论文信息 - Rule-based system for data leak threat estimation

Rule-based system for data leak threat estimation

User data has become a backbone of today's ICT services and applications, where various providers compete to provide better services to their users based on a personalized content. However, user data is simultaneously becoming a tempting target for malicious individuals who try to get the data and exploit it for their own financial gain. The necessity for high-quality data loss prevention is obvious to protect the users and to comply with new regulations of the European Union, specifically General Data Protection Regulation (GDPR) which imposes strict restrictions regarding manipulation of user data. There are various solutions available that try to monitor sensitive user data, identify it, and prevent such data from exiting the service or application domain. This paper proposes a stand-alone system for data leak detection and prevention based on a rule-engine and threat estimation. Unlike the most of the widely used solutions, the proposed system can be customized to a specific purpose, where each service provider can select which type of data should be monitored and blocked if a leak is suspected.

Marin Vukovic | Damjan Katusic | Mario Weber | Renato Soic

[1] Jerry den Hartog,et al. A Hybrid Framework for Data Loss Prevention and Detection , 2016, 2016 IEEE Security and Privacy Workshops (SPW).

[2] Marco Vieira,et al. Integrated Intrusion Detection in Databases , 2007, LADC.

[3] Jerry den Hartog,et al. A white-box anomaly-based framework for database leakage detection , 2017, J. Inf. Secur. Appl..

[4] Elisa Bertino,et al. Detecting anomalous access patterns in relational databases , 2008, The VLDB Journal.

[5] D. Richard Kuhn,et al. Data Loss Prevention , 2010, IT Professional.

[6] Vallipuram Muthukkumarasamy,et al. Detecting Data Semantic: A Data Leakage Prevention Approach , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.

[7] Sotiris Ioannidis,et al. IRILD: An Information Retrieval Based Method for Information Leak Detection , 2011, 2011 Seventh European Conference on Computer Network Defense.

[8] Marin Vukovic,et al. Location Name Extraction for User Created Digital Content Services , 2007, KES.

[9] Lior Rokach,et al. A Survey of Data Leakage Detection and Prevention Solutions , 2012, SpringerBriefs in Computer Science.

[10] Rob Johnson,et al. Text Classification for Data Loss Prevention , 2011, PETS.

[11] Asaf Shabtai,et al. Content-based data leakage detection using extended fingerprinting , 2013, ArXiv.