KSII Transactions on Internet and Information Systems (TIIS)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

Privacy Level Indicating Data Leakage Prevention System

  • Kim, Jinhyung (Department of Computer Science, Seoul Women's University) ;
  • Park, Choonsik (Department of Computer Science, Seoul Women's University) ;
  • Hwang, Jun (Department of Computer Science, Seoul Women's University) ;
  • Kim, Hyung-Jong (Department of Computer Science, Seoul Women's University)
  • Received : 2013.02.06
  • Accepted : 2013.02.19
  • Published : 2013.03.31
Download PDF
⟨ Previous Next ⟩

Abstract

The purpose of a data leakage prevention system is to protect corporate information assets. The system monitors the packet exchanges between internal systems and the Internet, filters packets according to the data security policy defined by each company, or discretionarily deletes important data included in packets in order to prevent leakage of corporate information. However, the problem arises that the system may monitor employees' personal information, thus allowing their privacy to be violated. Therefore, it is necessary to find not only a solution for detecting leakage of significant information, but also a way to minimize the leakage of internal users' personal information. In this paper, we propose two models for representing the level of personal information disclosure during data leakage detection. One model measures only the disclosure frequencies of keywords that are defined as personal data. These frequencies are used to indicate the privacy violation level. The other model represents the context of privacy violation using a private data matrix. Each row of the matrix represents the disclosure counts for personal data keywords in a given time period, and each column represents the disclosure count of a certain keyword during the entire observation interval. Using the suggested matrix model, we can represent an abstracted context of the privacy violation situation. Experiments on the privacy violation situation to demonstrate the usability of the suggested models are also presented.

Keywords

References

  1. Varun Chandola, Arindam Banerjee, and Vipin Kumar, "On abnormality detection in spuriously populated data streams," ACM Computing Surveys (CSUR), vol. 41, issue 3, July 2009.
  2. Jinhyung Kim and Hyung-Jong Kim, "Design and implementation of data leakage prevention system considering the level of privacy protection and violation," Information - An International Interdisciplinary Journal, vol. 14, no. 5, November, 2011.
  3. Salvatore J. Stolfo, Shlomo Hershkop, Chia-Wei Hu, Wei-Jen Li, Olivier Nimeskern, and Ke Wang, "Behavior-based modeling and its application to email analysis," ACM Transactions on Internet Technology, vol. 6, no. 2, pp. 187-221, May 2006. https://doi.org/10.1145/1149121.1149125
  4. Balachander Krishnamurthy, Delfina Malandrino, and Craig E. Wills, "Measuring privacy loss and the impact of privacy protection in Web browsing," Proceedings of SOUPS (Symposium On Usable Privacy and Security), July, 2007.
  5. Sakaki Hiroshi, Yanoo Kazuo, Ogawa Ryuichi and Hosomi Itaru, "An information leakage risk evaluation method based on security configuration validation," IEICE Technical Report, vol. 105, no. 398, pp.15-22, 2005.
  6. K. Das and J. Schneider, "Detecting anomalous records in categorical datasets," KDD, 2007.
  7. Daeseon Choi, Seunghun Jin, and Hyunsoo Yoon, A Personal Information Leakage Prevention Method on the Internet, 3rd edition, Springer-Verlag, Berlin Heidelberg, New York, 1996.

Cited by

  1. Privacy-Preserving Two-Party Collaborative Filtering on Overlapped Ratings vol.8, pp.8, 2013, https://doi.org/10.3837/tiis.2014.08.022
  2. An Improved Privacy Preserving Construction for Data Integrity Verification in Cloud Storage vol.8, pp.10, 2013, https://doi.org/10.3837/tiis.2014.10.019