There has been a prolific rise in the popularityof cloud storage in recent years. While cloud storage offersmany advantages such as flexibility and convenience, users arenow unable to tell or control the actual locations of their data. This limitation may affect users' confidence and trust in thestorage provider, or even be unsuitable for storing data withstrict location requirements. To address this issue, we proposean illegal file transfer detection framework that constantlymonitors the real-time file transfers in the cloud and is capableof detecting potential illegal transfers which moves sensitivedata outside the ('legal') boundaries specified by the fileowner. The main idea is to classifying multiple users' location preferences when making the data storage arrangement inthe cloud nodes. We model the legal file transfers amongnodes as a weighted graph and then maximize the probabilityof storing data items of similar privacy preferences in thesame region. Then we leverage the socket monitoring functionsprovided by LAST-HDFS (a recent location-aware Hadoop filestorage system) to monitor the real-time communication amongcloud nodes. Based on our legal file transfer graph and thedetected communication, we propose an approach to calculatethe probability of the detected transfer to be illegal.