INFORMATION LEAK FILE DETECTION APPARATUS AND METHOD AND PROGRAM THEREOF
First Claim
1. An information leak file detection apparatus communicably coupled to a key information collection device linking to a file sharing network and having a key information database storing therein key information collected in relation to files distributed on the file sharing network, wherein the apparatus operates to:
- acquire from the key information database the key information including a key creation time-and-date, a key acquisition time-and-date, a file size, a publisher ID (trip), a file name, file possession node information (IP address, port number), key possession node information (IP address, port number), a key lifetime (TTL), a download number (referenced number) and a hash value,obtain as attribute information a file type to be derived from the file name contained in the key information, an appearance number of each speech part of those words constituting the file name, a difference between the key creation time-and-date and a key acquisition time-and-date relating to the file, and presence or absence of a character string indicative of time-and-date, and then store the key information and the attribute information in an analysis information database,make a decision tree which is an information leak file judgment rule based on contents of the key information and the attribute information, and then store the decision tree in a leaned information database, anddetermine whether an acquisition source file of the key information is an information leak file based on the key information and the attribute information which are stored in the analysis information database and also based on the decision tree stored in the learned information database.
1 Assignment
0 Petitions
Accused Products
Abstract
A technique for collecting information concerning those files distributed on a file sharing network and for detecting an information leak file to take corrective measures is provided. Supervised information is generated by adding as attributes a file type, a speech-part appearance frequency of words making up a file name and a result of human-made judgment as to whether a file being inspected is the information leak file to key information collected from the file sharing network. Next, the supervised information is input to a decision tree leaning algorithm, thereby causing it to learn an information leak file judgment rule and then derive a decision tree for use in information leak file judgment. Thereafter, this decision tree is used to detect the information leak file from key information flowing on the file sharing network, followed by alert transmission and key information invalidation, thereby preventing damage expansion.
14 Citations
11 Claims
-
1. An information leak file detection apparatus communicably coupled to a key information collection device linking to a file sharing network and having a key information database storing therein key information collected in relation to files distributed on the file sharing network, wherein the apparatus operates to:
-
acquire from the key information database the key information including a key creation time-and-date, a key acquisition time-and-date, a file size, a publisher ID (trip), a file name, file possession node information (IP address, port number), key possession node information (IP address, port number), a key lifetime (TTL), a download number (referenced number) and a hash value, obtain as attribute information a file type to be derived from the file name contained in the key information, an appearance number of each speech part of those words constituting the file name, a difference between the key creation time-and-date and a key acquisition time-and-date relating to the file, and presence or absence of a character string indicative of time-and-date, and then store the key information and the attribute information in an analysis information database, make a decision tree which is an information leak file judgment rule based on contents of the key information and the attribute information, and then store the decision tree in a leaned information database, and determine whether an acquisition source file of the key information is an information leak file based on the key information and the attribute information which are stored in the analysis information database and also based on the decision tree stored in the learned information database. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An information leak file detection method for use in an information leak file detection apparatus for collecting information concerning files distributed on a file sharing network and for preventing spread of an information leak file, wherein
the information leak file detection apparatus has an arithmetic unit and a database, the database stores therein an information leak file judgment rule as a decision tree based on contents of key information and attribute information by using, as the key information, information including any one or more than one of those items obtainable from a key collection device, which are a key creation time-and-date, a key acquisition time-and-date, a file size, a publisher ID (trip), a file name, file possession node information (IP address, port number), key possession node information (IP address, port number), a key lifetime (TTL), a download number (referenced number) and a hash value, and also by using as the attribute information a file type to be derived from an extension of the file name contained in the key information, an appearance number of each speech part of those words making up the file name, a difference between the key creation time and a key acquisition time relating to the file, and presence or absence of a character string indicating time-and-date be the attribute information, and the arithmetic unit compares the key information and the attribute information with the decision tree to thereby determine whether the key information is relevant to an information leak file.
-
11. A computer-readable file detection program comprising the steps of:
-
linking to a file sharing network; being communicably coupled to a key information collection device having a key information database storing therein key information collected relating to files distributed on the file sharing network; acquiring from the key information database the key information including a key creation time-and-date, a key acquisition time-and-date, a file size, a publisher ID (trip), a file name, file possession node information (IP address, port number), key possession node information (IP address, port number), a key lifetime (TTL), a download number (referenced number), and a hash value; obtaining as attribute information a type of file to be derived from the file name included in the key information, an appearance number of each speech part of those words making up the file name, a difference between the key creation time-and-date and a key acquisition time-and-date relating to the file, and presence or absence of a character string indicating time-and-date, and storing the key information and the attribute information in an analysis information database; making a decision tree which is an information leak file judgment rule based on contents of the key information and the attribute information and then storing the decision tree in a learned information database; and determining whether an acquisition source file of the key information is an information leak file based on the key information and the attribute information which are stored in the analysis information database and also based on the decision tree stored in the learned information database.
-
Specification