File Detection on Network Traffic Using Approximate Matching

Détails

ID Serval
serval:BIB_525CDB9529D7
Type
Article: article d'un périodique ou d'un magazine.
Collection
Publications
Titre
File Detection on Network Traffic Using Approximate Matching
Périodique
Journal of Digital Forensics, Security and Law
Auteur⸱e⸱s
Breitinger Frank, Baggili Ibrahim
ISSN
1558-7223
Statut éditorial
Publié
Date de publication
2014
Volume
9
Numéro
2
Langue
anglais
Résumé
In recent years, Internet technologies changed enormously and allow faster Internet connections, higher data rates and mobile usage. Hence, it is possible to send huge amounts of data / files easily which is often used by insiders or attackers to steal intellectual property. As a consequence, data leakage prevention systems (DLPS) have been developed which analyze network traffic and alert in case of a data leak. Although the overall concepts of the detection techniques are known, the systems are mostly closed and commercial.
Within this paper we present a new technique for network traffic analysis based on approximate matching (a.k.a fuzzy hashing) which is very common in digital forensics to correlate similar files. This paper demonstrates how to optimize and apply them on single network packets. Our contribution is a straightforward concept which does not need a comprehensive configuration: hash the file and store the digest in the database. Within our experiments we obtained false positive rates between 10−4 and 10−5 and an algorithm throughput of over 650 Mbit/s.
Mots-clé
Approximate matching, Bloom filter, mrsh-v2, data loss prevention, network traffic analysis
Open Access
Oui
Création de la notice
06/05/2021 11:01
Dernière modification de la notice
06/05/2021 11:29
Données d'usage