Using malware for the greater good: Mitigating data leakage

Mordechai Guri, Rami Puzis, Kim-Kwang Raymond Choo, Sergey Rubinshtein, Gabi Kedma, Yuval Elovici

Journal of Network and Computer Applications 145, 102405, 2019

Accidental (i.e., non-malicious) data leakage can occur through emails, storage media, file-sharing services, social networks, and so on, and are one of the most commonly reported threats. We present DocGuard, a novel method designed to counter accidental data leakage. Unlike existing solutions, DocGuard is effective even when a file has already leaked out of the organization’s network. However, our approach does not require additional installation or software update, outside the organizational network, and it supports virtually any type of file (e.g., binaries, source-code, documents and media). Specifically, the key idea is to let existing anti-malware/anti-virus (AV) products (at the user PCs, cloud services, ISPs and e-mail gateways) identify the leaked file and block access to the identified file, in the same manner the AV product stops the propagation of an identified malware. DocGuard injects a hidden signature …