File Detection On Network Traffic Using Approximate Matching
<p>In recent years, Internet technologies changed enormously and allow faster Internet connections, higher data rates and mobile usage. Hence, it is possible to send huge amounts of data / files easily which is often used by insiders or attackers to steal intellectual property. As a consequenc...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Association of Digital Forensics, Security and Law
2014-09-01
|
| Series: | Journal of Digital Forensics, Security and Law |
| Online Access: | http://ojs.jdfsl.org/index.php/jdfsl/article/view/261 |
| id |
doaj-1e57138e637f408e9410bb4a8aaa1ba8 |
|---|---|
| record_format |
Article |
| spelling |
doaj-1e57138e637f408e9410bb4a8aaa1ba82020-11-25T01:49:25ZengAssociation of Digital Forensics, Security and LawJournal of Digital Forensics, Security and Law1558-72151558-72232014-09-01922336167File Detection On Network Traffic Using Approximate MatchingFrank Breitinger0Ibrahim Baggili1University of New HavenUniversity of New Haven<p>In recent years, Internet technologies changed enormously and allow faster Internet connections, higher data rates and mobile usage. Hence, it is possible to send huge amounts of data / files easily which is often used by insiders or attackers to steal intellectual property. As a consequence, data leakage prevention systems (DLPS) have been developed which analyze network traffic and alert in case of a data leak. Although the overall concepts of the detection techniques are known, the systems are mostly closed and commercial.</p><p>Within this paper we present a new technique for network trac analysis based on approximate matching (a.k.a fuzzy hashing) which is very common in digital forensics to correlate similar files. This paper demonstrates how to optimize and apply them on single network packets. Our contribution is a straightforward concept which does not need a comprehensive conguration: hash the file and store the digest in the database. Within our experiments we obtained false positive rates between 10<sup>-4</sup> and 10<sup>-5</sup> and an algorithm throughput of over 650 Mbit/s.</p>http://ojs.jdfsl.org/index.php/jdfsl/article/view/261 |
| collection |
DOAJ |
| language |
English |
| format |
Article |
| sources |
DOAJ |
| author |
Frank Breitinger Ibrahim Baggili |
| spellingShingle |
Frank Breitinger Ibrahim Baggili File Detection On Network Traffic Using Approximate Matching Journal of Digital Forensics, Security and Law |
| author_facet |
Frank Breitinger Ibrahim Baggili |
| author_sort |
Frank Breitinger |
| title |
File Detection On Network Traffic Using Approximate Matching |
| title_short |
File Detection On Network Traffic Using Approximate Matching |
| title_full |
File Detection On Network Traffic Using Approximate Matching |
| title_fullStr |
File Detection On Network Traffic Using Approximate Matching |
| title_full_unstemmed |
File Detection On Network Traffic Using Approximate Matching |
| title_sort |
file detection on network traffic using approximate matching |
| publisher |
Association of Digital Forensics, Security and Law |
| series |
Journal of Digital Forensics, Security and Law |
| issn |
1558-7215 1558-7223 |
| publishDate |
2014-09-01 |
| description |
<p>In recent years, Internet technologies changed enormously and allow faster Internet connections, higher data rates and mobile usage. Hence, it is possible to send huge amounts of data / files easily which is often used by insiders or attackers to steal intellectual property. As a consequence, data leakage prevention systems (DLPS) have been developed which analyze network traffic and alert in case of a data leak. Although the overall concepts of the detection techniques are known, the systems are mostly closed and commercial.</p><p>Within this paper we present a new technique for network trac analysis based on approximate matching (a.k.a fuzzy hashing) which is very common in digital forensics to correlate similar files. This paper demonstrates how to optimize and apply them on single network packets. Our contribution is a straightforward concept which does not need a comprehensive conguration: hash the file and store the digest in the database. Within our experiments we obtained false positive rates between 10<sup>-4</sup> and 10<sup>-5</sup> and an algorithm throughput of over 650 Mbit/s.</p> |
| url |
http://ojs.jdfsl.org/index.php/jdfsl/article/view/261 |
| work_keys_str_mv |
AT frankbreitinger filedetectiononnetworktrafficusingapproximatematching AT ibrahimbaggili filedetectiononnetworktrafficusingapproximatematching |
| _version_ |
1725006602860232704 |