Research on implicit transmission monitoring of files across business systems

Abstract

File transmission is a key concern of Intranet Security Monitoring. Compared with explicit file transmission within a single system, the implicit transmission of files across various business systems is a difficult problem in current Intranet Security Monitoring. In order to shield the differences of file operations in various business systems, explore the clues of implicit file transmission across different business systems, and realize the retrospective security analysis of complex scenarios related to file transmission, this paper proposes an effective technical framework. Firstly, it takes network flow as the main data source, aiming at different business applications and focusing on files, and extracts valuable business information from flow data. Secondly, it reorganizes key elements such as files, users, and terminals in business information, and uses the file transmission process as a link to form unified high-value clue data. Thirdly, it integrates multiple clues, designs and builds a unified file transmission graph data based on an open-source graph database. Finally, an example of security analysis on the implicit transmission of suspicious files based on the above is given, the results show that the organized file element graph data proposed in this paper can effectively describe the transmission of the same files across different business systems.