INFORMATION LEAK FILE DETECTION APPARATUS AND METHOD AND PROGRAM THEREOF

US 20120005147A1
Filed: 06/28/2011
Published: 01/05/2012
Est. Priority Date: 06/30/2010
Status: Abandoned Application

First Claim

Patent Images

1. An information leak file detection apparatus communicably coupled to a key information collection device linking to a file sharing network and having a key information database storing therein key information collected in relation to files distributed on the file sharing network, wherein the apparatus operates to:

acquire from the key information database the key information including a key creation time-and-date, a key acquisition time-and-date, a file size, a publisher ID (trip), a file name, file possession node information (IP address, port number), key possession node information (IP address, port number), a key lifetime (TTL), a download number (referenced number) and a hash value,obtain as attribute information a file type to be derived from the file name contained in the key information, an appearance number of each speech part of those words constituting the file name, a difference between the key creation time-and-date and a key acquisition time-and-date relating to the file, and presence or absence of a character string indicative of time-and-date, and then store the key information and the attribute information in an analysis information database,make a decision tree which is an information leak file judgment rule based on contents of the key information and the attribute information, and then store the decision tree in a leaned information database, anddetermine whether an acquisition source file of the key information is an information leak file based on the key information and the attribute information which are stored in the analysis information database and also based on the decision tree stored in the learned information database.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technique for collecting information concerning those files distributed on a file sharing network and for detecting an information leak file to take corrective measures is provided. Supervised information is generated by adding as attributes a file type, a speech-part appearance frequency of words making up a file name and a result of human-made judgment as to whether a file being inspected is the information leak file to key information collected from the file sharing network. Next, the supervised information is input to a decision tree leaning algorithm, thereby causing it to learn an information leak file judgment rule and then derive a decision tree for use in information leak file judgment. Thereafter, this decision tree is used to detect the information leak file from key information flowing on the file sharing network, followed by alert transmission and key information invalidation, thereby preventing damage expansion.

14 Citations

View as Search Results

11 Claims

1. An information leak file detection apparatus communicably coupled to a key information collection device linking to a file sharing network and having a key information database storing therein key information collected in relation to files distributed on the file sharing network, wherein the apparatus operates to:
- acquire from the key information database the key information including a key creation time-and-date, a key acquisition time-and-date, a file size, a publisher ID (trip), a file name, file possession node information (IP address, port number), key possession node information (IP address, port number), a key lifetime (TTL), a download number (referenced number) and a hash value,obtain as attribute information a file type to be derived from the file name contained in the key information, an appearance number of each speech part of those words constituting the file name, a difference between the key creation time-and-date and a key acquisition time-and-date relating to the file, and presence or absence of a character string indicative of time-and-date, and then store the key information and the attribute information in an analysis information database,make a decision tree which is an information leak file judgment rule based on contents of the key information and the attribute information, and then store the decision tree in a leaned information database, anddetermine whether an acquisition source file of the key information is an information leak file based on the key information and the attribute information which are stored in the analysis information database and also based on the decision tree stored in the learned information database.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The information leak file detection apparatus according to claim 1, wherein the apparatus acquires supervised information (attribute) from the attribute information by letting the key information within the analysis information database be supervised information (key information),receives as supervised information (class) a result of operator'"'"'s decision as to whether it is a leak file based on the supervised information (key information) and the supervised information (attribute),stores the supervised information (key information), the supervised information (attribute) and the supervised information (class) in the learned information database while combining them into a set, andmakes the decision tree based on supervised information containing therein a plurality of sets of the supervised information (key information), the supervised information (attribute) and the supervised information (class) of the learned information database.
  - 3. The information leak file detection apparatus according to claim 1, wherein the apparatus modifies the information leak file judgment rule in a way corresponding to the decision tree which is generated and updated based on supervised information as newly created by an arithmetic device.
  - 4. The information leak file detection apparatus according to claim 1, wherein the apparatus outputs to a key transmission device the key information concerning the file in accordance with a result of judgment of an arithmetic device concluding that the file is an information leak file by comparison with the decision tree.
  - 5. The information leak file detection apparatus according to claim 1, wherein the apparatus is communicably coupled to a key transmission device which sends out any given one of the key information toward a given node being linked to the file sharing network, which collects information concerning a shared file or files from the file sharing network and which enables outputting of the key information, andtransmits the key information concerning the file to the key transmission device in accordance with a result of judgment concluding that the file is the information leak file by comparison with the decision tree.

6. An information leak file detection method for use in an information leak file detection apparatus for collecting information concerning files distributed on a file sharing network and for preventing spread of an information leak file, whereinthe information leak file detection apparatus has an arithmetic unit and a database,the database stores therein an information leak file judgment rule as a decision tree based on contents of key information and attribute information by using, as the key information, information including any one or more than one of those items obtainable from a key collection device, which are a key creation time-and-date, a key acquisition time-and-date, a file size, a publisher ID (trip), a file name, file possession node information (IP address, port number), key possession node information (IP address, port number), a key lifetime (TTL), a download number (referenced number) and a hash value, and also by using as the attribute information a file type to be derived from an extension of the file name contained in the key information, an appearance number of each speech part of those words making up the file name, a difference between the key creation time and a key acquisition time relating to the file, and presence or absence of a character string indicating time-and-date be the attribute information, andthe arithmetic unit compares the key information and the attribute information with the decision tree to thereby determine whether the key information is relevant to an information leak file.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The information leak file detection method according to claim 6, wherein the method is an information leak file detection method used in an information leak file detection apparatus for collecting information concerning shared files from a file sharing network and for preventing spread of an information leak file, whereinthe information leak file detection apparatus has an arithmetic unit and a database,the database stores therein respective ones of supervised information (key information), supervised information (attribute) and supervised information (class) which are obtained by extracting a predetermined number of ones by letting the key information be the supervised information (key information) and by letting attribute information be the supervised information (attribute) and further by setting as the supervised information (class) a result of operator'"'"'s judgment as to whether it is the leak file based on the supervised information (key information) and the supervised information (attribute), andthe arithmetic unit generates a decision tree for judgment of the information leak file by inputting, to a decision tree learning algorithm, supervised information which is obtained by creating a plurality of sets of the supervised information (key information), the supervised information (attribute) and the supervised information (class).
  - 8. The information leak file detection method according to claim 6, further including:
    - modifying an information leak file judgment algorithm in accordance with generation and update of the decision tree.
  - 9. The information leak file detection method according to claim 6, further including:
    - outputting to a key transmission device the key information concerning the file in response to a result of judgment concluding to be the information leak file by comparison with the decision tree.
  - 10. The information leak file detection method according to claim 6, wherein the method is an information leak file detection method used in an information leak file detection apparatus for collecting information concerning a shared file or files from the file sharing network, for making it possible to output key information and for being communicably coupled with a key transmission device which sends any given key information to a given node for connection to the file sharing network, wherein the method includes:
    - transmitting the key information concerning the file to the key transmission device in accordance with a result of judgment concluding to be the information leak file by comparison with the decision tree.

11. A computer-readable file detection program comprising the steps of:
- linking to a file sharing network;
  
  being communicably coupled to a key information collection device having a key information database storing therein key information collected relating to files distributed on the file sharing network;
  
  acquiring from the key information database the key information including a key creation time-and-date, a key acquisition time-and-date, a file size, a publisher ID (trip), a file name, file possession node information (IP address, port number), key possession node information (IP address, port number), a key lifetime (TTL), a download number (referenced number), and a hash value;
  
  obtaining as attribute information a type of file to be derived from the file name included in the key information, an appearance number of each speech part of those words making up the file name, a difference between the key creation time-and-date and a key acquisition time-and-date relating to the file, and presence or absence of a character string indicating time-and-date, and storing the key information and the attribute information in an analysis information database;
  
  making a decision tree which is an information leak file judgment rule based on contents of the key information and the attribute information and then storing the decision tree in a learned information database; and
  
  determining whether an acquisition source file of the key information is an information leak file based on the key information and the attribute information which are stored in the analysis information database and also based on the decision tree stored in the learned information database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi, Ltd.
Original Assignee
Hitachi Information Systems Limited (Hitachi, Ltd.)
Inventors
Kito, Tetsuro, Terada, Masato, Tankyo, Shinichi, Kaine, Isao, NAKAKOJI, HIROFUMI, Shigemoto, Tomohiro

Application Number

US13/170,943
Publication Number

US 20120005147A1
Time in Patent Office

Days
Field of Search
US Class Current

706/47
CPC Class Codes

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/606   by securing the transmissio...

G06Q 10/063114   Status monitoring or status...

G06Q 10/0635   Risk analysis of enterprise...

INFORMATION LEAK FILE DETECTION APPARATUS AND METHOD AND PROGRAM THEREOF

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

14 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

INFORMATION LEAK FILE DETECTION APPARATUS AND METHOD AND PROGRAM THEREOF

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links