Browse > Article
http://dx.doi.org/10.3745/JIPS.03.0116

A System for Improving Data Leakage Detection based on Association Relationship between Data Leakage Patterns  

Seo, Min-Ji (Dept. of Software Convergence, Soongsil University)
Kim, Myung-Ho (Dept. of Software Convergence, Soongsil University)
Publication Information
Journal of Information Processing Systems / v.15, no.3, 2019 , pp. 520-537 More about this Journal
Abstract
This paper proposes a system that can detect the data leakage pattern using a convolutional neural network based on defining the behaviors of leaking data. In this case, the leakage detection scenario of data leakage is composed of the patterns of occurrence of security logs by administration and related patterns between the security logs that are analyzed by association relationship analysis. This proposed system then detects whether the data is leaked through the convolutional neural network using an insider malicious behavior graph. Since each graph is drawn according to the leakage detection scenario of a data leakage, the system can identify the criminal insider along with the source of malicious behavior according to the results of the convolutional neural network. The results of the performance experiment using a virtual scenario show that even if a new malicious pattern that has not been previously defined is inputted into the data leakage detection system, it is possible to determine whether the data has been leaked. In addition, as compared with other data leakage detection systems, it can be seen that the proposed system is able to detect data leakage more flexibly.
Keywords
Apriori Algorithm; Associated Abnormal Behavior List; Comprehensive Leakage Detection Scenario; Convolutional Neural Network; Data Leakage Detection;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 M. J. Seo, H. J. Shin, M. H. Kim, and J. H. Park, "Internal information leak detection system using times-series graph," in Proceedings of the 2017 Spring Conference of the KIPS, Jeju, Korea, 2017, pp. 769-770.
2 InfoWatch, "Global data leakage report," 2017; https://infowatch.com/report2017#.
3 T. Wuchner and A. Pretschner, "Data loss prevention based on data-driven usage control," in Proceedings of 2012 IEEE 23rd International Symposium on Software Reliability Engineering, Dallas, TX, 2012, pp. 151-160.
4 W. Ku and C. H. Chi, "Survey on the technological aspects of digital rights management," in Information Security. Heidelberg: Springer, 2004, pp. 391-403.
5 M. Afzaal, C. Di Sarno, L. Coppolino, S. DAntonio, and L. Romano, "A resilient architecture for forensic storage of events in critical infrastructures," in Proceedings of 2012 IEEE 14th International Symposium on High-Assurance Systems Engineering, Omaha, NE, 2012, pp. 48-55.
6 M. I. Salam, W. C. Yau, J. J. Chin, S. H. Heng, H. C. Ling, R. C. Phan, G. S. Poh, S. U. Tan, and W. S. Yap, "Implementation of searchable symmetric encryption for privacy-preserving keyword search on cloud storage," Human-centric Computing and Information Sciences, vol. 5, article no. 19, 2015.
7 W. Zhu and C. Lee, "A security protection framework for cloud computing," Journal of Information Processing Systems, vol. 12, no. 3, pp. 538-547, 2016.   DOI
8 N. S. Houari and N. Taghezout, "A novel approach for integrating security in business rules modeling using agents and an encryption algorithm," Journal of Information Processing Systems, vol. 12, no. 4, pp. 688-710, 2016.   DOI
9 A. S. Ashoor and S. Gore, "Difference between intrusion detection system (IDS) and intrusion prevention system (IPS),"in Advances in Network Security and Applications. Heidelberg: Springer, 2011, pp. 497-501.
10 D. C. Ciresan, U. Meier, J. Masci, L. M. Gambardella, and J. Schmidhuber, "Flexible, high performance convolutional neural networks for image classification," in Proceedings of the 22nd International Joint Conference on Artificial Intelligence, Barcelona, Spain, 2011, pp. 1237-1242.
11 L. C. Wuu, C. H. Hung, and S. F. Chen, "Building intrusion pattern miner for Snort network intrusion detection system," Journal of Systems and Software, vol. 80, no. 10, pp. 1699-1715, 2007.   DOI
12 S. H. Oh and W. S. Lee, "Network anomaly detection based on association among packets," Journal of the Korea Institute of Information Security and Cryptology, vol. 12, no. 5, pp. 63-73, 2002.
13 K. Julisch, "Clustering intrusion detection alarms to support root cause analysis," ACM Transactions on Information and System Security (TISSEC), vol. 6, no. 4, pp. 443-471, 2003.   DOI
14 O. Brdiczka, J. Liu, B. Price, J. Shen, A. Patil, R. Chow, E. Bart, and N. Ducheneaut, "Proactive insider threat detection through graph learning and psychological context," in Proceedings of 2012 IEEE Symposium on Security and Privacy Workshops, San Francisco, CA, 2012, pp. 142-149.
15 A. Das, D. Nguyen, J. Zambreno, G. Memik, and A. Choudhary, "An FPGA-based network intrusion detection architecture," IEEE Transactions on Information Forensics and Security, vol. 3, no. 1, pp. 118-132, 2008.   DOI
16 J. Kim, N. Shin, S. Y. Jo, and S. H. Kim, "Method of intrusion detection using deep neural network," in Proceedings of 2017 IEEE International Conference on Big Data and Smart Computing (BigComp), Jeju, Korea, 2017, pp. 313-316.
17 C. Borgelt and R. Kruse, "Induction of association rules: apriori implementation," in Compstat. Heidelberg: Physica, 2002, pp. 395-400.