Abstract

Silent exfiltration of data by authorized yet malicious or careless insiders have become a significant security issue in the contemporary cloud and mobility-based environments. In many cases, traditional perimeter-based systems are useless after an attacker has a legitimate credential or is on the inside of the trusted network, particularly when the data is slowly drained off through a series of file downloads. The SHA-256 Hash Based Real-Time Duplicate Download Monitoring System with Behavioral Anomaly Detection presented in this paper is aimed at monitoring the pattern of suspicion of retrieval and download abuse based on duplication instead of merely regulating initial access. The proposed solution has a full-stack architecture using React.js on the frontend, Flask on the backend, and SQLite as the persistent storage layer, which creates a light-weight and yet easily extendable monitoring platform. The fundamental component of the system is a hash-based tracking system that operates on the SHA-256 hash to track file content regardless of file names, and thus renaming files is not easily bypassed. Each download event is archived in a structured database structure which distorts raw logs, suspected IP watchlists and prohibited IP registries, permitting real-time reaction and after incident forensics. The multi-stage security engine checks each request by means of banned IP tests, hash integrity test, statistics-based anomalies test, and duplicate hash test, and then categorizes users under active, suspicious or banned category. The supporting visualization of the SOC-type dashboard allows visualizing the current traffic, notifications, and tendencies of behavior, which, in turn, enable the administrators to take actions as soon as some deviations are found. Simulated enterprise experiments suggest that the system is reliable in detecting high-velocity downloads and redundant downloads to reduce data theft via duplicate-based theft at low overhead on regular user behavior. Keywords Data download duplication, duplicate file detection, file hashing, anomaly detection, cybersecurity, cloud security, mobility, web monitoring.

References

• Data Download Duplication Alert System, Int. J. for Research in Applied Science and Engineering Technology IJRASET, 2025.
• DATA DUPLICATE DOWNLOAD ALERT SYSTEM, Int. J. of Computer Science and Engineering IJCSE, 2025.
• S. M. Altowaijri, et al., Efficient Data Aggregation and Duplicate Removal Using Secure Fuzzy Duplication Detection, in Proc. IEEE Conf. on Cloud Computing, year.
• R. R. Kompella, et al., A DNS-based Data Exfiltration Traffic Detection Method for Cyber Ranges, in Proc. IEEE Int. Conf. on Data Science in Cyberspace DSC, 2022.
• T. S. van Ede, Detecting Adaptive Data Exfiltration in HTTP Traffic, M.S. thesis, Univ. of Twente, 2017.
• Insider Threat Detection Using Behavioural Analysis, Int. Res. J. of Modernization in Technology and Engineering, 2025.
• Real-Time Detection of Insider Threats Using Behavioral Analytics, preprint, 2025.