Using malware for the greater good: Mitigating data leakage. (1st November 2019)
- Record Type:
- Journal Article
- Title:
- Using malware for the greater good: Mitigating data leakage. (1st November 2019)
- Main Title:
- Using malware for the greater good: Mitigating data leakage
- Authors:
- Guri, Mordechai
Puzis, Rami
Choo, Kim-Kwang Raymond
Rubinshtein, Sergey
Kedma, Gabi
Elovici, Yuval - Abstract:
- Abstract: Accidental (i.e., non-malicious) data leakage can occur through emails, storage media, file-sharing services, social networks, and so on, and are one of the most commonly reported threats. We present DocGuard, a novel method designed to counter accidental data leakage. Unlike existing solutions, DocGuard is effective even when a file has already leaked out of the organization's network. However, our approach does not require additional installation or software update, outside the organizational network, and it supports virtually any type of file (e.g., binaries, source-code, documents and media). Specifically, the key idea is to let existing anti-malware/anti-virus (AV) products (at the user PCs, cloud services, ISPs and e-mail gateways) identify the leaked file and block access to the identified file, in the same manner the AV product stops the propagation of an identified malware. DocGuard injects a hidden signature associated with a known malware to sensitive files. If the files are somehow leaked out of the organization's boundaries, an AV, either on the user's PC or at the network, will detect it as a real threat and immediately delete or quarantine it before it can be accessed and shared further. We implement DocGuard and evaluate it on various file types including documents, spreadsheets, presentations, images, executable binaries and textual source code. Our evaluations include different leakage paths such as e-mails, file-sharing and cloud services, socialAbstract: Accidental (i.e., non-malicious) data leakage can occur through emails, storage media, file-sharing services, social networks, and so on, and are one of the most commonly reported threats. We present DocGuard, a novel method designed to counter accidental data leakage. Unlike existing solutions, DocGuard is effective even when a file has already leaked out of the organization's network. However, our approach does not require additional installation or software update, outside the organizational network, and it supports virtually any type of file (e.g., binaries, source-code, documents and media). Specifically, the key idea is to let existing anti-malware/anti-virus (AV) products (at the user PCs, cloud services, ISPs and e-mail gateways) identify the leaked file and block access to the identified file, in the same manner the AV product stops the propagation of an identified malware. DocGuard injects a hidden signature associated with a known malware to sensitive files. If the files are somehow leaked out of the organization's boundaries, an AV, either on the user's PC or at the network, will detect it as a real threat and immediately delete or quarantine it before it can be accessed and shared further. We implement DocGuard and evaluate it on various file types including documents, spreadsheets, presentations, images, executable binaries and textual source code. Our evaluations include different leakage paths such as e-mails, file-sharing and cloud services, social networks and physical media. The evaluation results have demonstrated almost 100% effectiveness in stopping the leakage at its initial phases. In order to evaluate DocGuard at a larger scale, we simulate a leakage scenario over the topology of real social networks. Our results show that DocGuard is highly effective not only for stopping the initial leak but also in preventing the propagation of leaked files over the Internet and though social networks. … (more)
- Is Part Of:
- Journal of network and computer applications. Volume 145(2019)
- Journal:
- Journal of network and computer applications
- Issue:
- Volume 145(2019)
- Issue Display:
- Volume 145, Issue 2019 (2019)
- Year:
- 2019
- Volume:
- 145
- Issue:
- 2019
- Issue Sort Value:
- 2019-0145-2019-0000
- Page Start:
- Page End:
- Publication Date:
- 2019-11-01
- Subjects:
- Data leakage -- Insider threat -- Malware signature -- Data exfiltration
Microcomputers -- Periodicals
Computer networks -- Periodicals
Application software -- Periodicals
Micro-ordinateurs -- Périodiques
Réseaux d'ordinateurs -- Périodiques
Logiciels d'application -- Périodiques
Application software
Computer networks
Microcomputers
Periodicals
004.05
004 - Journal URLs:
- http://www.sciencedirect.com/science/journal/10848045 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.jnca.2019.07.006 ↗
- Languages:
- English
- ISSNs:
- 1084-8045
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 5021.410600
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 11678.xml