Journal of Information Processing Systems

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

A System for Improving Data Leakage Detection based on Association Relationship between Data Leakage Patterns

  • Seo, Min-Ji (Dept. of Software Convergence, Soongsil University) ;
  • Kim, Myung-Ho (Dept. of Software Convergence, Soongsil University)
  • Received : 2017.06.29
  • Accepted : 2018.10.22
  • Published : 2019.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

This paper proposes a system that can detect the data leakage pattern using a convolutional neural network based on defining the behaviors of leaking data. In this case, the leakage detection scenario of data leakage is composed of the patterns of occurrence of security logs by administration and related patterns between the security logs that are analyzed by association relationship analysis. This proposed system then detects whether the data is leaked through the convolutional neural network using an insider malicious behavior graph. Since each graph is drawn according to the leakage detection scenario of a data leakage, the system can identify the criminal insider along with the source of malicious behavior according to the results of the convolutional neural network. The results of the performance experiment using a virtual scenario show that even if a new malicious pattern that has not been previously defined is inputted into the data leakage detection system, it is possible to determine whether the data has been leaked. In addition, as compared with other data leakage detection systems, it can be seen that the proposed system is able to detect data leakage more flexibly.

Keywords

E1JBB0_2019_v15n3_520_f0001.png 이미지

Fig. 1. Data leakage detecting system based on association relationship.

E1JBB0_2019_v15n3_520_f0002.png 이미지

Fig. 2. Process of drawing a graph for the leakage detection scenario.

Table 1. Notations of Apriori algorithm

E1JBB0_2019_v15n3_520_t0001.png 이미지

Table 2. Input, output, and pseudo code of Apriori algorithm

E1JBB0_2019_v15n3_520_t0002.png 이미지

Table 3. Set of frequent-1 security logs

E1JBB0_2019_v15n3_520_t0003.png 이미지

Table 4. Frequent item sets to which Apriori is completely applied

E1JBB0_2019_v15n3_520_t0004.png 이미지

Table 5. Input, output, and procedure of CNN for leakage detection

E1JBB0_2019_v15n3_520_t0005.png 이미지

Table 6. Image feature extraction layer structure

E1JBB0_2019_v15n3_520_t0006.png 이미지

Table 7. Image classification layer structure

E1JBB0_2019_v15n3_520_t0007.png 이미지

Table 8. Comparison of detection performance using accuracy, recall, precision, and f-measure

E1JBB0_2019_v15n3_520_t0008.png 이미지

Table 9. Comparison of data leak detection performance by each abnormal scenario

E1JBB0_2019_v15n3_520_t0009.png 이미지

References

  1. InfoWatch, "Global data leakage report," 2017; https://infowatch.com/report2017#.
  2. T. Wuchner and A. Pretschner, "Data loss prevention based on data-driven usage control," in Proceedings of 2012 IEEE 23rd International Symposium on Software Reliability Engineering, Dallas, TX, 2012, pp. 151-160.
  3. W. Ku and C. H. Chi, "Survey on the technological aspects of digital rights management," in Information Security. Heidelberg: Springer, 2004, pp. 391-403.
  4. M. Afzaal, C. Di Sarno, L. Coppolino, S. DAntonio, and L. Romano, "A resilient architecture for forensic storage of events in critical infrastructures," in Proceedings of 2012 IEEE 14th International Symposium on High-Assurance Systems Engineering, Omaha, NE, 2012, pp. 48-55.
  5. M. I. Salam, W. C. Yau, J. J. Chin, S. H. Heng, H. C. Ling, R. C. Phan, G. S. Poh, S. U. Tan, and W. S. Yap, "Implementation of searchable symmetric encryption for privacy-preserving keyword search on cloud storage," Human-centric Computing and Information Sciences, vol. 5, article no. 19, 2015.
  6. W. Zhu and C. Lee, "A security protection framework for cloud computing," Journal of Information Processing Systems, vol. 12, no. 3, pp. 538-547, 2016. https://doi.org/10.3745/JIPS.03.0053
  7. N. S. Houari and N. Taghezout, "A novel approach for integrating security in business rules modeling using agents and an encryption algorithm," Journal of Information Processing Systems, vol. 12, no. 4, pp. 688-710, 2016. https://doi.org/10.3745/JIPS.03.0056
  8. C. Borgelt and R. Kruse, "Induction of association rules: apriori implementation," in Compstat. Heidelberg: Physica, 2002, pp. 395-400.
  9. D. C. Ciresan, U. Meier, J. Masci, L. M. Gambardella, and J. Schmidhuber, "Flexible, high performance convolutional neural networks for image classification," in Proceedings of the 22nd International Joint Conference on Artificial Intelligence, Barcelona, Spain, 2011, pp. 1237-1242.
  10. A. S. Ashoor and S. Gore, "Difference between intrusion detection system (IDS) and intrusion prevention system (IPS),"in Advances in Network Security and Applications. Heidelberg: Springer, 2011, pp. 497-501.
  11. L. C. Wuu, C. H. Hung, and S. F. Chen, "Building intrusion pattern miner for Snort network intrusion detection system," Journal of Systems and Software, vol. 80, no. 10, pp. 1699-1715, 2007. https://doi.org/10.1016/j.jss.2006.12.546
  12. S. H. Oh and W. S. Lee, "Network anomaly detection based on association among packets," Journal of the Korea Institute of Information Security and Cryptology, vol. 12, no. 5, pp. 63-73, 2002.
  13. K. Julisch, "Clustering intrusion detection alarms to support root cause analysis," ACM Transactions on Information and System Security (TISSEC), vol. 6, no. 4, pp. 443-471, 2003. https://doi.org/10.1145/950191.950192
  14. O. Brdiczka, J. Liu, B. Price, J. Shen, A. Patil, R. Chow, E. Bart, and N. Ducheneaut, "Proactive insider threat detection through graph learning and psychological context," in Proceedings of 2012 IEEE Symposium on Security and Privacy Workshops, San Francisco, CA, 2012, pp. 142-149.
  15. A. Das, D. Nguyen, J. Zambreno, G. Memik, and A. Choudhary, "An FPGA-based network intrusion detection architecture," IEEE Transactions on Information Forensics and Security, vol. 3, no. 1, pp. 118-132, 2008. https://doi.org/10.1109/TIFS.2007.916288
  16. J. Kim, N. Shin, S. Y. Jo, and S. H. Kim, "Method of intrusion detection using deep neural network," in Proceedings of 2017 IEEE International Conference on Big Data and Smart Computing (BigComp), Jeju, Korea, 2017, pp. 313-316.
  17. M. J. Seo, H. J. Shin, M. H. Kim, and J. H. Park, "Internal information leak detection system using times-series graph," in Proceedings of the 2017 Spring Conference of the KIPS, Jeju, Korea, 2017, pp. 769-770.