Evolutionary adaptation of DLP policies under concept drift in streaming data

Authors

DOI:

https://doi.org/10.34185/1562-9945-5-162-2026-17

Keywords:

genetic algorithms, Data Loss Prevention, anomaly detection, concept drift, cloud security

Abstract

In modern streaming DLP systems deployed across cloud and hybrid environments, fixed policies degrade rapidly due to concept drift. Operators must simultaneously control the risk-weighted miss cost, limit the false-alarm burden, meet latency SLOs, and keep alert streams stable under tight memory and compute budgets. These competing objectives are not adequately balanced by traditional detectors or manual policy tuning.
We present an online evolutionary controller that casts policy adaptation as constrained multi-objective optimization. The method uses a chromosome encoding with drift-aware exploration–exploitation switching, an archive of vetted policies for warm starts, a compact active mixture, and guarded rollbacks for operational safety. On six streams (synthetic and real), the controller keeps the integrated cost within 0–3.5% of the best baseline (mean absolute gap ≈1.6%), sustains p95 latency below 100 ms, and reduces alert-rate volatility by 50–63% while maintaining comparable or lower false-alarm rates. Two practical sensitivities emerge: the drift-gate threshold governing the exploration/exploitation balance, and short-lived compute bursts immediately after detected changes. Warm starts, a compact mixture, and mutation-budget guards mitigate these effects without sacrificing responsiveness.

References

Kamatchi, K., & Uma, E. (2025). Insights into user behavioral-based insider threat detec-tion: Systematic review. International Journal of Information Security, 24, Article 88. https://doi.org/10.1007/s10207-025-01002-6.

Landauer, M., Skopik, F., Höld, G., & Wurzenberger, M. (2022). A user and entity behav-ior analytics log data set for anomaly detection in cloud computing. In 2022 IEEE Interna-tional Conference on Big Data (Big Data): 6th International Workshop on Big Data Analytics for Cyber Intelligence and Defense (BDA4CID 2022) (pp. 4285–4294). IEEE. https://doi.org/10.1109/BigData55660.2022.10020672.

Alzaabi, F. R., & Mehmood, A. (2024). A review of recent advances, challenges, and op-portunities in malicious insider threat detection using machine learning methods. IEEE Access, 12, 30907–30927. https://doi.org/10.1109/ACCESS.2024.3369906.

Kim, J., Park, M., Kim, H., Cho, S., & Kang, P. (2019). Insider threat detection based on user behavior modeling and anomaly detection algorithms. Applied Sciences, 9(19), 4018. https://doi.org/10.3390/app9194018.

Feng, W., Cao, Y., Chen, Y., Wang, Y., Hu, N., Jia, Y., & Gu, Z. (2025). Multi granularity user anomalous behavior detection. Applied Sciences, 15(1), 128. https://doi.org/10.3390/app15010128.

Mohammed, A. S., Kanka, V., & Selvaraj, A. (2022). Advanced behavioral analytics for user and entity behavior anomaly detection in hybrid cloud environments. Cybersecurity and Network Defense Research. https://thesciencebrigade.com/ccndri/advanced-behavioral-analytics-for-user-and-entity-behavior-anomaly-detection-in-hybrid-cloud-environments/.

Seenivasan, S. R., & Ganaga Durga, M. (2015). GA trained classification for behavior based anomaly detection in the MANETS. International Journal of Applied Engineering Re-search, 10(11), 28811–28827. https://www.ripublication.com/ijaer10/ijaerv10n11_125.pdf.

Zhao, X., Su, H., & Sun, Z. (2022). An intrusion detection system based on genetic algo-rithm for software defined networks. Mathematics, 10(21), 3941. https://doi.org/10.3390/math10213941.

Seyedi, B., & Postolache, O. (2025). Securing IoT communications via anomaly traffic de-tection: Synergy of genetic algorithm and ensemble method. Sensors, 25(13), 4098. https://doi.org/10.3390/s25134098.

Chatterjee, A., & Ahmed, B. S. (2022). IoT anomaly detection methods and applications: A survey. Internet of Things, 19, 100568. https://doi.org/10.1016/j.iot.2022.100568.

Vizhevskyi, P. V., & Savenko, O. S. (2025). Evolutionary adaptation of DLP policies un-der concept drift in streaming data. Central Ukrainian Scientific Bulletin. Technical Sciences, 12(43), Part II, 9–19. https://doi.org/10.32515/2664-262X.2025.12(43).2.9-19.

Sachenko, A., Vizhevskyi, P., Savenko, O., Ostroverkhov, V., & Maslyyak, B. (2025). Modern strategies for data leak detection and prevention in corporate networks. In Proceed-ings of the Modern Data Science Technologies Doctoral Consortium (MoDaST 2025) (CEUR Workshop Proceedings, Vol. 4005, pp. 275–292). CEUR-WS.org. https://ceur-ws.org/Vol-4005/paper19.pdf.

Hinder, F., Vaquet, V., & Hammer, B. (2024). One or two things we know about concept drift—a survey on monitoring in evolving environments. Part A: Detecting concept drift. Frontiers in Artificial Intelligence, 7, Article 1330257. https://doi.org/10.3389/frai.2024.1330257.

Shyaa, M. A., Ibrahim, N. F., Zainol, Z., Abdullah, R., Anbar, M., & Alzubaidi, L. (2024). Evolving cybersecurity frontiers: A comprehensive survey on concept drift and fea-ture dynamics aware machine and deep learning in intrusion detection systems. Engineering Applications of Artificial Intelligence, 137, 109143. https://doi.org/10.1016/j.engappai.2024.109143

Zhu, J., Cai, S., Deng, F., Ooi, B. C., & Zhang, W. (2023). METER: A dynamic concept adaptation framework for online anomaly detection. Proceedings of the VLDB Endowment, 17(4), 794–807. https://doi.org/10.14778/3636218.3636233.

Downloads

Published

2026-03-03

Issue

Vol. 1 No. 162 (2026): System technologies

Section

Статьи

License

Copyright (c) 2026 System technologies

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.