{"title":"Constructing a Network Graph of File Tracking Results Against Information Leakage","authors":"Tomohiko Yano, Hiroki Kuzuno, Kenichi Magata","doi":"10.1109/AsiaJCIS57030.2022.00012","DOIUrl":null,"url":null,"abstract":"It is important for organizations to take measures against information leakage. Confidential files can be leaked through various channels, so it is necessary to have a method to prevent information leakage against various threats. Some of the previous works have utilized the difference of users' legitimate file access patterns, and other works use strings about confidential files, or the similarity of confidential files in the organizations. However, the former works are difficult to detect traitors and unintentional perpetrators, and latter works are difficult to perform when confidential files are significantly transformed through encryption or encoding. Therefore, we need a method for discovering information leakage that are independent of the subjects and of the file transformation formats. In this paper, we present a novel method for file tracking and visualization to assist the discovery of information leakage. In our file tracking method, we track all user processes that read confidential files and files written by these processes. Therefore, tracking is possible whoever manipulate the confidential files and even who even when the data is heavily transformed from the original files. In our visualization method, we present these file tracking results in the form of a network graph. We represent what process the confidential file is read and what file is written by process, by using the flow of a network graph based on the result of confidential file tracking. By using our proposed network graph, it is possible to track events briefly even when the file transforms into another file through multiple events. Additionally, in order to reduce the events needed to focus on as information leakage, we prune the network graph based on past read and write events. By pruning the network graph, visibility is expected to be improved. Our experiment shows that we observed the results of the network graph when files under two information leakage scenarios were moved and copied. Most of the results were visualized according to the scenario, and we could reduce the vertices by 11.5 % and edges by 7.3 % by pruning the network graph.","PeriodicalId":304383,"journal":{"name":"2022 17th Asia Joint Conference on Information Security (AsiaJCIS)","volume":"73 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 17th Asia Joint Conference on Information Security (AsiaJCIS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/AsiaJCIS57030.2022.00012","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
It is important for organizations to take measures against information leakage. Confidential files can be leaked through various channels, so it is necessary to have a method to prevent information leakage against various threats. Some of the previous works have utilized the difference of users' legitimate file access patterns, and other works use strings about confidential files, or the similarity of confidential files in the organizations. However, the former works are difficult to detect traitors and unintentional perpetrators, and latter works are difficult to perform when confidential files are significantly transformed through encryption or encoding. Therefore, we need a method for discovering information leakage that are independent of the subjects and of the file transformation formats. In this paper, we present a novel method for file tracking and visualization to assist the discovery of information leakage. In our file tracking method, we track all user processes that read confidential files and files written by these processes. Therefore, tracking is possible whoever manipulate the confidential files and even who even when the data is heavily transformed from the original files. In our visualization method, we present these file tracking results in the form of a network graph. We represent what process the confidential file is read and what file is written by process, by using the flow of a network graph based on the result of confidential file tracking. By using our proposed network graph, it is possible to track events briefly even when the file transforms into another file through multiple events. Additionally, in order to reduce the events needed to focus on as information leakage, we prune the network graph based on past read and write events. By pruning the network graph, visibility is expected to be improved. Our experiment shows that we observed the results of the network graph when files under two information leakage scenarios were moved and copied. Most of the results were visualized according to the scenario, and we could reduce the vertices by 11.5 % and edges by 7.3 % by pruning the network graph.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
