File Detection on Network Traffic Using Approximate Matching
In recent years, internet technologies changed enormously and allow faster Internet connections, higher data rates and mobile usage. Hence, it is possible to send huge amounts of data / les easily which is often used by insiders or attackers to steal intellectual property. As a consequence, Data Leakage Prevention Systems (DLPS) have been developed which analyze network traffic and alert in case of a data leak. Although the overall concepts of the detection techniques are known, the systems are mostly closed and commercial. Within this paper the authors, present a new technique for network traffic analysis based on approximate matching (a.k.a fuzzy hashing) which is very common in digital forensics to correlate similar les.