International Journal on Recent and Innovation Trends in Computing and Communication

Volume: 4 Issue: 3

ISSN: 2321-8169
186 -187

______________________________________________________________________________________

Review on Privacy Preservation in Data Leakage Detection

Manish Prabhu

Supriya Sarkar

SKNSITS,Lonavala
manishprabhu812@gmail.com

SKNSITS,Lonavala
supriya.sarkar@rediffmail.com

Abstract The number of data leak instances are increasing day by day. Human mistakes are main cause of data leakage . Data leakage caused
by human mistakes have some solutions. These solutions provide an alert when there is a data leakage. One of the common approach is to give
the contents in the databases and transmitted information over the network to the data leakage detection service provider for getting information
about the leakage ,but this is an open invitation for an outsider to gain the sensitive information about the company or an organization ;because
the detection is based on third party. In this paper, we have done the analysis on various techniques of data leakage detection along with their
privacy issue

Keywords- Data leakage,fingerprint,perturbation

__________________________________________________*****_________________________________________________
I.

INTRODUCTION

In the business communication, sometimes sensitive data

must be given third parties who are supposed to be trusted. For
example, a hospital may give patient records to researchers
who will devise new treatments. Similarly, a company may
have partnerships with other companies that require sharing
customer data. Another enterprise may outsource its data
processing, so data must be given to various other companies.
The entity which is having the data is called as data owner.
The entity which provides the service of data leakage detection
is called as data leakage detection service provider. The entity
with which data is shared for any purpose is called as agent.
According to the 2010 Cyber Security Watch Survey 26
percent of the cyber-security events, recorded in a 12-month
period, were caused by insiders. These insiders were the most
damaging with 43 percent of the respondents reporting that
their organization suffered data loss. Of the attacks, 16 percent
were caused by theft of sensitive data and 15 percent by
exposure of confidential data.
According to a report from Risk Based Security(RBS) [7],
the number of leaked sensitive data records has increased
dramatically during the last few years, i.e., from 412 million in
2012 to 822 million in 2013. Deliberately planned attacks,
inadvertent leaks (e.g., forwarding confidential emails to
unclassified email accounts), and human mistakes (e.g.,
assigning the wrong privilege) lead to most of the data leak
incidents.
Detecting and preventing data leaks requires a set of
complementary solutions, which may include data-leak
detection, data confinement, stealthy malware detection,
and policy enforcement.
Perturbation is a very useful technique where the data are
modified so that original data cannot be retrieved easily. After
modification, it will be given to agents. For example, one can
add random noise to certain attributes, or one can replace exact
values by ranges.
However, in some cases, it is inefficient to modify original
data. For example, if an outsourcer is doing our payroll, he
must have the exact salary and customer bank account
numbers. If medical researchers will be treating patients (as
opposed
to simply computing statistics), they may need
accurate data for the patients.

Traditionally, leakage detection is handled by

watermarking, e.g., a unique code is embedded in each
distributed copy. If that copy is later discovered in the hands
of an unauthorized party, the leaker can be identified.
Watermarks can be very useful in some cases, but again,
involve some modification of the original data. Furthermore,
watermarks can sometimes be destroyed if the data recipient is
malicious.
Limiting access to the information in the interests of
preserving secrecy might damage their ability to implement
the actions that can best serve the organization. Thus, data
leakage and data misuse detection mechanisms are essential in
identifying malicious insiders. The task of detecting malicious
insiders is very challenging.
II.

COMPARISON OF TECHNIQUES

In paper[1], author presented a privacy policy model for

enterprises that can serve as the basis for an internal
access control system to handle received data in accordance
with privacy standards. The user will provide his personal data
to the enterprise and an enterprise will handle that data
according to stated privacy policy. The enterprise will also
consider its business policies that should not conflict stated
privacy policies. It is actually a contract between site owner
and users of the web site.
In paper [2], author have presented a new system for
detecting the application leaking the information. It detects the
application leaking personal information that is transmitted to
remote servers. It is done using the
system called Privacy Oracle.
In paper [3], the author has mentioned about privacy in
onlineshopping. In online shopping process, a user has to
provide private information. So that information must be kept
private. The authors have designed a model based on user
anonymity and transaction traceability. The user transaction is
based on trusted third party. The user will be anonymus to
merchant and detection will be done if any merchant wants
illegally wants user data.
In paper [4], authors have proposed the data distribution
strategies to improve the distributors chances of identifying a
leaker. It has been shown that distributing objects judiciously
can make a significant difference in identifying guilty agents,
186

IJRITCC | March 2016, Available @ http://www.ijritcc.org

_______________________________________________________________________________________

International Journal on Recent and Innovation Trends in Computing and Communication

Volume: 4 Issue: 3

ISSN: 2321-8169
186 -187

______________________________________________________________________________________
especially in cases where there is large overlap in the data that
agents must receive. In some cases realistic but fake data
records are injected to improve the chances of detecting
leakage and identifying the guilty party.
In paper [5], authors have done experiment on android
based system. They have found some API which are
susceptible for compromising privacy of the user. They have
analyzed smali source codes from android devices to identify
potential security threats.
In paper [6], authors have implemented privacy preserving
data leakage detection model. For that purpose they used rabin
fingerprint for calculating message digest. Using fingerprint
technique, we can store very large amount of data in small
size. Rabin fingerprints are useful for achieving privacy of
sensitive data. But these methods failed to handle dynamically
changing data.
III.

CONCLUSION

There exist some techniques to preserve privacy in data

leakage detection process. But these techniques are having
some limitations. These techniques results in creating
detection process complex. These techniques are not
applicable for dynamically changing data. If we want to
design a technique for achieving privacy, then we must
consider nature of the data that we are going to protect. We
must also consider users rights who are accessing the data
REFERENCES
[1]

[2]

[3]

[4]

[5]

[6]

[7]

Giinter Karjoth and Matthias Schunter,A Privacy Policy

Model for Enterprises, Proceedings of the 15th IEEE
Computer Security Foundations Workshop (CSFW02),10636900/02
Jaeyeon Jung, Anmol Sheth,Privacy Oracle: a System for
Finding Application Leaks with Black Box Differential
Testing, CCS08, October 2731, 2008, Alexandria,
Virginia, USA.Copyright 2008 ACM 978-1-59593-8107/08/10
Alaa Aref El Masri, Joo Pedro Sousa, Limiting Private
Data Exposure in Online Transactions, 978-0-7695-38235/09 , IEEEDOI 10.1109/CSE.2009.433
S.Umamaheswari, H.Arthi Geetha, Detection of guilty
agents, ,Proceedings of the National Conference on
Innovations in Emerging Technology-2011.
MengShanshan,Yang Xiaohui, Song Yubo,ZhuKelong, Chen
Fei, T. Meyarivan, ANDROIDS SENSITIVE DATA
LEAKAGE
DETECTIONBASED
ON
API
MONITORING,IEEE 2014.
Xiaokui Shu, Danfeng (Daphne) Yao,Privacy preserving
detection
of
sensitive
data
exposure,
IEEE
TRANSACTIONS ON INFORMATION FORENSICS AND
SECURITY
Data breach quickview,Risk based security,2013

187
IJRITCC | March 2016, Available @ http://www.ijritcc.org

_______________________________________________________________________________________