Privacy Level Indicating Data Leakage Prevention System

Similar documents
SIX STEPS TO BUYING DATA LOSS PREVENTION PRODUCTS

Building Your DLP Strategy & Process. Whitepaper

Cloud-based 3D Menu Generation and Provision of Digital Broadcasting Service on Thin-client

ITU-T Y.4552/Y.2078 (02/2016) Application support models of the Internet of things

ITU-T Y Specific requirements and capabilities of the Internet of things for big data

ITU-T Y Functional framework and capabilities of the Internet of things

A Study of Predict Sales Based on Random Forest Classification

Accuracy improvement of indenting test results by using wireless cable indenting robot

CITATION INDEX AND ANALYSIS DATABASES

ITU-T Y Reference architecture for Internet of things network capability exposure

Name Identification of People in News Video by Face Matching

Real-time Chatter Compensation based on Embedded Sensing Device in Machine tools

IPTV (and Digital Cable TV) Performance Management. Alan Clark Telchemy Incorporated

Adaptive Key Frame Selection for Efficient Video Coding

GLI-12 V1.1 GLI 12 V2.0

CONTRIBUTION OF INDIAN AUTHORS IN WEB OF SCIENCE: BIBLIOMETRIC ANALYSIS OF ARTS & HUMANITIES CITATION INDEX (A&HCI)

PROMAX NEWSLETTER Nº 25. Ready to unveil it?

DATA LOSS PREVENTION: A HOLISTIC APPROACH

Monitor Preference for Electronic Medical Record in Outpatient Clinic

Alcatel-Lucent 5620 Service Aware Manager. Unified management of IP/MPLS and Carrier Ethernet networks and the services they deliver

A New Buffer Monitoring Approach Based on Earned Value Management Concepts

Understanding Compression Technologies for HD and Megapixel Surveillance

A Digital Hologram Encryption Method Using Data Scrambling of Frequency Coefficients

Recomm I n t e r n a t i o n a l T e l e c o m m u n i c a t i o n U n i o n

Home Monitoring System Using RP Device

Design of an Area-Efficient Interpolated FIR Filter Based on LUT Partitioning

Centre for Economic Policy Research

The preferred display color temperature (Non-transparent vs. Transparent Display)

Reducing IPTV Channel Zapping Time Based on Viewer s Surfing Behavior and Preference

A Vision of IoT: Applications, Challenges, and Opportunities With China Perspective

A combination of approaches to solve Task How Many Ratings? of the KDD CUP 2007

Embedding Librarians into the STEM Publication Process. Scientists and librarians both recognize the importance of peer-reviewed scholarly

Survey on Electronic Book Features

NAA ENHANCING THE QUALITY OF MARKING PROJECT: THE EFFECT OF SAMPLE SIZE ON INCREASED PRECISION IN DETECTING ERRANT MARKING

Design of Vision Embedded Platform with AVR

Skip Length and Inter-Starvation Distance as a Combined Metric to Assess the Quality of Transmitted Video

Sound design strategy for enhancing subjective preference of EV interior sound

Differential Detection Method of Upstream Burst Signal in Optic based Cable TV Network

Privacy Policy. April 2018

FROM: CITY MANAGER DEPARTMENT: ADMINISTRATIVE SERVICES SUBJECT: COST ANALYSIS AND TIMING FOR INTERNET BROADCASTING OF COUNCIL MEETINGS

Personal Mobile DTV Cellular Phone Terminal Developed for Digital Terrestrial Broadcasting With Internet Services

INSTITUTE OF AERONAUTICAL ENGINEERING (Autonomous) Dundigal, Hyderabad

Speech Recognition and Signal Processing for Broadcast News Transcription

Extreme Experience Research Report

Multi-Shaped E-Beam Technology for Mask Writing

A STUDY ON THE DEVELOPMENT OF THE DEDICATED OBU 1 FOR THE HANDICAPPED PERSONS USING HI-PASS 2 SYSTEM

Milestone Solution Partner IT Infrastructure Components Certification Report

Drum Sound Identification for Polyphonic Music Using Template Adaptation and Matching Methods

Source/Receiver (SR) Setup

2013 Environmental Monitoring, Evaluation, and Protection (EMEP) Citation Analysis

Fast thumbnail generation for MPEG video by using a multiple-symbol lookup table

Computer Coordination With Popular Music: A New Research Agenda 1

The comparison of actual system with expected system is done with the help of control mechanism. False True

However, in studies of expressive timing, the aim is to investigate production rather than perception of timing, that is, independently of the listene

MANAGING POWER SYSTEM FAULTS. Xianyong Feng, PhD Center for Electromechanics The University of Texas at Austin November 14, 2017

AN OVERVIEW ON CITATION ANALYSIS TOOLS. Shivanand F. Mulimani Research Scholar, Visvesvaraya Technological University, Belagavi, Karnataka, India.

ECE Real Time Embedded Systems Final Project. Speeding Detecting System

Crestron TPMC-4SM Fusion RV Interface Operations Guide

POLICY AND PROCEDURES FOR MEASUREMENT OF RESEARCH OUTPUT OF PUBLIC HIGHER EDUCATION INSTITUTIONS MINISTRY OF EDUCATION

USING THE UNISA LIBRARY S RESOURCES FOR E- visibility and NRF RATING. Mr. A. Tshikotshi Unisa Library

WHEN a fault occurs on power systems, not only are the

Automatic Commercial Monitoring for TV Broadcasting Using Audio Fingerprinting

PROTOTYPE OF IOT ENABLED SMART FACTORY. HaeKyung Lee and Taioun Kim. Received September 2015; accepted November 2015

Interface Design of Wide-View Electronic Working Space Using Gesture Operations for Collaborative Work

ADDRESSING THE CHALLENGES OF IOT DESIGN JEFF MILLER, PRODUCT MARKETING MANAGER, MENTOR GRAPHICS

Security Challenges in the Internet of Things. Dr. Sigrid Schefer-Wenzl

MULTI-CHANNEL CALL RECORDING AND MONITORING SYSTEM

HCS-4100/20 Series Application Software

International Affairs Department, Telecommunications Bureau

TERRESTRIAL broadcasting of digital television (DTV)

ENFORCEMENT DECREE OF THE BROADCASTING ACT

Development of Reference Management System in Cloud Computing Environment

CITATION ANALYSES OF DOCTORAL DISSERTATION OF PUBLIC ADMINISTRATION: A STUDY OF PANJAB UNIVERSITY, CHANDIGARH

Error Resilient Video Coding Using Unequally Protected Key Pictures

Basic Operations App Guide

3D Video Transmission System for China Mobile Multimedia Broadcasting

OPERATIVE GUIDE P.I.T. PILE INTEGRITY TEST

HCS-4100/50 Series Fully Digital Congress System

21. OVERVIEW: ANCILLARY STUDY PROPOSALS, SECONDARY DATA ANALYSIS

INTUITIVE, REAL-TIME LAUNDROMAT DATA THAT S CUSTOM-MADE FOR THE WAY YOU OPERATE. LAUNDROMAT - LOCATION 1 - HUEBSCH.COM/COMMAND

PPM Rating Distortion. & Rating Bias Handbook

Audio Compression Technology for Voice Transmission

Design and Implementation of an LED Mood Lighting System Using Personalized Color Sequence Generation

Data flow architecture for high-speed optical processors

Audio Watermarking (NexTracker )

21. OVERVIEW: ANCILLARY STUDY PROPOSALS, SECONDARY DATA ANALYSIS

Collection Development and Management in Electronic Age: A study with Special Reference to IIT Indore

INTERNATIONAL JOURNAL OF EDUCATIONAL EXCELLENCE (IJEE)

Real-Time Compensation of Chatter Vibration in Machine Tools

TITLE OF CHAPTER FOR PD FCCS MONOGRAPHY: EXAMPLE WITH INSTRUCTIONS

DS1, T1 and E1 Glossary

Overview of the Hybridcast System

TOWARD AN INTELLIGENT EDITOR FOR JAZZ MUSIC

Preserving Digital Memory at the National Archives and Records Administration of the U.S.

A Visualization of Relationships Among Papers Using Citation and Co-citation Information

3 rd International Conference on Smart and Sustainable Technologies SpliTech2018 June 26-29, 2018

IoT Strategy Roadmap

LogiCORE IP Spartan-6 FPGA Triple-Rate SDI v1.0

APN Remap Table Configuration Mode

The CYCU Chang Ching Yu Memorial Library Resource Development Policy

Transcription:

Privacy Level Indicating Data Leakage Prevention System Jinhyung Kim, Jun Hwang and Hyung-Jong Kim* Department of Computer Science, Seoul Women s University {jinny, hjun, hkim*}@swu.ac.kr Abstract As private information can be contained in the DLP (Data Leakage Prevention) system s target of monitoring, the monitoring process inevitably violates privacy of the internal employees. Currently, existing DLP systems do not consider the privacy violation during the monitoring process. In this work, we are proposing a DLP system considering privacy violation level. The privacy violation level of our system has static and dynamic characteristics. The static privacy level just indicates the monitoring target s portion of private data. The dynamic privacy level indicates the portion of private data which are disclosed by DLP system. The privacy level of our proposing DLP system can be used to control the private violation by removing specific monitoring targets in DLP system. The contribution of this work is defining the privacy level in DLP system and implementing the proposed idea. s: DLP system, Critical Information Protection, Privacy Protection 1. Introduction For the protection of corporate assets, the Data Leakage Prevention (DLP) system is used by many corporations. DLP system is the monitoring system that uses a network packet to monitoring the system's information. To protect the company s information, corporations use systems that are developed to prevent the loss or leakage of information that checking the packet included sensitive data or related assets [4]. However, on the process of using these systems, administrators may monitor employees private data. Generally, the private information of employees of an organization should be protected and laws and regulations require this as a basic right of people [3]. However, the DLP system may monitor some part of private information and it could cause a privacy violation. So, in this respect, we need the DLP system considering privacy protection. In this paper, we proposed a privacy violation level indicating DLP system. The remainder of the paper is organized as follows. Section 2 explains the concepts of the trade-off relation of DLP and privacy protection. Section 3 describes the estimation model for the degree of privacy violation on the monitoring for detecting the critical data. Especially, we considered two cases of privacy violation level. One is static privacy violation level which can be calculated simply using private data portion of monitoring target. The other is dynamic privacy violation level which is calculated using currently monitored private data portion. Especially the dynamic privacy violation level is displayed through graphical user interface for showing the DLP system s privacy violation level. Finally, section 4 concluding remarks and outline of future work are shown. 91

2. Concerning the Privacy Violation Relation in DLP Process When Data Leakage Prevention systems are operated in organizations, privacy violations can be occurred during the monitoring process. The large number of DLP keywords must be reviewed and private data is inevitably included in the keywords. That is why we considering the privacy violation can be an issue in DLP system operation. Figure 1. Correlation of Privacy Protection and DLP Level[1] The figure 1 shows the relationship between data leakage protection level and privacy violation level. Authors previous paper shows the trade-off between the two indexes [1]. When it comes to private keywords portion of DLP keywords, if a part of private keywords are excluded from DLP keywords to protect employees privacy, the detecting rate of data leakage is getting lower than before. 3. Design and Implementation of Privacy Violation Level Considering DLP System 3.1. Private s and DLP s As we have reviewed in section 2, there is a trade-off relationship between the DLP level and privacy level. In the DLP system s design implementation viewpoint, the trade-off relationship can be modeled as number of keywords for each category. In other words, because the DLP keyword set contains private keyword set, if the number of private keywords in DLP keyword set is large, the detection process monitors many private data. That s our basic idea of representing privacy level in DLP system. 3.2. Static and Dynamic Privacy Violation Level To estimation the level of privacy, we should measure the degree of privacy violation. In this work we defined two important measures which can be used to control the privacy violation level of DLP system. First one is PVL Static and it represents the current privacy violation level which is calculated using just the number of keywords. 92

PVL static where, n( n( private ) ) { u u DLP system' s keyword} private { p p Private keywordsof DLP system' s keywords} (1) As we can see (1), the level represents the portion of private keywords of DLP keywords. Although this level can be derived in a very easy way, it effectively reveals how much the organization s DLP process violates. PVL dynamic where, Num t1 t t0 Num n( ( t) dt { u u DLP system' s keyword} Private Private ) ( t): Number of privatekeywordsdetected by DLP systemin given time t (2) The dynamic privacy violation level PVL Dynamic is determined by a function of time which represents the number of private keywords detected by DLP system as shown in (2). The expression implies when the DLP system s monitoring target contains more private data than previous time t, the value of PVL Dynamic is getting larger. The PVL Dynamic shows current violation level of the system and during the monitoring process the detected keywords and the number of detection for each keyword are shown through graphical user interfaces. Using the information, administrator can have the insight how the make the PVL Dynamic lower. In other words, if the administrator removes a certain private keyword which is frequently detected but not that critical in DLP viewpoint, the PVL Dynamic value can be highly decreased. 3.3. Implementation Above mentioned concepts are implemented as a DLP system. Our DLP systems categorize the monitoring target keyword and manage the private keyword set. Whenever the private keyword is monitored, the keyword s monitoring number increases. Even though this process looks very simple, through this simple process administrator can imagine the level of privacy protection of their DLP system. Figure 2. shows the system architecture of proposed DLP system. The system has a component named PrivacyViolation_Cal Module which is conducting the mentioned calculation. The calculation is proceeded in a given period of time and the result is stored in PV database table. 93

Figure 2. The DLP System Structure considering privacy protection As shown in below part of Figure 2, our system s monitoring is proceeded by agent software installed in employee s computer. The detection rules which are contains the DLP keyword are downloaded from server and the rules are applied to each packet going out from the employee s computer. Usually, the detection target would be the packets of e-mail and instant messenger. The detection result is reported to the server and the calculation is conducted. Figure 3 is Main Page of the proposed system. The page consists of Notice, Alert, Data Search and Detected keyword graph. Notice is for general information for administrator and alert contains important detection result of DLP system. The Data Search enables administrator to find some information using keyword and period of time. The detected graph is for intuitive recognition of DLP system s detection result. Figure 3 Main Page 94

Figure 4. Page for Setting and Type of Packet Through the page of Figure 4, administrators can add or delete the keyword of e-mail and instant messenger. Figure 5 Pages for Showing Frequency of Private s Figure 5 shows the number of detection for each keyword. Those data are used to calculate the PVL Dynamic value. In our DLP system, there are 100 keywords for critical data protection and there are 13 private keywords. Therefore, the current PVL static is 0.12. Since PVL Dynamic value varies as the time goes on, the database should have the time filed to store the detection result. Even though the database table has the time field, the Figure 5 just shows the keyword and the detection count. That is because the page is for managing the value of PVL Dynamic. In this case, if the private keyword id of e-mail and the name of messenger are removed, the PVL Dynamic value is going to be lower steeply. 4. Conclusion and Future Work In this paper, we suggested the privacy violation estimating model of DLP system. Our suggestion has very simple concept of differentiating private keywords from DLP keywords. In addition, by counting the number of private keyword, we derived the static and dynamic privacy violation level of DLP system. The proposed concept is implemented using web-based DLP system and we have presented the user interfaces showing the detection number of private keywords. Through our suggesting concept and system, administrators can speculate how much their DLP system violates the privacy during monitoring the leakage. In addition, by removing some part of private keywords, they can increase the privacy violation level. 95

Acknowledgements This work was supported by the Industrial Strategic technology development program, 10039670(2011), funded by the Ministry of Knowledge Economy(MKE, Korea) References [1] J. H. Kim and H. J. Kim, "The Data Modeling considered Correlation of Information Leakage Detection and Privacy Violation", ACIIDS 2011 : 3rd Asian Conference on Intelligent Information and Database Systems, (2011), LNAI 6592, pp. 165-170. [2] S. Hiroshi, Y. Kazuo, O. Ryuichi and H. Itaru, "An Information Leakage Risk Evaluation Method Based on Security Configuration Validation", IEICE Technical Report, vol. 105, no. 398, (2005), pp.15-22. [3] D. Choi, S. Jin and H. Yoon, A Personal Information Leakage Prevention Method on the Internet, 3rd edn. Springer-Verlag, Berlin Heidelberg New York (1996). [4] V. Chandola, A. Banerjee and V. Kumar, On Abnormality Detection in Spuriously Populated Data Streams, ACM Computing Surveys (CSUR), vol. 41, Issue 3, (2009) July. [5] K. Das and J. Schneider, Detecting anomalous records in categorical datasets, (2007), KDD 2007. Authors Jinhyung Kim She received the B.S degree in the Information Security, Seoul Women s University, Seoul, Korea in 2006. She received the M.S degree in 2008 and is currently working toward Ph.D. degree in the computer science at the same university. Her researches interests include protect techniques and policies in Privacy protection and Cloud Computing Security. Jun Hwang He received the B.S and M.S. and Ph.D. degrees in Computer Science from Chung-Ang University, Korea, in 1985, 1987, and 1991 respectively. Since 1992, he has been a professor at the College of Information & Media of Seoul Women s University. His current interests are IPTV, convergence computing, and digital broadcasting. Hyung-Jong Kim He received his B.S. degree in Information Engineering from the Sungkyunkwan University in 1996 and his M.S and Ph.D. degrees in Electrical Computer Engineering department of Sungkyunkwan university. He worked as a principal researcher of Korea Information Security Agency (KISA) from 2001 to 2007. Also, he worked in the CyLab at CMU(Carnegie Mellon University), Pittsburgh, PA, USA as a visiting scholar from 2004 to 2006. Currently, he is with the Seoul Women's University in Seoul, Korea as an assistant professor since March, 2007. His research interests include cloud computing security, VoIP security, privacy protection and simulation modeling methodology. 96

2024 © artsdocbox.com Privacy Policy | Terms of Service | Feedback