1 / 22

Academic Advisor: Dr. Yuval Elovici Technical Advisor: Dr. Lidror Troyansky

Academic Advisor: Dr. Yuval Elovici Technical Advisor: Dr. Lidror Troyansky. A little bit of background…. PortAuthority Offers Businesses the Opportunity to Gain Insight Into Their Information Leak Vulnerabilities.

spike
Download Presentation

Academic Advisor: Dr. Yuval Elovici Technical Advisor: Dr. Lidror Troyansky

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Academic Advisor: Dr. Yuval Elovici Technical Advisor: Dr. Lidror Troyansky

  2. A little bit of background… • PortAuthority Offers Businesses the Opportunity to Gain Insight Into Their Information Leak Vulnerabilities. • 70% of Information Leaks are InternalMost organizations focus on preventing outside-in security breaches, but industry analysts argue that up to 70% of security breaches occur from the inside-out. Information leaks of private and confidential information create a growing threat to any size organization. • Example of file sharing information leaks: http://www.ynet.co.il/articles/0,7340,L-2875208,00.htmlAir force officer in the IDF suspended over sharing confidential army documents…

  3. Where do we fit in? • P2P Networks. • Gnutella, Gnutella2, Bittorrent, eDonkey2000, Kadmelia. • P2P networks are typically used for connecting nodes via largely ad hoc connections. • Sharing content files containing audio, video, data or anything in digital format is very common (including confidential information). • Real-time data, such as VOIP, is also passed using P2P technology.

  4. Where do we fit in? Continued…

  5. Our Project • Develop a system which will: • Be able to configure the scanning parameters. • Scan the P2P networks. • Download files suspicious as confidential. • Analyze the material using Machine Learning. • Generate reports. • Produce statistics.

  6. Architecture

  7. Main Functional Requirements • Scanning and looking for suspicious target (e.g. as confidential) information in the P2P network (Gnutella).

  8. Main Functional Requirements Continued… • Downloading the suspicious target (e.g. as confidential) information from the P2P network (Gnutella).

  9. Main Functional Requirements Continued… • Analyzing the scanned results (determine the value of the documents). • The system will use the Learning Machine based on the filtering algorithm to classify the documents.

  10. Bayesian filtering is the process of using Bayesian statistical method to classify documents into categories. • Bayesian filtering gained attention when it was described in the paper A Plan for Spam by Paul Graham, and has become a popular mechanism to distinguish illegitimate spam email from legitimate "ham" email. • Bayesian filtering take advantage of Bayes' theorem, says that the probability that a document is of a certain group (confidential documents), given that it has certain words in it, is equal to the probability of finding those certain words in a document from that group (confidential documents), times the probability that any document is of that group (confidential documents), divided by the probability of finding those words in any Group:

  11. Main Functional Requirements Continued… • Statistics Gathering: • The number of users which currently hold the target information. • Using IP Geolocation and finding out the geographic location of the leaked information. • The history of searched for, downloaded & analyzed files.

  12. Main Functional Use Cases

  13. Main Functional Use Cases Continued… Scan network - Use Case Diagram

  14. Main Functional Use Cases Continued… Analyze downloaded files - Use Case Diagram

  15. Main Functional Use Cases Continued…

  16. Non-Functional Requirements • Performance constraints: • The system should return a search result for suspicious target after no more than 15 minutes. • The system timeout for downloading should be configurable. • The system should hold history result and statistics of not more than one year ago.

  17. Non-Functional Requirements Continued… • Safety and Security: • The system will not be used for any other purpose than find information leaks in P2P networks (e.g. to find shared MP3 files). • The system will not expose the confidential documents it downloads and the documents that were used in the Machine Learning algorithm.

  18. Non-Functional Requirements Continued… • Platform constraints: • OS: Windows XP. • Database: MS SQL Server 2000. • Programming languages (Restricted to Python, Java/J2E, C++ and C#)

  19. Start Feasibility Study Is Successful? Add more functionality End Try another algorithm Risks • Mainly a research project. • Algorithm risk (Machine Learning). • Is it good for confidential documents? • Action to be taken: • Feasibility Study.

  20. What does successful mean?

  21. Risks • Gnutella is an old network. • May not contain confidential information. • Action to be taken: • Test suite. • Use a different P2P network.

  22. Epilogue • אלוביץ': "חוזק האבטחה של חברה הוא בחוליה החלשה שלה..." • כנסו בהמוניכם לאתר: • www.cs.bgu.ac.il/~amirf/AMOS

More Related