KR101678179B1 - Device of detecting wrongful use of personal information - Google Patents
Device of detecting wrongful use of personal information Download PDFInfo
- Publication number
- KR101678179B1 KR101678179B1 KR1020150064461A KR20150064461A KR101678179B1 KR 101678179 B1 KR101678179 B1 KR 101678179B1 KR 1020150064461 A KR1020150064461 A KR 1020150064461A KR 20150064461 A KR20150064461 A KR 20150064461A KR 101678179 B1 KR101678179 B1 KR 101678179B1
- Authority
- KR
- South Korea
- Prior art keywords
- decryption
- requests
- encryption
- log data
- user
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Abstract
The privacy tamper detection device includes a log data collector, a condition log data generator, and a detector. The log data collector receives log data provided from a plurality of token servers. The condition log data generator separates log data according to a predetermined detection condition and provides condition log data. The detector determines whether the system is illegally used based on the condition log data. The apparatus for detecting fraudulent use of personal information according to the embodiments of the present invention can determine whether the system is fraudulent or not based on condition log data generated according to detection conditions.
Description
BACKGROUND OF THE
Personal information may be encrypted in order to maintain the security of personal information. Even if personal information is encrypted, personal information may be used illegally by others. Various studies have been conducted to prevent illegal use of personal information by others.
An object of the present invention is to provide an apparatus for detecting fraudulent use of personal information that can determine whether fraudulent use of the system is based on condition log data generated according to detection conditions.
In order to accomplish one object of the present invention, a device for detecting fraudulent use of personal information according to embodiments of the present invention includes a log data collector, a condition log data generator, and a detector. The log data collector receives log data provided from a plurality of token servers. The condition log data generator separates the log data according to a predetermined detection condition and provides condition log data. The detector determines whether the system is fraudulent or not based on the condition log data.
In an exemplary embodiment, the detection condition includes a system access IP address, a system access time, a number of encryption requests corresponding to the number of requests for encryption to the system, and a number of decryption requests corresponding to the number of requests for decryption to the system .
In an exemplary embodiment, if the system access IP address is an international IP address, the detector may determine that the system is fraudulent.
In an exemplary embodiment, if the system access time is a time when access to the system is not allowed and the number of decryption requests is greater than a predetermined number of decryption limits, the detector may determine that the system is fraudulent .
In an exemplary embodiment, if the number of decryption requests is greater than the decryption limit count for a policy that is not allowed to be accessed among the policies included in the system, the detector may determine that the system is fraudulent.
In an exemplary embodiment, if the data size of the encryption and decryption is greater than a predetermined data limit size and the number of encryption requests and the number of decryption requests are greater than a predetermined number of encryption thresholds and a decryption limit number, It can be determined that the system is illegally used.
In an exemplary embodiment, the personal information fraud detection apparatus may further include a multidimensional analyzer for providing pattern information corresponding to a pattern of accessing the system for each user of the system access IP address based on the log data have.
In an exemplary embodiment, the pattern information may be determined based on the user, the system access time, the number of encryption requests, the number of decryption requests, and the policy included in the system.
In an exemplary embodiment, the pattern information may be determined according to a dimension selection signal for selecting the system access time, the number of encryption requests, the number of decryption requests, and a part of policies included in the system.
In an exemplary embodiment, the pattern information may be an encryption request count, an average, a standard deviation, and a maximum value of the number of decryption requests for each system access time period.
In an exemplary embodiment, the pattern information is updated at predetermined time intervals, and the pattern information may be stored in a pattern information register included in the multi-dimensional analyzer.
In an exemplary embodiment, when the number of encryption and the number of decryption of the user are greater than the maximum value, the multi-dimensional analyzer can provide a warning message. And the multidimensional analyzer can provide a caution message when the number of encryption and the number of decryption of the user are smaller than the maximum value and larger than a sum of the average and the standard deviation. The multidimensional analyzer may provide a security message if the number of encryption and the number of decryption of the user are less than a sum of the average and the standard deviation.
The apparatus for detecting fraudulent use of personal information according to the embodiments of the present invention can determine whether the system is fraudulent or not based on condition log data generated according to detection conditions.
1 is a block diagram illustrating an apparatus for detecting fraudulent use of personal information according to embodiments of the present invention.
FIG. 2 is a diagram for explaining a case where the personal information fraud detection apparatus of FIG. 1 determines that the system is fraudulent.
FIG. 3 is a diagram for explaining a case where the personal information fraud detection apparatus of FIG. 1 determines that the system is fraudulent use based on the number of times of request for an encryption / decryption request.
FIG. 4 is a diagram for explaining a case where the personal information fraud detection apparatus of FIG. 1 determines that the system is fraudulent use based on a data size.
FIG. 5 is a diagram for explaining a case where the personal information fraud detection apparatus of FIG. 1 determines that the system is fraudulent use based on the number of requests for encryption / decryption for each policy.
FIG. 6 is a diagram for explaining a case where the personal information fraud detection apparatus of FIG. 1 determines that the system is fraudulent use based on data size of each policy.
FIG. 7 is a block diagram illustrating an apparatus for detecting fraudulent use of personal information according to an exemplary embodiment of the present invention. Referring to FIG.
FIGS. 8 and 9 are views showing examples of the number of encryption request times and the number of decryption request times of the user according to the dimension selection signal in the personal information fraud detection apparatus of FIG. 7;
FIG. 10 is a diagram illustrating an example of a multidimensional analyzer included in the personal information fraud detection apparatus of FIG.
For the embodiments of the invention disclosed herein, specific structural and functional descriptions are set forth for the purpose of describing an embodiment of the invention only, and it is to be understood that the embodiments of the invention may be practiced in various forms, And is not to be construed as limited to the embodiments described in Figs.
The present invention is capable of various modifications and various forms, and specific embodiments are illustrated in the drawings and described in detail in the text. It is to be understood, however, that the invention is not intended to be limited to the particular forms disclosed, but on the contrary, is intended to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the invention.
The terms first, second, etc. may be used to describe various components, but the components should not be limited by the terms. The terms may be used for the purpose of distinguishing one component from another. For example, without departing from the scope of the present invention, the first component may be referred to as a second component, and similarly, the second component may also be referred to as a first component.
It is to be understood that when an element is referred to as being "connected" or "connected" to another element, it may be directly connected or connected to the other element, . On the other hand, when an element is referred to as being "directly connected" or "directly connected" to another element, it should be understood that there are no other elements in between. Other expressions that describe the relationship between components, such as "between" and "between" or "neighboring to" and "directly adjacent to" should be interpreted as well.
The terminology used in this application is used only to describe a specific embodiment and is not intended to limit the invention. The singular expressions include plural expressions unless the context clearly dictates otherwise. In the present application, the terms "comprise", "having", and the like are intended to specify the presence of stated features, integers, steps, operations, elements, components, or combinations thereof, , Steps, operations, components, parts, or combinations thereof, as a matter of principle.
Unless otherwise defined, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Terms such as those defined in commonly used dictionaries should be construed as meaning consistent with meaning in the context of the relevant art and are not to be construed as ideal or overly formal in meaning unless expressly defined in the present application .
Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. The same reference numerals are used for the same constituent elements in the drawings and redundant explanations for the same constituent elements are omitted.
1 is a block diagram illustrating an apparatus for detecting fraudulent use of personal information according to embodiments of the present invention.
Referring to FIG. 1, the personal information
The condition
Also, the condition
For example, the condition log data (CLOG_D) generated according to the detection condition (D_C) can be analyzed to determine whether the same user uses multiple IP addresses, and the condition log data (CLOG_D ), It is possible to determine whether multiple users use the same IP address or not, and to determine whether or not the IP address is fraudulent based on the use position of the IP address determined according to the detection condition D_C. The
FIG. 2 is a diagram for explaining a case where the personal information fraud detection apparatus of FIG. 1 determines that the system is fraudulent.
Referring to FIGS. 1 and 2, the detection condition D_C includes a system access IP address, a system access time, an encryption request count RC_E corresponding to the number of requests for encryption to the system, and a decryption request Number of times (RC_D).
In an exemplary embodiment, if the system access IP address (ip address) is the foreign IP address, the
In an exemplary embodiment, if the system access time is a time when access to the system is not allowed and the number of decryption requests RC_D is greater than a predetermined number of decryption thresholds DLN, It can be judged. For example, the time when the system is not allowed to access may be from 11 pm to 3 am. The system access time of the system access IP address included in the third log data LOG_D3 provided from the third
In an exemplary embodiment, if the number of decryption requests (RC_D) is greater than the number of decryption limits (DLN) for a policy that is not allowed to be accessed among the policies included in the system, the
FIG. 3 is a diagram for explaining a case where the personal information fraud detection apparatus of FIG. 1 determines that the system is fraudulent use based on the number of times of request for an encryption / decryption request.
3, when the number of encryption request (RC_E) and the number of decryption request (RC_D) are greater than a predetermined number of encryption limit (ELN) and the number of decryption limit (DLN), the
The
FIG. 4 is a diagram for explaining a case where the personal information fraud detection apparatus of FIG. 1 determines that the system is fraudulent use based on a data size.
Referring to FIG. 4, if the data size DS of the encryption and decryption is larger than a predetermined data limit size DLS, the
FIG. 5 is a view for explaining a case where the apparatus for fraudulent use of personal information shown in FIG. 1 judges fraudulent use of the system on the basis of the number of requests for encryption / decryption for each policy. FIG. Is judged to be unauthorized use of the system based on the policy-specific data size.
5, if the number of encryption requests RC_E and the number of decryption requests RC_D are greater than a predetermined number of encryption thresholds ELN and the number of decryption thresholds DLN for a particular policy, It can be judged to be illegal use. If the number of encryption request (RC_E) and the number of decryption request (RC_D) are smaller than a predetermined number of encryption limit number (ELN) and the number of decryption limit number (DLN), the
Referring to FIG. 6, if the data size (DS) of encryption and decryption is larger than a predetermined data limit size (DLS) for a specific policy, the
The
FIG. 7 is a block diagram illustrating an apparatus for detecting fraudulent use of personal information according to an exemplary embodiment of the present invention. FIG. 8 and FIG. 9 are diagrams for explaining a method for detecting a fraudulent use of personal information, FIG. 8 is a diagram showing examples of the number of requests. FIG.
7 to 9, the personal information
In the exemplary embodiment, the
In the exemplary embodiment, the pattern information PA_I is determined according to the system access time, the number of encryption request (RC_E), the number of decryption request (RC_D), and the dimension selection signal DS_S for selecting some of the policies included in the system . For example, when the dimension selection signal DS_S is the first selection signal, the pattern information PA_I may be determined based on the system access time, the number of encryption requests RC_E, and the number of decryption requests RC_D. Also, when the dimension selection signal DS_S is the second selection signal, the pattern information PA_I may be determined based on the system access time, the number of encryption requests RC_E, the number of decryption requests RC_D, and the policy.
In the exemplary embodiment, the pattern information PA_I may be an average, a standard deviation, and a maximum value of the number of encryption request times RC_E and the number of decryption request times RC_D for each system access time period. The pattern information PA_I may be determined based on information on the user, the system access time, the number of encryption requests (RC_E), and the number of decryption requests (RC_D) during the first time interval.
The pattern information PA_I can be calculated every time unit. For example, the average of the number of times of encryption request (RC_E) at 1:00 PM of the user every day may be included in the pattern information (PA_I), and the standard deviation of the number of times of encryption request (RC_E) PA_I), and the maximum value of the number of times of encryption request (RC_E) at 1:00 PM of the user every day may be included in the pattern information PA_I. The average of the number of decryption requests RC_D at 1:00 PM every day may be included in the pattern information PA_I and the standard deviation of the number of decryption requests RC_D at 1:00 PM every day may be used as the pattern information PA_I, , And the maximum value of the number of decryption requests (RC_D) at 1:00 PM of the user every day may be included in the pattern information PA_I.
The pattern information PA_I can be calculated on a daily basis. For example, the average of the number of times of encryption requests RC_E on the 10th day of the month of the user may be included in the pattern information PA_I, and the standard deviation of the number of times of encryption requests RC_E on the 10th day of each month, , And the maximum value of the number of times of encryption request (RC_E) at the 10th day of the month by the user may be included in the pattern information PA_I. In addition, the average of the decryption request count RC_D on the 10th day of the month can be included in the pattern information PA_I, and the standard deviation of the decryption request count RC_D on the 10th day of the month is included in the pattern information PA_I , And the maximum value of the number of times of decryption request (RC_D) by the user on the 10th day of the month may be included in the pattern information PA_I.
The pattern information PA_I can be calculated every day of the week. For example, the average of the number of times of encryption request RC_E may be included in the pattern information PA_I every Monday by the user, and the standard deviation of the number of times of encryption request RC_E may be included in the pattern information PA_I every Monday , And the maximum value of the number of times of encryption request (RC_E) by the user every Monday may be included in the pattern information PA_I. In addition, the average of the decryption request count RC_D every Monday by the user may be included in the pattern information PA_I, and the standard deviation of the decryption request count RC_D may be included in the pattern information PA_I every Monday by the user , The maximum value of the number of times of decryption (RC_D) requested by the user every Monday may be included in the pattern information PA_I.
FIG. 10 is a diagram illustrating an example of a multidimensional analyzer included in the personal information fraud detection apparatus of FIG.
Referring to FIG. 10, the pattern information PA_I may be updated at predetermined time intervals, and the pattern information PA_I may be stored in the pattern information register 510 included in the
In an exemplary embodiment, if the number of times the user's encryption and the number of decryption are greater than the maximum value, the
The apparatus for detecting fraudulent use of personal information according to the embodiments of the present invention can determine whether the system is fraudulent or not based on the condition log data generated according to the detection condition and can be applied to various security systems.
While the present invention has been described with reference to the preferred embodiments thereof, it will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit and scope of the invention as defined in the appended claims. It will be understood.
Claims (12)
The log data is separated according to predetermined detection conditions including a system access IP address, a system access time, a number of encryption requests corresponding to the number of requests for encryption to the system, and a number of decryption requests corresponding to the number of requests for decryption to the system A condition log data generator for providing condition log data;
A detector for determining whether the system is illegally used based on the condition log data; And
And a multi-dimensional analyzer for analyzing the log data and periodically updating pattern information corresponding to a pattern of accessing the system for each user of the system access IP address at predetermined time intervals,
Wherein the pattern information includes an average, a standard deviation, and a maximum value of the number of encryption requests and the number of decryption requests for each system access time period,
Wherein the multidimensional analyzer analyzes the number of times of the encryption request in the current time zone of the user, the number of decryption requests in the user's current time zone, the average number of times of encryption requests and the average number of decryption requests, And provides one of a warning message, a caution message, and a safety message based on the deviation and the maximum value.
And if the system access IP address is an overseas IP address, the detector determines that the system is fraudulent use.
Wherein the detector determines that the system is illegally used if the system access time is a time during which access to the system is not allowed and the number of decryption requests is greater than a predetermined number of decryption limits. Device.
Wherein the detector determines that the system is fraudulent if the number of decryption requests is greater than the decryption limit count for a policy that is not allowed to be accessed among the policies included in the system. .
When the data size of the encryption and the decryption is larger than a predetermined data limit size and the number of encryption requests and the number of decryption requests are larger than a predetermined number of encryption limit times and a decryption limit number, Wherein the personal information tamper detection device detects the unauthorized use of personal information.
Wherein the pattern information is determined based on the user, the system access time, the number of encryption requests, the number of decryption requests, and the policy included in the system.
Wherein the pattern information is determined according to a dimension selection signal for selecting the system access time, the number of encryption requests, the number of decryption requests, and a part of policies included in the system.
Wherein the pattern information is stored in a pattern information register included in the multidimensional analyzer.
When the number of times of the encryption request and the number of decryption requests of the user are larger than the maximum value, the multi-dimensional analyzer provides the warning message,
Wherein the multidimensional analyzer provides the attention message when the number of times of the encryption request and the number of decryption requests of the user are smaller than the maximum value and larger than a sum of the average and the standard deviation,
Wherein the multidimensional analyzer provides the security message if the number of times the encryption is requested by the user and the number of decryption requests are smaller than a sum of the average and the standard deviation.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150064461A KR101678179B1 (en) | 2015-05-08 | 2015-05-08 | Device of detecting wrongful use of personal information |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150064461A KR101678179B1 (en) | 2015-05-08 | 2015-05-08 | Device of detecting wrongful use of personal information |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20160131619A KR20160131619A (en) | 2016-11-16 |
KR101678179B1 true KR101678179B1 (en) | 2016-11-21 |
Family
ID=57537845
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150064461A KR101678179B1 (en) | 2015-05-08 | 2015-05-08 | Device of detecting wrongful use of personal information |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101678179B1 (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR102151173B1 (en) * | 2019-01-14 | 2020-09-02 | 펜타시큐리티시스템 주식회사 | Method and apparatus for detecting abnormal behavior of groupware user |
KR102134653B1 (en) | 2019-11-25 | 2020-07-16 | 한국인터넷진흥원 | Apparatus for rule optimization to improve detection accuracy for exploit attacks and method thereof |
KR20230113121A (en) | 2022-01-21 | 2023-07-28 | 한양대학교 산학협력단 | Heteroaryl derivatives and uses thereof |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002318734A (en) | 2001-04-18 | 2002-10-31 | Teamgia:Kk | Method and system for processing communication log |
JP5179792B2 (en) * | 2007-07-13 | 2013-04-10 | 株式会社日立システムズ | Operation detection system |
KR101278971B1 (en) | 2011-04-12 | 2013-07-30 | 주식회사 위즈디엔에스코리아 | Interception system for preventing dishonestly using information and Method thereof |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4575190B2 (en) * | 2005-02-24 | 2010-11-04 | 三菱電機株式会社 | Audit log analysis apparatus, audit log analysis method, and audit log analysis program |
-
2015
- 2015-05-08 KR KR1020150064461A patent/KR101678179B1/en active IP Right Grant
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002318734A (en) | 2001-04-18 | 2002-10-31 | Teamgia:Kk | Method and system for processing communication log |
JP5179792B2 (en) * | 2007-07-13 | 2013-04-10 | 株式会社日立システムズ | Operation detection system |
KR101278971B1 (en) | 2011-04-12 | 2013-07-30 | 주식회사 위즈디엔에스코리아 | Interception system for preventing dishonestly using information and Method thereof |
Also Published As
Publication number | Publication date |
---|---|
KR20160131619A (en) | 2016-11-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10211978B2 (en) | Data security in a disconnected environment | |
US7415719B2 (en) | Policy specification framework for insider intrusions | |
US9152808B1 (en) | Adapting decoy data present in a network | |
US20060174346A1 (en) | Instrumentation for alarming a software product | |
KR101678179B1 (en) | Device of detecting wrongful use of personal information | |
KR20130118335A (en) | Using power fingerprinting (pfp) to monitor the integrity and enhance security of computer based systems | |
US10462170B1 (en) | Systems and methods for log and snort synchronized threat detection | |
US11070876B2 (en) | Security monitoring with attack detection in an audio/video processing device | |
US11310278B2 (en) | Breached website detection and notification | |
CN114884678A (en) | Block chain-based data security management method and system | |
KR101451782B1 (en) | User verification system via mouse movement pattern and method thereof | |
CN102945254A (en) | Method for detecting abnormal data among TB-level mass audit data | |
GB2535579A (en) | Preventing unauthorized access to an application server | |
US8353032B1 (en) | Method and system for detecting identity theft or unauthorized access | |
Kim et al. | A system for detection of abnormal behavior in BYOD based on web usage patterns | |
US8819815B1 (en) | Method and system for distributing and tracking information | |
Weng et al. | TLSmell: Direct Identification on Malicious HTTPs Encryption Traffic with Simple Connection-Specific Indicators. | |
US11882107B2 (en) | Application single sign-on determinations based on intelligent traces | |
GB2505529A (en) | Protecting a user from compromised web resources | |
JP5454166B2 (en) | Access discrimination program, apparatus, and method | |
US9043943B1 (en) | Self-destructing content | |
KR101566882B1 (en) | System and method for monitoring encrypted database and preventing massive decryption | |
CN116980237B (en) | Urban safety informatization data acquisition method | |
Margulies | Sweeping Claims and Casual Legal Analysis in the Latest UN Mass Surveillance Report | |
Нестерчук et al. | SECURITY OF PERSONAL DATE |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant |