A white-box anomaly-based framework for database leakage detection

Onderzoeksoutput: Bijdrage aan tijdschriftTijdschriftartikelAcademicpeer review

12 Citaties (Scopus)

Uittreksel

Data leakage is at the heart most of the privacy breaches worldwide. In this paper we present a white-box approach to detect potential data leakage by spotting anomalies in database transactions. We refer to our solution as white-box because it builds self explanatory profiles that are easy to understand and update, as opposite to black-box systems which create profiles hard to interpret and maintain (e.g., neural networks). In this paper we introduce our approach and we demonstrate that it is a major leap forward w.r.t. previous work on the topic in several aspects: (i) it significantly decreases the number of false positives, which is orders of magnitude lower than in state-of-the-art comparable approaches (we demonstrate this using an experimental dataset consisting of millions of real enterprise transactions); (ii) it creates profiles that are easy to understand and update, and therefore it provides an explanation of the origins of an anomaly; (iii) it allows the introduction of a feedback mechanism that makes possible for the system to improve based on its own mistakes; and (iv) feature aggregation and transaction flow analysis allow the system to detect threats which span over multiple features and multiple transactions.
TaalEngels
Pagina's27-46
TijdschriftJournal of Information Security and Applications
Volume32
DOI's
StatusGepubliceerd - 2017

Vingerafdruk

Agglomeration
Neural networks
Feedback
Industry

Citeer dit

@article{8e47c1509e8148cc9e724ebcd07254fc,
title = "A white-box anomaly-based framework for database leakage detection",
abstract = "Data leakage is at the heart most of the privacy breaches worldwide. In this paper we present a white-box approach to detect potential data leakage by spotting anomalies in database transactions. We refer to our solution as white-box because it builds self explanatory profiles that are easy to understand and update, as opposite to black-box systems which create profiles hard to interpret and maintain (e.g., neural networks). In this paper we introduce our approach and we demonstrate that it is a major leap forward w.r.t. previous work on the topic in several aspects: (i) it significantly decreases the number of false positives, which is orders of magnitude lower than in state-of-the-art comparable approaches (we demonstrate this using an experimental dataset consisting of millions of real enterprise transactions); (ii) it creates profiles that are easy to understand and update, and therefore it provides an explanation of the origins of an anomaly; (iii) it allows the introduction of a feedback mechanism that makes possible for the system to improve based on its own mistakes; and (iv) feature aggregation and transaction flow analysis allow the system to detect threats which span over multiple features and multiple transactions.",
author = "E. Costante and {den Hartog}, J. and M. Petkovic and S. Etalle and M. Pechenizkiy",
year = "2017",
doi = "10.1016/j.jisa.2016.10.001",
language = "English",
volume = "32",
pages = "27--46",
journal = "Journal of Information Security and Applications",
issn = "2214-2126",
publisher = "Elsevier",

}

A white-box anomaly-based framework for database leakage detection. / Costante, E.; den Hartog, J.; Petkovic, M.; Etalle, S.; Pechenizkiy, M.

In: Journal of Information Security and Applications, Vol. 32, 2017, blz. 27-46.

Onderzoeksoutput: Bijdrage aan tijdschriftTijdschriftartikelAcademicpeer review

TY - JOUR

T1 - A white-box anomaly-based framework for database leakage detection

AU - Costante,E.

AU - den Hartog,J.

AU - Petkovic,M.

AU - Etalle,S.

AU - Pechenizkiy,M.

PY - 2017

Y1 - 2017

N2 - Data leakage is at the heart most of the privacy breaches worldwide. In this paper we present a white-box approach to detect potential data leakage by spotting anomalies in database transactions. We refer to our solution as white-box because it builds self explanatory profiles that are easy to understand and update, as opposite to black-box systems which create profiles hard to interpret and maintain (e.g., neural networks). In this paper we introduce our approach and we demonstrate that it is a major leap forward w.r.t. previous work on the topic in several aspects: (i) it significantly decreases the number of false positives, which is orders of magnitude lower than in state-of-the-art comparable approaches (we demonstrate this using an experimental dataset consisting of millions of real enterprise transactions); (ii) it creates profiles that are easy to understand and update, and therefore it provides an explanation of the origins of an anomaly; (iii) it allows the introduction of a feedback mechanism that makes possible for the system to improve based on its own mistakes; and (iv) feature aggregation and transaction flow analysis allow the system to detect threats which span over multiple features and multiple transactions.

AB - Data leakage is at the heart most of the privacy breaches worldwide. In this paper we present a white-box approach to detect potential data leakage by spotting anomalies in database transactions. We refer to our solution as white-box because it builds self explanatory profiles that are easy to understand and update, as opposite to black-box systems which create profiles hard to interpret and maintain (e.g., neural networks). In this paper we introduce our approach and we demonstrate that it is a major leap forward w.r.t. previous work on the topic in several aspects: (i) it significantly decreases the number of false positives, which is orders of magnitude lower than in state-of-the-art comparable approaches (we demonstrate this using an experimental dataset consisting of millions of real enterprise transactions); (ii) it creates profiles that are easy to understand and update, and therefore it provides an explanation of the origins of an anomaly; (iii) it allows the introduction of a feedback mechanism that makes possible for the system to improve based on its own mistakes; and (iv) feature aggregation and transaction flow analysis allow the system to detect threats which span over multiple features and multiple transactions.

U2 - 10.1016/j.jisa.2016.10.001

DO - 10.1016/j.jisa.2016.10.001

M3 - Article

VL - 32

SP - 27

EP - 46

JO - Journal of Information Security and Applications

T2 - Journal of Information Security and Applications

JF - Journal of Information Security and Applications

SN - 2214-2126

ER -