Content-based data leakage detection using extended fingerprinting

TL;DR

This paper introduces an extended fingerprinting method based on sorted k-skip-n-grams that improves data leakage detection by focusing on core confidential content and resisting content rephrasing.

Contribution

The paper presents a novel fingerprinting approach that isolates confidential content and enhances robustness against rephrasing, addressing limitations of existing methods.

Findings

More accurate detection of confidential content

Robustness against content rephrasing

Ability to detect unseen confidential documents

Abstract

Protecting sensitive information from unauthorized disclosure is a major concern of every organization. As an organizations employees need to access such information in order to carry out their daily work, data leakage detection is both an essential and challenging task. Whether caused by malicious intent or an inadvertent mistake, data loss can result in significant damage to the organization. Fingerprinting is a content-based method used for detecting data leakage. In fingerprinting, signatures of known confidential content are extracted and matched with outgoing content in order to detect leakage of sensitive content. Existing fingerprinting methods, however, suffer from two major limitations. First, fingerprinting can be bypassed by rephrasing (or minor modification) of the confidential content, and second, usually the whole content of document is fingerprinted (including non-confidential parts), resulting in false alarms. In this paper we propose an extension to the fingerprinting approach that is based on sorted k-skip-n-grams. The proposed method is able to produce a fingerprint of the core confidential content which ignores non-relevant (non-confidential) sections. In addition, the proposed fingerprint method is more robust to rephrasing and can also be used to detect a previously unseen confidential document and therefore provide better detection of intentional leakage incidents.