DATA LEAKAGE DETECTION

DATA LEAKAGE DETECTION

Data leakage is defined as the accidental or unintentional distribution of private or sensitive data to an unauthorised entity .

Data leakage poses a serious issue for companies as the number of incidents and the cost to those experiencing them continue to increase.

Data leakage is enhanced by the fact that transmitted data including emails, instant messaging, website forms, and file transfers among others, are largely unregulated and unmonitored on their way to their destinations.

The main scope of this module is provide complete information about the data/content that is accessed by the users within the website.

Forms Authentication technique is used to provide security to the website in order to prevent the leakage of the data.

Continuous observation is made automatically and the information is send to the administrator so that he can identify whenever the data is leaked.

Above all the important aspect providing proof against the Guilty Objects. The following techniques are used.

Fake Object Generation.

Watermarking.

EXISTING SYSTEM

Traditionally, leakage detection is handled by watermarking, e.g., a unique code is embedded in each distributed copy.

If that copy is later discovered in the hands of an unauthorised party, the leaker can be identified.

Disadvantages of Existing Systems

Watermarks can be very useful in some cases, but again, involve some modification of the original data. Furthermore, watermarks can sometimes be destroyed if the data recipient is malicious.

Similarly, a company may have partnerships with other companies that require sharing customer data. Another enterprise may outsource its data processing, so data must be given to various other companies. We call the owner of the data the distributor and the supposedly trusted third parties the agents.

PROPOSED SYSTEM

The distributor may be able to add fake objects to the

distributed data in order to improve his effectiveness in detecting guilty agents.

Fake objects are objects generated by the distributor that are not in the original set.

The objects are designed which appear realistic, and are distributed among the agents along with the original objects.

Different fake objects may be added to the data sets of different agents in order to increase the chances of detecting agents that leak data.

 

 

 

 

 

 

PROPOSED SYSTEM…

The distributor can send data to these agents by inserting different fake objects into the data sets of different agents.Now, suppose the distributor discovers his sensitive data at an unauthorised party.

MODULE DESCRIPTION

Data Allocation

In this module, the original records fetched according to the agent’s request are combined with the fake records generated by the administrator.

Fake Object

The distributor is able to add fake objects in order to improve the effectiveness in detecting the guilty agent.

Optimization

The Optimization Module is the distributor’s data allocation to agents has one constraint and one objective. The distributor’s constraint is to satisfy agents’ requests, by providing them with the number of objects they request or with all available objects that satisfy their conditions. His objective is to be able to detect an agent who leaks any Portion of his data.

Data Distributor

A data distributor has given sensitive data to a set of Supposedly trusted agents (third parties). Some of the data is leaked and found in an unauthorised place (e.g., on the web or somebody’s laptop). The distributor must assess the likelihood that the leaked data came from one or more agents, as opposed to having been independently gathered by other means.

Admin Module

Administrator has to logon to the system.

Admin can add information about a new user.

Admin can add/view/delete/edit the user details.

Admin can create user groups and place users in it.

User Module

A user must login to use the services.

A user can send data sharing requests to other users.

A user can accept/reject data sharing requests from other users.

A user can trace the flow of its data i.e. can see what all users possess its data.

Data Loss Prevention (DLP)

DLP

Security measures to protect confidential and private datain-use in-motion at-rest

From both intentional and accidental loss of data

DLP SOLUTIONS –FOUR FOCUS AREAS

Data-In-Motion

Email

Network access

Wireless

• Data-at-Rest

Portable/Removable media (USB)

Authorised abuse

• Data-In-Use

IM

File share

Web uploads

• Compliance Regulations

Customer credit card information

Medical Information

Financial Information

DATA LOSS PREVENTION

• To protect against confidential data theft and loss, a multi-layered security foundation is needed

• Control/limit access to the data –firewalls, remote access controls, network access controls, physical security controls

• Secure information from threats –protect perimeter and endpoints from malware, botnets, viruses, DoS, etc. with security technology

• Control use of sensitive data once access is granted –policy-based content inspection, acceptable use, encryption

• Build a secure foundation with a Self-Defending Network

• Integrate DLP controls into security devices to protect data and increase visibility while decreasing the complexity and total cost of ownership of DLP deployments