Detecting Information Leakage Based on Subtracting Matrix

Abstract

This paper proposes an approach of detecting information leakage based on subtracting matrix to determine files when and where were leaked from file system. Due to the low efficiency of detecting leak operation and the rapid growth of the size of storage device make it difficult to locate the place where the leakage occurred. We build a time matrix model by file system access timestamps in a suspicious information system. Then three kinds of two-value (0-1) matrices are generated based on the similarity of access timestamps in the time matrix. The behavior of information leakage can be finally determined by comparing the degree of the similarity in these matrices. The experimental results show the method can detect information leakage more quickly and accurately.