Title :
Detecting Information Leakage Based on Subtracting Matrix
Author :
Zongda Han ; Binglong Li
Author_Institution :
Zhengzhou Inst. of Inf. & Technol., Zhengzhou, China
Abstract :
This paper proposes an approach of detecting information leakage based on subtracting matrix to determine files when and where were leaked from file system. Due to the low efficiency of detecting leak operation and the rapid growth of the size of storage device make it difficult to locate the place where the leakage occurred. We build a time matrix model by file system access timestamps in a suspicious information system. Then three kinds of two-value (0-1) matrices are generated based on the similarity of access timestamps in the time matrix. The behavior of information leakage can be finally determined by comparing the degree of the similarity in these matrices. The experimental results show the method can detect information leakage more quickly and accurately.
Keywords :
digital forensics; storage management; (0-1) matrices; access timestamps; computer forensic; file determination; file system; information leakage detection; leak operation detection; storage device; subtracting matrix; suspicious information system; time matrix model; two-value matrices; Drives; File systems; Forensics; Measurement; Probability distribution; Real-time systems; Time complexity; Computer forensic; File system forensics; Information leakage; MAC timestamp; Subtracting matrix;
Conference_Titel :
Computational Intelligence and Design (ISCID), 2014 Seventh International Symposium on
Print_ISBN :
978-1-4799-7004-9
DOI :
10.1109/ISCID.2014.249
