Title :
Detection of data theft using fuzzy inference system
Author :
Patel, P.C. ; Singh, Upendra
Author_Institution :
Dept. of Comput. Eng., Defence Inst. of Adv. Technol. (DU), Pune, India
Abstract :
One of the challenges in detection of data theft is the difficulty to distinguish copy operation from other type of access operations. Existing work in this area focuses on the stochastic model of filesystem behaviour to identify emergent patterns in MAC timestamps unique to copying. Such an approach produces lot of false positives because of the fact that patterns emerging due to copying are similar to other access operations like searching a file in folder, compressing a folder and scanning a folder by antivirus software. This paper proposes a technique that can be used to distinguish copy operation from other type of operations so that forensic analyst can concentrate on more relevant artefacts. The paper describes fuzzy inference system based technique that gives a confidence value to each cluster generated by stochastic forensic approach. Experimental results have shown that the false positives that are generated by the stochastic forensic approach can be filtered using the cluster confidence of our technique.
Keywords :
computer viruses; digital forensics; fuzzy reasoning; pattern clustering; stochastic processes; MAC timestamps; access operations; antivirus software; confidence value; copy operation; data theft detection; emergent pattern identification; false positives; filesystem behaviour; folder compression; folder scanning; forensic analyst; fuzzy inference system based technique; stochastic forensic approach; stochastic model; Conferences; Forensics; Fuzzy logic; Fuzzy sets; Input variables; Measurement; Stochastic processes; Data Ex-filtration; Data Theft; Digital Forensics; Fuzzy Inference System;
Conference_Titel :
Advance Computing Conference (IACC), 2013 IEEE 3rd International
Conference_Location :
Ghaziabad
Print_ISBN :
978-1-4673-4527-9
DOI :
10.1109/IAdCC.2013.6514312
