A white-box anomaly-based framework for database leakage detection

Onderzoeksoutput: Bijdrage aan tijdschriftTijdschriftartikelAcademicpeer review

17 Citaten (Scopus)
10 Downloads (Pure)


Data leakage is at the heart most of the privacy breaches worldwide. In this paper we present a white-box approach to detect potential data leakage by spotting anomalies in database transactions. We refer to our solution as white-box because it builds self explanatory profiles that are easy to understand and update, as opposite to black-box systems which create profiles hard to interpret and maintain (e.g., neural networks). In this paper we introduce our approach and we demonstrate that it is a major leap forward w.r.t. previous work on the topic in several aspects: (i) it significantly decreases the number of false positives, which is orders of magnitude lower than in state-of-the-art comparable approaches (we demonstrate this using an experimental dataset consisting of millions of real enterprise transactions); (ii) it creates profiles that are easy to understand and update, and therefore it provides an explanation of the origins of an anomaly; (iii) it allows the introduction of a feedback mechanism that makes possible for the system to improve based on its own mistakes; and (iv) feature aggregation and transaction flow analysis allow the system to detect threats which span over multiple features and multiple transactions.
Originele taal-2Engels
Pagina's (van-tot)27-46
Aantal pagina's20
TijdschriftJournal of Information Security and Applications
StatusGepubliceerd - 1 feb 2017


Duik in de onderzoeksthema's van 'A white-box anomaly-based framework for database leakage detection'. Samen vormen ze een unieke vingerafdruk.

Citeer dit