Designing a fast log-tracing scheme for targeted attack prevention

In this paper, we design a fast log-tracing scheme for preventing targeted attacks to enterprise information networks. In these attacks, confidential data leak through application gateways. In order to detect such leakage, a network management server collects multiple logs. Then a gateway traces them to check whether the forwarding data is confidential or not. In the conventional basic scheme, this check will require long processing time if log volume becomes large. In our proposed scheme, at first, multiple logs are preprocessed offline to form a black list. A gateway checks a file to be forwarded online using this black list. The evaluation results show that the tracing time can be shortened to one severalth by means of our proposed scheme.