Existing dynamic searchable symmetric encryption (DSSE) security analyses assume persistent adversary monitoring, whereas real-world adversaries often conduct only intermittent observations—leading to underexplored leakage patterns and inflated security guarantees. Method: We propose Peekaboo, a generic attack framework that systematically models intermittent leakage, integrates multi-source leakage (e.g., access patterns, size information) with auxiliary knowledge (e.g., document statistics, query correlations), and infers queries via search-behavior reasoning. Its modular design extends and strengthens prior attacks (e.g., Sap+ and Jigsaw+). Results: On standard benchmarks, Peekaboo achieves an adjusted Rand index >0.9 and 90% query recovery accuracy—substantially outperforming baseline FMA (30%). Crucially, it maintains >40% recovery accuracy even against state-of-the-art DSSE defenses. By shifting from the unrealistic persistent-observation assumption to a more practical intermittent-observation threat model, Peekaboo establishes a realistic, operationally grounded paradigm for DSSE security evaluation.

Dynamic Searchable Symmetric Encryption (DSSE) allows secure searches over a dynamic encrypted database but suffers from inherent information leakage. Existing passive attacks against DSSE rely on persistent leakage monitoring to infer leakage patterns, whereas this work targets intermittent observation - a more practical threat model. We propose Peekaboo - a new universal attack framework - and the core design relies on inferring the search pattern and further combining it with auxiliary knowledge and other leakage. We instantiate Peekaboo over the SOTA attacks, Sap (USENIX' 21) and Jigsaw (USENIX' 24), to derive their "+" variants (Sap+ and Jigsaw+). Extensive experiments demonstrate that our design achieves >0.9 adjusted rand index for search pattern recovery and 90% query accuracy vs. FMA's 30% (CCS' 23). Peekaboo's accuracy scales with observation rounds and the number of observed queries but also it resists SOTA countermeasures, with >40% accuracy against file size padding and >80% against obfuscation.