A white-box anomaly-based framework for database leakage detection

Data leakage is at the heart most of the privacy breaches worldwide. In this paper we present a white-box approach to detect potential data leakage by spotting anomalies in database transactions. We refer to our solution as white-box because it builds self explanatory profiles that are easy to understand and update, as opposite to black-box systems which create profiles hard to interpret and maintain (e.g., neural networks). In this paper we introduce our approach and we demonstrate that it is a major leap forward w.r.t. previous work on the topic in several aspects: (i) it significantly decreases the number of false positives, which is orders of magnitude lower than in state-of-the-art comparable approaches (we demonstrate this using an experimental dataset consisting of millions of real enterprise transactions); (ii) it creates profiles that are easy to understand and update, and therefore it provides an explanation of the origins of an anomaly; (iii) it allows the introduction of a feedback mechanism that makes possible for the system to improve based on its own mistakes; and (iv) feature aggregation and transaction flow analysis allow the system to detect threats which span over multiple features and multiple transactions.