Because of the widespread of Trojans,organizations and Internet users become more vulnerable to the threat of information leakage.This paper describes an information leakage detection system( ILDS) to detect sensitive information leakage caused by Trojan.In particular,the principles of the system are based on the analysis of net-flows in four perspectives: heartbeat behavior analysis,DNS abnormal analysis,uploaddownload ratio and content analysis.Heartbeat behavior analysis and DNS abnormal analysis are used to detect the existence of Trojans while upload-download ratio and content analysis can quickly detect when the information leakage happens.Experiments indicate that the system is reliable and efficient in detecting information leakage.The system can also help to collect and preserve digital evidence when information leakage incident occurs.
