- Authors:
- Asaf Shabtai,
- Yuval Elovici,
- Lior Rokach
SpringerBriefs present concise summaries of cutting-edge research and practical applications across a wide spectrum of fields. Featuring compact volumes of 50 to 100 pages (approximately 20,000- 40,000 words), the series covers a range of content from professional to academic. Briefs allow authors to present their ideas and readers to absorb them with minimal time investment. As part of Springers eBook collection, SpringBriefs are published to millions of users worldwide. Information/Data Leakage poses a serious threat to companies and organizations, as the number of leakage incidents and the cost they inflict continues to increase. Whether caused by malicious intent, or an inadvertent mistake, data loss can diminish a companys brand, reduce shareholder value, and damage the companys goodwill and reputation. This book aims to provide a structural and comprehensive overview of the practical solutions and current research in the DLP domain. This is the first comprehensive book that is dedicated entirely to the field of data leakage and covers all important challenges and techniques to mitigate them. Its informative, factual pages will provide researchers, students and practitioners in the industry with a comprehensive, yet concise and convenient reference source to this fascinating field. We have grouped existing solutions into different categories based on a described taxonomy. The presented taxonomy characterizes DLP solutions according to various aspects such as: leakage source, data state, leakage channel, deployment scheme, preventive/detective approaches, and the action upon leakage. In the commercial part we review solutions of the leading DLP market players based on professional research reports and material obtained from the websites of the vendors. In the academic part we cluster the academic work according to the nature of the leakage and protection into various categories. Finally, we describe main data leakage scenarios and present for each scenario the most relevant and applicable solution or approach that will mitigate and reduce the likelihood and/or impact of the leakage scenario.
Cited By
Daubner L and Považanec A Data Loss Prevention Solution for Linux Endpoint Devices Proceedings of the 18th International Conference on Availability, Reliability and Security, (1-10)- Zeng Z, Tan H, Zhang H, Li J, Zhang Y and Zhang L An extensive study on pre-trained models for program understanding and generation Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis, (39-51)
- Esmaeilpour M, Chaalia N, Abusitta A, Devailly F, Maazoun W and Cardinal P (2022). Bi-discriminator GAN for tabular data synthesis, Pattern Recognition Letters, 159:C, (204-210), Online publication date: 1-Jul-2022.
- Sabir B, Ullah F, Babar M and Gaire R (2021). Machine Learning for Detecting Data Exfiltration, ACM Computing Surveys, 54:3, (1-47), Online publication date: 30-Apr-2022.
- Zeng Z, Zhang Y, Zhang H and Zhang L Deep just-in-time defect prediction: how far are we? Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis, (427-438)
- Yuan S and Wu X (2021). Deep learning for insider threat detection, Computers and Security, 104:C, Online publication date: 1-May-2021.
- Ávila R, Khoury R, Khoury R, Petrillo F and Lombardi F (2021). Use of Security Logs for Data Leak Detection, Security and Communication Networks, 2021, Online publication date: 1-Jan-2021.
- Shklovski I and Grönvall E CreepyLeaks: Participatory Speculation Through Demos Proceedings of the 11th Nordic Conference on Human-Computer Interaction: Shaping Experiences, Shaping Society, (1-12)
- Dagher G, Fung B, Mohammed N and Clark J (2019). : privacy-preserving data outsourcing framework with differential privacy, Knowledge and Information Systems, 62:5, (1923-1960), Online publication date: 1-May-2020.
- Pierazzi F, Mezzour G, Han Q, Colajanni M and Subrahmanian V (2020). A Data-driven Characterization of Modern Android Spyware, ACM Transactions on Management Information Systems, 11:1, (1-38), Online publication date: 31-Mar-2020.
- Homoliak I, Toffalini F, Guarnizo J, Elovici Y and Ochoa M (2019). Insight Into Insiders and IT, ACM Computing Surveys, 52:2, (1-40), Online publication date: 31-Mar-2020.
- Fang L, Yin C, Zhou L, Li Y, Su C and Xia J (2020). A physiological and behavioral feature authentication scheme for medical cloud based on fuzzy-rough core vector machine, Information Sciences: an International Journal, 507:C, (143-160), Online publication date: 1-Jan-2020.
- Gupta I and Singh A (2019). Dynamic threshold based information leaker identification scheme, Information Processing Letters, 147:C, (69-73), Online publication date: 1-Jul-2019.
- Wagner I and Eckhoff D (2018). Technical Privacy Metrics, ACM Computing Surveys, 51:3, (1-38), Online publication date: 31-May-2019.
- Shvartzshnaider Y, Pavlinovic Z, Balashankar A, Wies T, Subramanian L, Nissenbaum H and Mittal P VACCINE: Using Contextual Integrity For Data Leakage Detection The World Wide Web Conference, (1702-1712)
- Choi S, Martins J and Bernik I (2018). Information security, Journal of Information Science, 44:6, (752-767), Online publication date: 1-Dec-2018.
- Callegati F, Giallorenzo S, Melis A and Prandini M (2018). Cloud-of-Things meets Mobility-as-a-Service, Computers and Security, 74:C, (277-295), Online publication date: 1-May-2018.
- Yu X, Tian Z, Qiu J, Jiang F and Wang D (2018). A Data Leakage Prevention Method Based on the Reduction of Confidential and Context Terms for Smart Mobile Devices, Wireless Communications & Mobile Computing, 2018, Online publication date: 1-Jan-2018.
- Ullah F, Edwards M, Ramdhany R, Chitchyan R, Babar M and Rashid A (2018). Data exfiltration, Journal of Network and Computer Applications, 101:C, (18-54), Online publication date: 1-Jan-2018.
- Gupta I and Singh A A Probability based Model for Data Leakage Detection using Bigraph Proceedings of the 2017 7th International Conference on Communication and Network Security, (1-5)
- Guevara C, Santos M and López V (2017). Data leakage detection algorithm based on task sequences and probabilities, Knowledge-Based Systems, 120:C, (236-246), Online publication date: 15-Mar-2017.
- Padayachee K (2016). An assessment of opportunity-reducing techniques in information security, Decision Support Systems, 92:C, (47-56), Online publication date: 1-Dec-2016.
- Cascavilla G, Conti M, Schwartz D and Yahav I Revealing Censored Information Through Comments and Commenters in Online Social Networks Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining 2015, (675-680)
- Gugelmann D, Studerus P, Lenders V and Ager B (2015). Can Content-Based Data Loss Prevention Solutions Prevent Data Leakage in Web Traffic?, IEEE Security and Privacy, 13:4, (52-59), Online publication date: 1-Jul-2015.
- DeMott J (2015). Bypassing EMET 4.1, IEEE Security and Privacy, 13:4, (66-72), Online publication date: 1-Jul-2015.
- Sapegin A, Amirkhanyan A, Gawron M, Cheng F and Meinel C Poisson-Based Anomaly Detection for Identifying Malicious User Behaviour Selected Papers of the First International Conference on Mobile, Secure, and Programmable Networking - Volume 9395, (134-150)
- Du D, Yu L and Brooks R Semantic Similarity Detection For Data Leak Prevention Proceedings of the 10th Annual Cyber and Information Security Research Conference, (1-6)
- Accorsi R, Lehmann A and Lohmann N (2015). Information leak detection in business process models, Information Systems, 47:C, (244-257), Online publication date: 1-Jan-2015.
- Chen J and Venkataramani G CC-Hunter Proceedings of the 47th Annual IEEE/ACM International Symposium on Microarchitecture, (216-228)
- Costante E, Hartog J, Petković M, Etalle S and Pechenizkiy M Hunting the Unknown Proceedings of the 28th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy XXVIII - Volume 8566, (243-259)
- Guri M, Kedma G, Carmeli B and Elovici Y Limiting access to unintentionally leaked sensitive documents using malware signatures Proceedings of the 19th ACM symposium on Access control models and technologies, (129-140)
- Ard J, Bishop M, Gates C and Sun M Information behaving badly Proceedings of the 2013 New Security Paradigms Workshop, (107-118)
- Zhao L and Brooks R Tailoring trusted semantic information Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop, (1-4)
Index Terms
- A Survey of Data Leakage Detection and Prevention Solutions
Recommendations
Gate-induced drain leakage in FD-SOI devices: What the TFET teaches us about the MOSFET
This paper compares the gate-induced drain leakage (GIDL) in fully-depleted (FD) silicon-on-insulator (SOI) tunneling field effect transistor (TFET) and in standard metal-oxide-semiconductor FET (MOSFET) fabricated in the same process. The measurements ...
Intrinsic leakage in deep submicron CMOS ICs—measurement-based test solutions
Special issue on system-level interconnect predictionThe high leakage current in deep submicron, short-channel transistors can increase the stand-by power dissipation of future IC products and threaten well established quiescent current (I/sub DDQ/)-based testing techniques. This paper reviews transistor ...
Leakage current starved domino logic
GLSVLSI '06: Proceedings of the 16th ACM Great Lakes symposium on VLSIA new circuit technique based on a single PMOS sleep transistor and a dual threshold voltage CMOS technology is proposed in this paper for simultaneously reducing subthreshold and gate oxide leakage currents in idle domino logic circuits. In the sleep ...
Reviews
David Bruce Henderson
"Springer Briefs" is a series of short books to help information and communications technology (ICT) professionals learn about new or unfamiliar technologies. This work is from that series, providing an introduction to the detection of corporate data loss and leaks. The book begins with a number of short chapters. The first is a general introduction to information security, which is particularly useful for defining terminology. This is followed by a definition of data leakage, some examples of significant incidents from the past, and a discussion of solutions for preventing data leakage and loss. Protecting data through anonymization and basic privacy issues are also covered. Three case studies are presented, and the final chapter looks into the future of data leakage. Given that the book contains around 100 pages, detailed coverage of the topic is not possible. What is included is covered reasonably, particularly in the chapter on anonymization and privacy. All in all, the book amounts to a good, concise brief for quickly coming to grips with the basics of protecting corporate data from leakage and loss. The brevity of the work has obviously limited the topics that could be covered and reduced the level of detail possible. There is a good table of contents and a thorough list of references. There is no index, but one isn't really needed. Online Computing Reviews Service
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.