• Technical Name
  • Data Leakage Detection for Health Information System based on Memory Introspection
  • Operator
  • National Chiao Tung University
  • Booth
  • Online display only
  • Contact
  • 陳靜怡
  • Email
  • cchingyi@nctu.edu.tw
Technical Description In light of the rising need for more effective data loss prevention, we propose a novel data leakage detection system based on memory introspection and pattern recognition. The proposed system is robust against transport layer encryption such as Transport Layer Security (TLS)/Secure Sockets Layer (SSL) and at-rest data encryption such as disk or file encryption. By examining the raw contents in the memory directly, the system is largely message format-agnostic, thereby is compatible with different types of custom software.
Scientific Breakthrough Hypervisor-based System Memory Snapshot
The proposed system uses hypervisor memory introspection to extract the memory contents, which does not require suspending the target process and has full access to the whole system memory.

Process Memory Extraction
The system employs the well-established Volatility framework for extracting the process memory.

Structured Data Extraction
The proposed system uses low-complexity heuristics to filter out the invalid segments and require few number of data validation rounds than existing algorithms.

Pattern Recognition based Privacy Data Detection
We use the Ocr.space engine API to recognize text in the image. All the text is extracted by capturing the position coordinates corresponding to the text frame.
Industrial Applicability Tracking the flow of sensitive data is very important for both government agencies and corporates. Following the implementation of the Personal Data Protection Act, businesses at any level and of any type all have to pay attention to the management and protection of personal data. The proposed technology can be materialized through various channels including IT equipment vendors, cybersecurity companies, or system integration companies.