{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2023,9,3]],"date-time":"2023-09-03T09:16:15Z","timestamp":1693732575072},"reference-count":39,"publisher":"Institute of Electronics, Information and Communications Engineers (IEICE)","issue":"9","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEICE Trans. Inf. & Syst."],"published-print":{"date-parts":[[2023,9,1]]},"DOI":"10.1587\/transinf.2022icp0014","type":"journal-article","created":{"date-parts":[[2023,8,31]],"date-time":"2023-08-31T23:08:37Z","timestamp":1693523317000},"page":"1339-1353","source":"Crossref","is-referenced-by-count":0,"title":["File Tracking and Visualization Methods Using a Network Graph to Prevent Information Leakage"],"prefix":"10.1587","volume":"E106.D","author":[{"given":"Tomohiko","family":"YANO","sequence":"first","affiliation":[{"name":"Intelligent Systems Laboratory, SECOM Co., Ltd."}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hiroki","family":"KUZUNO","sequence":"additional","affiliation":[{"name":"Graduate School of Engineering, Kobe University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kenichi","family":"MAGATA","sequence":"additional","affiliation":[{"name":"SECOM Science and Technology Foundation"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"532","reference":[{"key":"1","doi-asserted-by":"crossref","unstructured":"[1] T. Yano, H. Kuzuno, and K. Magata, \u201cConstructing a network graph of file tracking results against information leakage,\u201d 17th Asia Joint Conference on Information Security (AsiaJCIS), pp.8-15, IEEE, 2022. 10.1109\/asiajcis57030.2022.00012","DOI":"10.1109\/AsiaJCIS57030.2022.00012"},{"key":"2","doi-asserted-by":"publisher","unstructured":"[2] IBM Security, \u201cCost of a data breach report,\u201d 2020. 10.1016\/s1361-3723(21)00082-8","DOI":"10.1016\/S1361-3723(21)00082-8"},{"key":"3","doi-asserted-by":"crossref","unstructured":"[3] S. Mehnaz and E. Bertino, \u201cGhostbuster: A fine-grained approach for anomaly detection in file system accesses,\u201d Proc. Seventh ACM on Conference on Data and Application Security and Privacy, CODASPY '17, New York, NY, USA, pp.3-14, Association for Computing Machinery, 2017. DOI:10.1145\/3029806.3029809 10.1145\/3029806.3029809","DOI":"10.1145\/3029806.3029809"},{"key":"4","doi-asserted-by":"crossref","unstructured":"[4] C. Gates, N. Li, Z. Xu, S.N. Chari, I. Molloy, and Y. Park, \u201cDetecting insider information theft using features from file access logs,\u201d European Symposium on Research in Computer Security, vol.8713, pp.383-400, Springer, Cham, 2014. DOI:10.1007\/978-3-319-11212-1_22 10.1007\/978-3-319-11212-1_22","DOI":"10.1007\/978-3-319-11212-1_22"},{"key":"5","doi-asserted-by":"crossref","unstructured":"[5] F. Toffalini, I. Homoliak, A. Harilal, A. Binder, and M. Ochoa, \u201cDetection of masqueraders based on graph partitioning of file system access events,\u201d 2018 IEEE Security Privacy Workshops (SPW), pp.217-227, 2018. DOI:10.1109\/SPW.2018.00037 10.1109\/spw.2018.00037","DOI":"10.1109\/SPW.2018.00037"},{"key":"6","doi-asserted-by":"publisher","unstructured":"[6] X. Yu, Z. Tian, J. Qiu, and F. Jiang, \u201cA data leakage prevention method based on the reduction of confidential and context terms for smart mobile devices,\u201d Wireless Commun. and Mobile Computing, vol.2018, pp.1-11, 2018. DOI:10.1155\/2018\/5823439 10.1155\/2018\/5823439","DOI":"10.1155\/2018\/5823439"},{"key":"7","doi-asserted-by":"publisher","unstructured":"[7] X. Huang, Y. Lu, D. Li, and M. Ma, \u201cA novel mechanism for fast detection of transformed data leakage,\u201d IEEE Access, vol.6, pp.35926-35936, 2018. DOI:10.1109\/ACCESS.2018.2851228 10.1109\/access.2018.2851228","DOI":"10.1109\/ACCESS.2018.2851228"},{"key":"8","unstructured":"[8] Microsoft Corporation, \u201cMicrosoft Purview Information Protection,\u201d https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/compliance\/information-protection, accessed Oct. 14. 2022."},{"key":"9","unstructured":"[9] Amazon Web Services, Inc., \u201cAmazon Macie,\u201d https:\/\/aws.amazon.com\/macie\/, accessed Oct. 14. 2022."},{"key":"10","unstructured":"[10] Lockheed Martin Corporation, \u201cCyber Kill Chain,\u201d https:\/\/www.lockheedmartin.com\/en-us\/capabilities\/cyber\/cyber-kill-chain.html,accessed Oct. 14. 2022."},{"key":"11","unstructured":"[11] MITRE Corporation, \u201cMITRE ATT&CK,\u201d https:\/\/attack.mitre.org\/, accessed Oct. 14. 2022."},{"key":"12","doi-asserted-by":"publisher","unstructured":"[12] A. Khraisat, I. Gondal, P. Vamplew, and J. Kamruzzaman, \u201cSurvey of intrusion detection systems: techniques, datasets and challenges,\u201d Cybersecurity, vol.2, no.1, pp.1-22, 2019. DOI:10.1186\/s42400-019-0038-7 10.1186\/s42400-019-0038-7","DOI":"10.1186\/s42400-019-0038-7"},{"key":"13","doi-asserted-by":"publisher","unstructured":"[13] Z. Ahmad, A. Shahid Khan, C. Wai Shiang, J. Abdullah, and F. Ahmad, \u201cNetwork intrusion detection system: A systematic study of machine learning and deep learning approaches,\u201d Transactions on Emerging Telecommunications Technologies, vol.32, no.1, 2021. DOI:10.1002\/ett.4150 10.1002\/ett.4150","DOI":"10.1002\/ett.4150"},{"key":"14","doi-asserted-by":"publisher","unstructured":"[14] J.L. Leevy and T.M. Khoshgoftaar, \u201cA survey and analysis of intrusion detection models based on CSE-CIC-IDS2018 Big Data,\u201d vol.7, no.1, pp.1-19, 2020. DOI:10.1186\/s40537-020-00382-x 10.1186\/s40537-020-00382-x","DOI":"10.1186\/s40537-020-00382-x"},{"key":"15","doi-asserted-by":"publisher","unstructured":"[15] R.A. Bridges, T.R. Glass-Vanderlan, M.D. Iannacone, M.S. Vincent, and Q. Chen, \u201cA survey of intrusion detection systems leveraging host data,\u201d ACM Computing Surveys (CSUR), vol.52, no.6, pp.1-35, 2019. DOI:10.1145\/3344382 10.1145\/3344382","DOI":"10.1145\/3344382"},{"key":"16","doi-asserted-by":"publisher","unstructured":"[16] L. Liu, O. De Vel, Q.-L. Han, J. Zhang, and Y. Xiang, \u201cDetecting and preventing cyber insider threats: A survey,\u201d IEEE Communications Surveys & Tutorials, vol.20, no.2, pp.1397-1417, 2018. DOI:10.1109\/COMST.2018.2800740 10.1109\/comst.2018.2800740","DOI":"10.1109\/COMST.2018.2800740"},{"key":"17","doi-asserted-by":"crossref","unstructured":"[17] M. Hanley and J. Montelibano, \u201cInsider threat control: Using centralized logging to detect data exfiltration near insider termination,\u201d tech. rep., Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Note CMU\/SEI-2011-TN-024, 2011. 10.1184\/R1\/6574472.v1","DOI":"10.21236\/ADA610463"},{"key":"18","doi-asserted-by":"crossref","unstructured":"[18] M. Mayhew, M. Atighetchi, A. Adler, and R. Greenstadt, \u201cUse of machine learning in big data analytics for insider threat detection,\u201d MILCOM 2015-2015 IEEE Military Communications Conference, pp.915-922, 2015. DOI:10.1109\/MILCOM.2015.7357562. 10.1109\/milcom.2015.7357562","DOI":"10.1109\/MILCOM.2015.7357562"},{"key":"19","doi-asserted-by":"crossref","unstructured":"[19] N. Baracaldo and J. Joshi, \u201cA trust-and-risk aware RBAC framework: tackling insider threat,\u201d Proc. 17th ACM Symposium on Access Control Models and Technologies, New York, NY, USA, pp.167-176, 2012. DOI:10.1145\/2295136.2295168 10.1145\/2295136.2295168","DOI":"10.1145\/2295136.2295168"},{"key":"20","doi-asserted-by":"crossref","unstructured":"[20] B.M. Bowen, S. Hershkop, A.D. Keromytis, and S.J. Stolfo, \u201cBaiting inside attackers using decoy documents,\u201d Security and Privacy in Communication Networks, vol.19, pp.51-70, Springer, Berlin, Heidelberg, 2009. DOI:10.1007\/978-3-642-05284-2_4 10.1007\/978-3-642-05284-2_4","DOI":"10.1007\/978-3-642-05284-2_4"},{"key":"21","doi-asserted-by":"crossref","unstructured":"[21] M. Ben Salem and S.J. Stolfo, \u201cDecoy document deployment for effective masquerade attack detection,\u201d Detection of Intrusions and Malware, and Vulnerability Assessment, vol.6739, pp.35-54, Springer, Berlin, Heidelberg, 2011. DOI:10.1007\/978-3-642-22424-9_3 10.1007\/978-3-642-22424-9_3","DOI":"10.1007\/978-3-642-22424-9_3"},{"key":"22","doi-asserted-by":"crossref","unstructured":"[22] B.M. Bowen, V.P. Kemerlis, P. Prabhu, A.D. Keromytis, and S.J. Stolfo, \u201cAutomating the injection of believable decoys to detect snooping,\u201d Proc. Third ACM Conference on Wireless Network Security, WiSec '10, pp.81-86, Association for Computing Machinery, New York, NY, USA, 2010. DOI:10.1145\/1741866.1741880 10.1145\/1741866.1741880","DOI":"10.1145\/1741866.1741880"},{"key":"23","doi-asserted-by":"crossref","unstructured":"[23] W.J. Blanke, \u201cData loss prevention using an ephemeral key,\u201d 2011 International Conference on High Performance Computing & Simulation, pp.412-418, IEEE, 2011. DOI: 10.1109\/HPCSim.2011. 5999854 10.1109\/hpcsim.2011.5999854","DOI":"10.1109\/HPCSim.2011.5999854"},{"key":"24","doi-asserted-by":"publisher","unstructured":"[24] M. Backes, N. Grimm, and A. Kate, \u201cData lineage in malicious environments,\u201d IEEE Transactions on Dependable and Secure Computing, vol.13, no.2, pp.178-191, 2016. DOI:10.1109\/TDSC.2015.2399296 10.1109\/tdsc.2015.2399296","DOI":"10.1109\/TDSC.2015.2399296"},{"key":"25","doi-asserted-by":"crossref","unstructured":"[25] T. W\u00fcchner and A. Pretschner, \u201cData loss prevention based on data-driven usage control,\u201d 2012 IEEE 23rd International Symposium on Software Reliability Engineering, pp.151-160, IEEE, 2012. DOI:10.1109\/ISSRE.2012.10 10.1109\/issre.2012.10","DOI":"10.1109\/ISSRE.2012.10"},{"key":"26","unstructured":"[26] Y. Shapira, B. Shapira, and A. Shabtai, \u201cContent-based data leakage detection using extended fingerprinting,\u201d arXiv, 2013. DOI:10.48550\/arXiv.1302.2028 10.48550\/arXiv.1302.2028"},{"key":"27","doi-asserted-by":"crossref","unstructured":"[27] C.H. Suen, R.K.L. Ko, Y.S. Tan, P. Jagadpramana, and B.S. Lee, \u201cS2logger: End-to-end data tracking mechanism for cloud data provenance,\u201d 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, pp.594-602, IEEE, 2013. DOI:10.1109\/TrustCom.2013.73 10.1109\/trustcom.2013.73","DOI":"10.1109\/TrustCom.2013.73"},{"key":"28","unstructured":"[28] K.H. Lee, X. Zhang, and D. Xu, \u201cHigh accuracy attack provenance via binary-based execution partition,\u201d Network and Distributed System Security (NDSS) Symposium, 2013."},{"key":"29","unstructured":"[29] A. Bates, D.J. Tian, K.R. Butler, and T. Moyer, \u201cTrustworthy whole-system provenance for the linux kernel,\u201d In 24th USENIX Security Symposium (USENIX Security 15), pp.319-334. 2015. DOI:10.5555\/2831143.2831164"},{"key":"30","doi-asserted-by":"crossref","unstructured":"[30] W.U. Hassan, S. Guo, D. Li, Z. Chen, K. Jee, Z. Li, and A. Bates, \u201cNodoze: Combatting threat alert fatigue with automated provenance triage,\u201d Network and Distributed System Security (NDSS) Symposium, 2019. DOI:10.14722\/ndss.2019.23349 10.14722\/ndss.2019.23349","DOI":"10.14722\/ndss.2019.23349"},{"key":"31","doi-asserted-by":"crossref","unstructured":"[31] W.U. Hassan, A. Bates, and D. Marino, \u201cTactical provenance analysis for endpoint detection and response systems,\u201d 2020 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, pp.1172-1189, 2020. DOI:10.1109\/SP40000.2020.00096 10.1109\/sp40000.2020.00096","DOI":"10.1109\/SP40000.2020.00096"},{"key":"32","doi-asserted-by":"publisher","unstructured":"[32] H. Studiawan, F. Sohel, and C. Payne, \u201cA survey on forensic investigation of operating system logs,\u201d Digital Investigation, vol.29, pp.1-20, 2019. DOI:10.1016\/j.diin.2019.02.005 10.1016\/j.diin.2019.02.005","DOI":"10.1016\/j.diin.2019.02.005"},{"key":"33","unstructured":"[33] JPCERT Coordination Center, \u201cLogonTracer: Investigate malicious Windows logon by visualizing and analyzing Windows event log,\u201d https:\/\/github.com\/JPCERTCC\/LogonTracer, accessed Oct. 14. 2022."},{"key":"34","unstructured":"[34] J. Berggren, \u201cTimesketch: Collaborative forensic timeline analysis,\u201d https:\/\/github.com\/google\/timesketch, 2019, accessed Oct. 14. 2022."},{"key":"35","doi-asserted-by":"publisher","unstructured":"[35] H. Studiawan, C. Payne, and F. Sohel, \u201cGraph clustering and anomaly detection of access control log for forensic purposes,\u201d Digital Investigation, vol.21, pp.76-87, 2017. DOI:10.1016\/j.diin.2017.05.001 10.1016\/j.diin.2017.05.001","DOI":"10.1016\/j.diin.2017.05.001"},{"key":"36","unstructured":"[36] MITRE Corporation, \u201cExfiltration, Tactic TA0010,\u201d https:\/\/attack.mitre.org\/tactics\/TA0010\/, accessed March 22. 2023."},{"key":"37","unstructured":"[37] MITRE Corporation, \u201cReplication Through Removable Media,\u201d https:\/\/attack.mitre.org\/techniques\/T1091\/, accessed March 22. 2023."},{"key":"38","unstructured":"[38] MITRE Corporation, \u201cExfiltration Over Web Service, Technique T1567,\u201d https:\/\/attack.mitre.org\/techniques\/T1567\/, accessed March 22. 2023."},{"key":"39","unstructured":"[39] UL LLC, \u201cPcmark 10 basic edition,\u201d https:\/\/benchmarks.ul.com\/pcmark10, accessed Oct. 14. 2022."}],"container-title":["IEICE Transactions on Information and Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.jstage.jst.go.jp\/article\/transinf\/E106.D\/9\/E106.D_2022ICP0014\/_pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,9,2]],"date-time":"2023-09-02T04:31:40Z","timestamp":1693629100000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.jstage.jst.go.jp\/article\/transinf\/E106.D\/9\/E106.D_2022ICP0014\/_article"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,9,1]]},"references-count":39,"journal-issue":{"issue":"9","published-print":{"date-parts":[[2023]]}},"URL":"https:\/\/doi.org\/10.1587\/transinf.2022icp0014","relation":{},"ISSN":["0916-8532","1745-1361"],"issn-type":[{"value":"0916-8532","type":"print"},{"value":"1745-1361","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,9,1]]},"article-number":"2022ICP0014"}}