ALERT: Machine Learning-Enhanced Risk Estimation for Databases Supporting Encrypted Queries

While searchable symmetric encryption (SSE) offers efficient, sublinear search over encrypted data, it remains susceptible to leakage abuse attacks (LAAs), which can exploit access and search patterns to compromise data privacy. Existing methods for quantifying leakage typically require a comprehensive analysis of all queries, making them unsuitable for real-time risk assessment. Since leakages in SSE are revealed incrementally with each query, there is a pressing need for risk assessments to be conducted on the fly, enabling prompt alerts to clients about potential privacy threats. To address this challenge, we propose ALERT, a machine learning-enhanced framework for real-time risk assessment in searchable encryption. ALERT leverages sophisticated learning algorithms to automatically identify keyword features from public auxiliary information, learning them as a classifier. When a query is executed, ALERT efficiently predicts the associated keyword and estimates the likelihood of leakage. Experimental results show that ALERT can deliver predictions within seconds, achieving a substantial speed-up of 31.1x compared to existing state-of-the-art methods.