A Survey of Data Leakage Detection and Prevention Solutions

A_Survey_of_Data_Leakage_Detection_and_Prevention_Solutions

Asaf Shabtai, Yuval Elovici, Lior Rokach

Information and data leakage pose a serious threat to companies and organizations as the number of leakage incidents and the cost they inflict continues to increase. Whether caused by malicious intent or by an inadvertent mistake, data loss can diminish a company’s brand, reduce shareholder value, and damage the company’s goodwill and reputation. Data leakage prevention (DLP) has been studied both in academic research areas and in practical application domains. This book aims to provide a structural and comprehensive overview of current research and practical solutions in the DLP domain. Existing solutions have been grouped into different categories based on a taxonomy described in the book. The taxonomy presented characterizes DLP solutions according to various aspects such as leakage source, data state, leakage channel, deployment scheme, prevention and detection approaches, and action taken upon leakage. In the commercial section solutions offered by the leading DLP market players are reviewed based on professional research reports and material obtained from vendor Web sites. In the academic section available academic studies have been clustered into various categories according to the nature of the leakage and the protection provided. Next, the main data leakage scenarios are described, each with the most relevant and applicable solution or approach that will mitigate and reduce the likelihood or impact of data leakage. In addition, several case studies of data leakage and data misuse are presented. Finally, the related research areas of privacy, data anonymization, and secure data publishing are discussed.

In Google books ; in Amazon

Table of content

  • 1. Introduction to Information Security
  • 2. Data Leakage
  • 3. A Taxonomy of Data Leakage Prevention Solutions
    • 3.1 What to protect? (data-state)
    • 3.2 Where to protect? (deployment scheme)
    • 3.3 How to protect? (leakage handling approach)
  • 4. Data Leakage Detection / Prevention Solutions
    • 4.1 A Review of Commercial DLP Solutions
      • 4.1.1 Market overview
      • 4.1.2 Technological offerings of market leaders
      • 4.1.3 Conclusions, remarks, and problems with the state of the art in industrial DLP
      • 4.2.1 Misuse detection in information retrieval (IR) systems
      • 4.2.2 Misuse detection in databases
      • 4.2.3 Email leakage protection
      • 4.2.4 Network/Web-based protection
      • 4.2.5 Encryption and access control
      • 4.2.6 Hidden data in files
      • 4.2.7 Honeypots for detecting malicious insiders
    • 4.2 Academic Research in the DLP Domain
  • 5. Data Leakage / Misuse Scenarios
    • 5.1 Classification of Data Leakage / Misuse Scenarios
    • 5.2 Description of Main Data Leakage / Misuse Scenarios
    • 5.3 Discussion
  • 6. Privacy, Data Anonymization, and Secure Data Publishing
    • 6.1 Introduction to data anonymization
    • 6.2 Elementary anonymization operations
    • 6.4 Metrics
    • 6.5 Standard Anonymization Algorithms
    • 6.6 Multiple-Release Publishing
  • 7. Case studies
    • 7.1 Misuse detection in database systems
      • 7.1.1 Applying unsupervised context-based analysis
      • 7.1.2 Calculating a Misusability Score for tabular data
    • 7.2 Using Honeytokens
    • 7.3 Email Leakage
  • 8. Future Trends in Data Leakage
  • References

Additional research publications:

[1] Harel, A., Shabtai, A., Rokach, L., Elovici, Y., “M-score: A Misuseability Weight Measure”, IEEE Transactions on Dependable and Secure Computing, 9(3), 2012, 414-428.
[2]

Gafny, M., Shabtai, A., Rokach, L., Elovici, Y., “OCCT: A One-Class Clustering Tree for One-to-Many Data Linkage”, - working paper

Illustrating OCCT: A One-Class Clustering Tree for One-to-Many Data Linkage (ppt)

Data linkage datasets for evaluation: Database Misuse Domain, Movie Recommender Domain, Fraud Detection Domain (cannot be made public due to privacy reasons)

[3] Gafny, M., Shabtai, A., Rokach, L., Elovici, Y., “Applying Unsupervised Context-Based Analysis for Detecting Unauthorized Data Disclosure”, In Proceedings of the ACM CCS, Chicago, USA, October 17-21, 2011
[4] Harel, A., Shabtai, A., Rokach, L., Elovici, Y., “Dynamic Sensitivity-Based Access Control”, In Proceedings of the IEEE Intelligence and Security Informatics (ISI 2011), Beijing, China, July 10-12, 2011
[5] Berkovich, M., Renford, M., Hansson, L., Shabtai, A., Rokach, L., Elovici, Y., “HoneyGen: an Automated Honeytokens Generator”, In Proceedings of the IEEE Intelligence and Security Informatics (ISI 2011), Beijing, China, July 10-12, 2011
[6] Zilberman, P., Katz, G., Elovici, Y., Shabtai, A., and Dolev, S., “Analyzing Group Communication for Preventing Data Leakage via Email”, In Proceedings of the IEEE Intelligence and Security Informatics (ISI 2011), Beijing, China, July 10-12, 2011
[7] Harel, A., Shabtai, A., Rokach, L., and Elovici, Y. "Preventing Data Misuse: Eliciting Domain Expert Misuseability Conceptions". In Proceedings of the 6th international conference on knowledge capture (K-CAP 2011), June 26-29, 2011, Banff, Canada
[8] Zilberman, P., Shabtai, A., Rokach, L., “Analyzing Group Communication for Preventing Accidental Data Leakage via Email”, In Proceedings of the Workshop on Collaborative Methods for Security and Privacy (CollSec 2010), Washington DC, USA, August 10, 2010
[9] Gafny, M., Shabtai, A., Rokach, L., Elovici, Y., “Detecting Data Misuse By Applying Context-Based Data Linkage”, In Proceedings of the ACM CCS Workshop on Insider Threats (WITS 2010), Chicago, USA, October 10, 2010
[10] Harel, A., Shabtai, A., Rokach, L., Elovici, Y., “M-Score: Estimating the Potential Damage of Data Leakage Incident by Assigning Misuseability Weight”, In Proceedings of the ACM CCS Workshop on Insider Threats (WITS 2010), Chicago, USA, October 10, 2010
[11] Gilad Katz, Yuval Elovici, Bracha Shapira, "A New Model for Data Leakage Prevention", Technical Report, October 20th, 2011

About Telekom Innovation Laboratories

LogoDTGerman

As one of the world's leading telecommunications and information technology service providers, Telekom Innovation Laboratories is setting international standards.

Contact Us

contact_us

Telekom Innovation Laboratories at Ben-Gurion University of the Negev - P.O.B. 653 Beer Sheva, 84105, Israel
Phone: +972 8 6428120/21
e-mail : This email address is being protected from spambots. You need JavaScript enabled to view it.