A white-box anomaly-based framework for database leakage detection

Research output: Contribution to journalArticleAcademicpeer-review

17 Citations (Scopus)
9 Downloads (Pure)

Abstract

Data leakage is at the heart most of the privacy breaches worldwide. In this paper we present a white-box approach to detect potential data leakage by spotting anomalies in database transactions. We refer to our solution as white-box because it builds self explanatory profiles that are easy to understand and update, as opposite to black-box systems which create profiles hard to interpret and maintain (e.g., neural networks). In this paper we introduce our approach and we demonstrate that it is a major leap forward w.r.t. previous work on the topic in several aspects: (i) it significantly decreases the number of false positives, which is orders of magnitude lower than in state-of-the-art comparable approaches (we demonstrate this using an experimental dataset consisting of millions of real enterprise transactions); (ii) it creates profiles that are easy to understand and update, and therefore it provides an explanation of the origins of an anomaly; (iii) it allows the introduction of a feedback mechanism that makes possible for the system to improve based on its own mistakes; and (iv) feature aggregation and transaction flow analysis allow the system to detect threats which span over multiple features and multiple transactions.
Original languageEnglish
Pages (from-to)27-46
Number of pages20
JournalJournal of Information Security and Applications
Volume32
DOIs
Publication statusPublished - 1 Feb 2017

Keywords

  • Data leakage
  • Database intrusion detection
  • Database monitoring
  • Insider threats

Fingerprint Dive into the research topics of 'A white-box anomaly-based framework for database leakage detection'. Together they form a unique fingerprint.

Cite this