engine’ accordingly
enforces the corresponding DLP policies in real-time.
It provides advanced and sophisticated constructs to enable
the Governmental Agencies, Intelligence Agencies, Police
Departments, Department of Defence and Homeland Security
Agencies to monitor and conduct surveillance over
communication infrastructure. The resulting product could be
a key tool in Cyber Counter Intelligence and Cyber Warfare.
V. CONCLUSIONS
A new generation of threats is challenging the Information
Security and DLP solutions today – over two-thirds of all
data/information exfiltration now derives from evasive,
malicious attacks launched through sophisticated APTs against
the data/information repositories and applications. The pace
and sophistication of these advanced attacks is increasing. It is
therefore, essential to understand the anatomy of APTs
launched against Information Security and DLP infrastructure.
Evasion Attacks pose unparalleled challenges to DLP
systems at the basic “algorithmic level”. The Problem is
inherent in the underlying DLP algorithms & constructs.
Transition from “innocent”- DLP to “malicious”- DLP
capabilities requires fundamental innovations at algorithmic
level in order to address Evasion Attacks. Optimal
combination of processes (i.e. sophisticated Workflow) and
methods (i.e. intelligent Content Identification & Matching
Algorithms) is needed to counter the APTs.
This paper presents (a) insight into the anatomy of APTs
that cause MDL, (b) the taxonomy of Evasion Attacks that
these APTs can launch to cause failure of Egress Control, (c) a
DLP paradigm that can effectively stop MDL caused by APTs.
The 3-D Correlation paradigm presented in this paper
provides an effective “reference” framework for defence
against sophisticated APTs.
REFERENCES
[1] T. Mustafa, “High Granularity Reactive Measures for Reactive Pruning
of Information”, US Patent 8,141,127 B1, Mar. 20, 2012.
[2] T. Mustafa, “High Accuracy Document Information-Element Vector
Encoding Server”, US Patent 7,725,466 B2, May 25, 2010.
[3] N. Srinivasa et. al, “Method and Apparatus for Electronically
Extracting Application Specific Multidimensional Information from
Documents Selected from a Set of Documents Extracted from a
Library of Electronically Searchable Documents”, US Patent 6,965,900
B2, Nov. 15, 2005.
[4] D. Gupta et. al, “System and Method for Preventing Large-Scale
Account Lockout”, US Patent 8,302,187 B2, Oct. 30, 2012.
[5] T. Mustafa, “Evasion Attacks: The Next Frontier in Data Leak
Prevention”, in Proc. RSA Security Conference, 2009.
[6] T. Mustafa, “Malicious Data Leak Prevention (DLP): Impact and
Challenges for Business Processes”, in Proc. DLP Conference - Russia,
2010.
[7] E.M. Hutchins, M.J. Cloppert, R.M. Amin, “Intelligence-Driven
Computer Network Defense Informed by Analysis of Adversary
Campaigns and Intrusion Kill Chains”, Lockheed Martin Corporation,
Abstract, 2013.
[8] M.K. Daly, “The Advanced Persistent Threat (or Informationized
Force Operations)”, Raytheon, Report, 2009.
[9] Command and Control in the Fifth Domain, Command Five Pty Ltd,
2012.
[10] Advanced Persistent Threats: A Decade in Review, Command Five Pty
Ltd., 2011. Available:
http://www.commandfive.com/papers/C5_APT_ADecadeInReview.pdf