한국정보통신학회논문지 (Journal of the Korea Institute of Information and Communication Engineering)

  • 제22권11호
  • /
  • Pages.1544-1553
  • /
  • 2018
  • /
  • 2234-4772(pISSN)
  • /
  • 2288-4165(eISSN)
한국정보통신학회 (The Korea Institute of Information and Commucation Engineering)
권호 표지
DOI QR코드

DOI QR Code

하둡 기반의 사용자 행위 분석을 통한 기밀파일 유출 방지 시스템

A Digital Secret File Leakage Prevention System via Hadoop-based User Behavior Analysis

  • Yoo, Hye-Rim (Department of Electronics, Information and Communications Engineering, Daejeon University,) ;
  • Shin, Gyu-Jin (iREX Inc.) ;
  • Yang, Dong-Min (Grade School of Archive and Records Management, Chonbuk National University) ;
  • Lee, Bong-Hwan (Department of Electronics, Information and Communications Engineering, Daejeon University,)
  • 투고 : 2018.09.27
  • 심사 : 2018.10.29
  • 발행 : 2018.11.30
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

최근 산업 보안 정책에도 불구하고 기업의 내부 정보 유출이 심각하게 증가하여 산업별로 정보 유출 방지 대책을 수립하는 것이 필수적이다. 대부분의 정보 유출은 외부 공격이 아닌 내부자에 의해 이루어지고 있다. 본 논문에서는 이동식 저장매체 및 네트워크를 통한 기밀 파일 유출방지를 위한 실시간 내부 정보 유출 방지 시스템을 구현하였다. 또한, 기업 내의 정보 로그 데이터의 저장 및 분석을 위해 Hadoop 기반 사용자 행동 분석 및 통계시스템을 설계 및 구현하였다. 제안한 시스템은 HDFS에 대량의 데이터를 저장하고 RHive를 사용하여 데이터 처리 기능을 개선함으로써 관리자가 기밀 파일 유출 시도를 인식하고 분석할 수 있도록 하였다. 구현한 시스템은 이동식 데이터 매체와 네트워크를 통해 기업 내부로의 기밀 파일 유출로 인한 피해를 줄이는 데 기여할 수 있을 것으로 사료된다.

Recently internal information leakage in industries is severely increasing in spite of industry security policy. Thus, it is essential to prepare an information leakage prevention measure by industries. Most of the leaks result from the insiders, not from external attacks. In this paper, a real-time internal information leakage prevention system via both storage and network is implemented in order to protect confidential file leakage. In addition, a Hadoop-based user behavior analysis and statistics system is designed and implemented for storing and analyzing information log data in industries. The proposed system stores a large volume of data in HDFS and improves data processing capability using RHive, consequently helps the administrator recognize and prepare the confidential file leak trials. The implemented audit system would be contributed to reducing the damage caused by leakage of confidential files inside of the industries via both portable data media and networks.

키워드

HOJBC0_2018_v22n11_1544_f0001.png 이미지

Fig. 1 Hadoop 2.0 system configuration[10]

HOJBC0_2018_v22n11_1544_f0002.png 이미지

Fig. 2 The basic architecture of the Flume-NG

HOJBC0_2018_v22n11_1544_f0003.png 이미지

Fig. 3 Configuration of the secret file leakage prevention system

HOJBC0_2018_v22n11_1544_f0004.png 이미지

Fig. 4 Signature inserting process

HOJBC0_2018_v22n11_1544_f0005.png 이미지

Fig. 5 Storage retrieval and confidential file protection process

HOJBC0_2018_v22n11_1544_f0006.png 이미지

Fig. 6 NAS server configuration

HOJBC0_2018_v22n11_1544_f0007.png 이미지

Fig. 7 Ubuntu server configuration

HOJBC0_2018_v22n11_1544_f0008.png 이미지

Fig. 8 Configuration of the Hadoop distributed file system

HOJBC0_2018_v22n11_1544_f0009.png 이미지

Fig. 9 Signature inserted file

HOJBC0_2018_v22n11_1544_f0010.png 이미지

Fig. 10 Detection of confidential and ordinary file transfer to portable data medium

HOJBC0_2018_v22n11_1544_f0011.png 이미지

Fig. 11 Visualization of leakage of confidential file by both user name and file extension

HOJBC0_2018_v22n11_1544_f0012.png 이미지

Fig. 12 Amount of network traffic by time

HOJBC0_2018_v22n11_1544_f0013.png 이미지

Fig. 13 Comparison of data processing time between MySQL and Hive

참고문헌

  1. J. S. Lee and K. H. Lee, "A study on security container to prevent data leaks," Journal of the Korea Institute of Information Security & Cryptology, vol. 24, no. 6, pp. 1225-1241, June 2014. https://doi.org/10.13089/JKIISC.2014.24.6.1225
  2. M. B. Hyun and S. J. Lee, "The proactive threat protection method from predicting resignation throughout DRM log analysis and monitor," Journal of The Korea Institute of Information Security & Cryptology, vol. 26, no. 2, pp. 369-375, Feb. 2016. https://doi.org/10.13089/JKIISC.2016.26.2.369
  3. J. H. Choi and S. Y. Rhew, "Monitoring system of file outflow through storage devices and printers," Journal of the Korea Institute of Information Security & Cryptology, vol. 15, no. 4, pp. 51-60, April 2005.
  4. T. K. Ju and W. Shin, "A new filtering system against the disclosure of sensitive internal information," Journal of the Korea Institute of Information and Communication Engineering, vol. 19, no. 5, pp. 1137-1143, May 2015. https://doi.org/10.6109/jkiice.2015.19.5.1137
  5. J. U. Choi and Y. J. Lee, "E-DRM-based privacy protection technology for overcoming technical limitations of DLP-based solutions," Journal of the Korea Institute of Information Security & Cryptology, vol. 22, no.5, pp. 1103-1113, Oct. 2012.
  6. S. J. Hee and H. B. Park, " Multiple barcode watermarking technique for improve robustness and imperceptibility," Journal of the Korea Institute of Information and Communication Engineering, vol. 20. no. 9. pp. 1723-1729, Sept. 2016. https://doi.org/10.6109/JKIICE.2016.20.9.1723
  7. G. J. Shin, G. H. Jung, D. M. Yang, and B. H. Lee, "A USB DLP Scheme for Preventing Loss of Internal Confidential Files," Journal of the Korea Institute of Information and Communication Engineering, vol. 21. no. 12. pp. 2333-2340, Dec. 2017. https://doi.org/10.6109/JKIICE.2017.21.12.2333
  8. Snort Users Manual [Internet]. Available: https://snort.org/documents.
  9. S. N. Park, A. Y. Kim, and H. K. Jung, "A study on signature-based wireless intrusion detection systems," Journal of the Korea Institute of Information and Communication Engineering, vol. 19. no. 5, pp. 1122-1127, May 2014.
  10. Apache Hadoop [Internet]. Available: https://hadoop.apache.org/.
  11. R. D. Caytiles, "Big Data is not just Hadoop," Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology, vol. 1, no. 1, pp. 11-16, June 2012.
  12. Apache Flume [Internet]. Available: https://flume.apache.org/.
  13. The industry-standard windows packet capture library. Available: https://www.winpcap.org/.
  14. Apache Sqoop [Internet]. Available: http://sqoop.apache.org/.
  15. Apache Hive [Internet]. Available: https://hive.apache.org/.