Our privacy-preserving data-leak detection method supports
practical data-leak detection as a service and minimizes the
knowledge that a DLD provider may gain during the process.
Fig. 1 lists the six operations executed by the data owner and
the DLD provider in our protocol. They include PREPROCESS
run by the data owner to prepare the digests of sensitive
data, RELEASE for the data owner to send the digests to the
DLD provider, MONITOR and DETECT for the DLD provider
to collect outgoing traffic of the organization, compute digests
of traffic content, and identify potential leaks, REPORT for
the DLD provider to return data-leak alerts to the data owner
where there may be false positives (i.e., false alarms), and
POSTPROCESS for the data owner to pinpoint true data-leak
instances. Details are presented in the next section.