IRILD: An Information Retrieval Based Method for Information Leak Detection

2011 Seventh European Conference on Computer Network Defense Pub Date : 2011-09-06 DOI:10.1109/EC2ND.2011.21

Eleni Gessiou, Q. Vu, S. Ioannidis

{"title":"IRILD: An Information Retrieval Based Method for Information Leak Detection","authors":"Eleni Gessiou, Q. Vu, S. Ioannidis","doi":"10.1109/EC2ND.2011.21","DOIUrl":null,"url":null,"abstract":"The traditional approach for detecting information leaks is to generate fingerprints of sensitive data, by partitioning and hashing it, and then comparing these fingerprints against outgoing documents. Unfortunately, this approach incurs a high computation cost as every part of document needs to be checked. As a result, it is not applicable to systems with a large number of documents that need to be protected. Additionally, the approach is prone to false positives if the fingerprints are common phrases. In this paper, we propose an improvement for this approach to offer a much faster processing time with less false positives. The core idea of our solution is to eliminate common phrases and non-sensitive phrases from the fingerprinting process. Non-sensitive phrases are identified by looking at available public documents of the organization that we want to protect from information leaks and common phrases are identified with the help of a search engine. In this way, our solution both accelerates leak detection and increases the accuracy of the result. Experiments were conducted on real-world data to prove the efficiency and effectiveness of the proposed solution.","PeriodicalId":404689,"journal":{"name":"2011 Seventh European Conference on Computer Network Defense","volume":"33 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-09-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"18","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 Seventh European Conference on Computer Network Defense","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EC2ND.2011.21","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 18

Abstract

The traditional approach for detecting information leaks is to generate fingerprints of sensitive data, by partitioning and hashing it, and then comparing these fingerprints against outgoing documents. Unfortunately, this approach incurs a high computation cost as every part of document needs to be checked. As a result, it is not applicable to systems with a large number of documents that need to be protected. Additionally, the approach is prone to false positives if the fingerprints are common phrases. In this paper, we propose an improvement for this approach to offer a much faster processing time with less false positives. The core idea of our solution is to eliminate common phrases and non-sensitive phrases from the fingerprinting process. Non-sensitive phrases are identified by looking at available public documents of the organization that we want to protect from information leaks and common phrases are identified with the help of a search engine. In this way, our solution both accelerates leak detection and increases the accuracy of the result. Experiments were conducted on real-world data to prove the efficiency and effectiveness of the proposed solution.

查看原文本刊更多论文

基于信息检索的信息泄漏检测方法

检测信息泄漏的传统方法是通过对敏感数据进行分区和散列来生成指纹，然后将这些指纹与传出的文档进行比较。不幸的是，这种方法会产生很高的计算成本，因为需要检查文档的每个部分。因此，它不适用于需要保护大量文档的系统。此外，如果指纹是常用短语，这种方法容易出现误报。在本文中，我们提出了对这种方法的改进，以提供更快的处理时间和更少的误报。我们的解决方案的核心思想是从指纹识别过程中消除常见短语和非敏感短语。通过查看我们希望防止信息泄露的组织的可用公共文档来识别非敏感短语，而通过搜索引擎来识别常见短语。通过这种方式，我们的解决方案既加速了泄漏检测，又提高了结果的准确性。在实际数据上进行了实验，验证了所提方案的效率和有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2011 Seventh European Conference on Computer Network Defense

自引率

0.00%

发文量