Constructing a Network Graph of File Tracking Results Against Information Leakage

2022 17th Asia Joint Conference on Information Security (AsiaJCIS) Pub Date : 2022-07-01 DOI:10.1109/AsiaJCIS57030.2022.00012

Tomohiko Yano, Hiroki Kuzuno, Kenichi Magata

{"title":"Constructing a Network Graph of File Tracking Results Against Information Leakage","authors":"Tomohiko Yano, Hiroki Kuzuno, Kenichi Magata","doi":"10.1109/AsiaJCIS57030.2022.00012","DOIUrl":null,"url":null,"abstract":"It is important for organizations to take measures against information leakage. Confidential files can be leaked through various channels, so it is necessary to have a method to prevent information leakage against various threats. Some of the previous works have utilized the difference of users' legitimate file access patterns, and other works use strings about confidential files, or the similarity of confidential files in the organizations. However, the former works are difficult to detect traitors and unintentional perpetrators, and latter works are difficult to perform when confidential files are significantly transformed through encryption or encoding. Therefore, we need a method for discovering information leakage that are independent of the subjects and of the file transformation formats. In this paper, we present a novel method for file tracking and visualization to assist the discovery of information leakage. In our file tracking method, we track all user processes that read confidential files and files written by these processes. Therefore, tracking is possible whoever manipulate the confidential files and even who even when the data is heavily transformed from the original files. In our visualization method, we present these file tracking results in the form of a network graph. We represent what process the confidential file is read and what file is written by process, by using the flow of a network graph based on the result of confidential file tracking. By using our proposed network graph, it is possible to track events briefly even when the file transforms into another file through multiple events. Additionally, in order to reduce the events needed to focus on as information leakage, we prune the network graph based on past read and write events. By pruning the network graph, visibility is expected to be improved. Our experiment shows that we observed the results of the network graph when files under two information leakage scenarios were moved and copied. Most of the results were visualized according to the scenario, and we could reduce the vertices by 11.5 % and edges by 7.3 % by pruning the network graph.","PeriodicalId":304383,"journal":{"name":"2022 17th Asia Joint Conference on Information Security (AsiaJCIS)","volume":"73 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 17th Asia Joint Conference on Information Security (AsiaJCIS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/AsiaJCIS57030.2022.00012","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

It is important for organizations to take measures against information leakage. Confidential files can be leaked through various channels, so it is necessary to have a method to prevent information leakage against various threats. Some of the previous works have utilized the difference of users' legitimate file access patterns, and other works use strings about confidential files, or the similarity of confidential files in the organizations. However, the former works are difficult to detect traitors and unintentional perpetrators, and latter works are difficult to perform when confidential files are significantly transformed through encryption or encoding. Therefore, we need a method for discovering information leakage that are independent of the subjects and of the file transformation formats. In this paper, we present a novel method for file tracking and visualization to assist the discovery of information leakage. In our file tracking method, we track all user processes that read confidential files and files written by these processes. Therefore, tracking is possible whoever manipulate the confidential files and even who even when the data is heavily transformed from the original files. In our visualization method, we present these file tracking results in the form of a network graph. We represent what process the confidential file is read and what file is written by process, by using the flow of a network graph based on the result of confidential file tracking. By using our proposed network graph, it is possible to track events briefly even when the file transforms into another file through multiple events. Additionally, in order to reduce the events needed to focus on as information leakage, we prune the network graph based on past read and write events. By pruning the network graph, visibility is expected to be improved. Our experiment shows that we observed the results of the network graph when files under two information leakage scenarios were moved and copied. Most of the results were visualized according to the scenario, and we could reduce the vertices by 11.5 % and edges by 7.3 % by pruning the network graph.

查看原文本刊更多论文

基于信息泄漏的文件跟踪结果网络图构建

对于组织来说，采取措施防止信息泄露是非常重要的。机密文件可以通过各种渠道泄露，因此有必要针对各种威胁制定防止信息泄露的方法。之前的一些作品利用了用户合法文件访问模式的差异，还有一些作品利用了机密文件的字符串，或者组织内机密文件的相似性。但是，前者的作品很难发现叛徒和非故意犯罪者，后者的作品在机密文件通过加密或编码进行重大转换时难以执行。因此，我们需要一种方法来发现独立于主体和文件转换格式的信息泄漏。在本文中，我们提出了一种新的文件跟踪和可视化方法，以帮助发现信息泄漏。在我们的文件跟踪方法中，我们跟踪所有读取机密文件的用户进程以及这些进程写入的文件。因此，无论谁操纵机密文件，甚至是谁，即使数据从原始文件进行了大量转换，也可以进行跟踪。在我们的可视化方法中，我们以网络图的形式呈现这些文件跟踪结果。我们利用基于机密文件跟踪结果的网络图流来表示哪些进程读取了机密文件，哪些进程写入了机密文件。通过使用我们提出的网络图，即使文件通过多个事件转换为另一个文件，也可以短暂地跟踪事件。此外，为了减少需要关注的事件作为信息泄漏，我们基于过去的读写事件对网络图进行了修剪。通过修剪网络图，期望提高可见性。我们的实验表明，我们观察到了两种信息泄露场景下文件移动和复制时的网络图结果。大多数结果都是根据场景进行可视化的，通过对网络图进行修剪，可以减少11.5%的顶点和7.3%的边。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2022 17th Asia Joint Conference on Information Security (AsiaJCIS)

自引率

0.00%

发文量