Systems and Means of Informatics
2022, Volume 32, Issue 2, pp 72-80
SOME APPROACHES TO NETWORK DLP ANALYSIS
- A. A. Grusho
- N. A. Grusho
- M. I. Zabezhailo
- D. V. Smirnov
- E. E. Tmonina
- S. Ya. Shorgin
Abstract
The work deals mainly with network DLP (Data Lost/Leakage Prevention) systems. One of the main tasks of DLP systems is to recognize the appearance of valuable information that can appear on the network at the output of the computer system. Network-based DLP systems are becoming more important due to the development of remote work of employees of various organizations. The proper functioning of the DLP is determined by recognizing short messages as random sequences and leaking valuable information such as personal data as a short sequence satisfying structural constraints. The main problem of these methods is false alarms. In the work, in the simplest models, the volume of data is estimated in which it is possible to search for valuable information at small probabilities of false alarms. The examples of simple but fast methods for detecting leaks of valuable information are built. The methods are divided by complexity and their applications. Such methods can be used not only to analyze DLP systems, but also to search for service inserts and signals during the transfer of information when searching and analyzing poorly protected or unprotected personal data where depersonalization is required according to the rules. The estimates of the probabilities of false alarms are built.
[+] References (9)
- Sravnitel'nyy obzor sredstv predotvrashcheniya utechek dannykh (DLP) [Comparison review of Data Leakage Prevention (DLP) tools]. 12.03.1019. Safe-surf. Available at: https://safe-surf.nj/specialists/article/5233/609990/?sphraseJd=45457 (accessed
March 29, 2022).
- Blinov, A. 10.09.2021. Obzor "Rossiyskiy rynok DLP-sistem 2021. Problemy i resh- eniya." Chast' 1. Osobennosti sovremennogo rynka DLP-sistem [Overview "Russian market of DLP-systems 2021. Problems and solutions." Part 1. Features of today's DLP market]. ICT-Online. Available at: https://ict-online.ru/analytics/a200309/ (accessed March 29, 2022).
- Korolev, V. V. 2016. Ispol'zovanie metodov analiza kontenta v DLP sistemakh [Using content analysis methods in DLP systems]. Problemy nauki [Problems of Science] 10(11): 16-2 0.
- Grusho, A. A., N. A. Grusho, M. I. Zabezhailo, D. V. Smirnov, E. E. Timonina, and S. Ya. Shorgin. 2021. Statistika i klastery v poiskakh anomal'nykh vkrapleniy v usloviyakh bol'shikh dannykh [Statistics and clusters for detection of anomalous insertions in big data environment]. Informatika i ee Primeneniya - Inform. Appl. 15(4):79-86.
- Grusho, A. A., N. A. Grusho, M. I. Zabezhailo, D. V. Smirnov, E. E. Timonina, and
S. Ya. Shorgin. 2022. Poisk anomaliy v bol'shikh dannykh [Search of anomalies in big data]. Sistemy i Sredstva Informatiki - Systems and Means of Informatics 32 (1): 160-167.
- Grusho, A. A., D. V. Smirnov, E. E. Timonina, and S. Ya. Shorgin. 2021. Usilennyy algoritm tokenizatsii dlya zashchity personal'nykh dannykh [Enhanced tokenization algorithm for personal data protection]. Sistemy i Sredstva Informatiki - Systems and Means of Informatics 31(4):135-143.
- Shiryaev, A.N. 2004. Veroyatnost' [Probability]. Moscow: MTsNMO. 521 p.
- Melnikov, S. Yu. 2021. Metody raspoznavaniyai identifikatsiikonechnykhavtomatovpo statisticheskimkharakteristikamvykhodnykhi vkhodnykhposledovatel'nostey [Methods of recognition and identification of finite automata by statistical characteristics of output and input sequences]. Moscow: Peoples' Friendship University of Russia. D. Sc. Diss. 265 p.
- Timonina, E. E. 2004. Analiz ugroz skrytykh kanalov i metody postroeniya garantirovanno zashchishchennykh raspredelennykh avtomatizirovannykh sistem [The analysis of threats of covert channels and methods of creation of guaranteed protected distributed automated systems]. Moscow: Russian State University for the Humanities. D. Sc. Diss. 204 p.
[+] About this article
Title
SOME APPROACHES TO NETWORK DLP ANALYSIS
Journal
Systems and Means of Informatics
Volume 32, Issue 2, pp 72-80
Cover Date
2022-06-10
DOI
10.14357/08696527220207
Print ISSN
0869-6527
Publisher
Institute of Informatics Problems, Russian Academy of Sciences
Additional Links
Key words
information security; DLP systems; estimates of probabilities of false alarms
Authors
A. A. Grusho  , N. A. Grusho , M. I. Zabezhailo , D. V. Smirnov  , E. E. Tmonina ,
and S. Ya. Shorgin
Author Affiliations
Federal Research Center "Computer Science and Control", Russian Academy of Sciences, 44-2 Vavilov Str., Moscow 119333, Russian Federation
Sberbank of Russia, 19 Vavilov Str., Moscow 117999, Russian Federation
|