A. Security Goal and Threat Model
We categorize three causes for sensitive data to appear on
the outbound traffic of an organization, including the legitimate
data use by the employees.
• Case I Inadvertent data leak: The sensitive data
is accidentally leaked in the outbound traffic by a
legitimate user. This paper focuses on detecting this
type of accidental data leaks over supervised network
channels. Inadvertent data leak may be due to human
errors such as forgetting to use encryption, carelessly forwarding
an internal email and attachments to outsiders,