Data leakage detection using system call provenance

Authors: Awad, A., Kadry, S., Maddodi, G., Gill, S. and Lee, B.

Journal: Proceedings - 2016 International Conference on Intelligent Networking and Collaborative Systems, IEEE INCoS 2016

Pages: 486-491

DOI: 10.1109/INCoS.2016.95

Abstract:

Data leakage has become a problem of epidemic proportions with very serious consequences for businesses and their customers. Experts warn that it is very difficult for organisations to avoid infiltration and that they should be prepared for such events. Proactive detection of ongoing attacks is therefore critically important. In this paper we describe the design and implementation of Peeper, a policy based system for data leakage detection that utilizes operating system call provenance. The implementation of our scheme shows that it enables real-time data detection of data leakage. It tracks the operations performed on sensitive files and issues alerts if suspicious activities are detected.

Source: Scopus