Abstract
The quantity of personal data that is collected, stored, and subsequently processed continues to grow rapidly. Given its sensitivity, ensuring privacy protections has become a necessary component of database management. To enhance protection, a number of mechanisms have been developed, such as audit logging and alert triggers, which notify administrators about suspicious activities. However, this approach is limited. First, the volume of alerts is often substantially greater than the auditing capabilities of organizations. Second, strategic attackers can attempt to disguise their actions or carefully choose targets, thus hide illicit activities. In this article, we introduce an auditing approach that accounts for adversarial behavior by (1) prioritizing the order in which types of alerts are investigated and (2) providing an upper bound on how much resource to allocate for each type.
Specifically, we model the interaction between a database auditor and attackers as a Stackelberg game. We show that even a highly constrained version of such problem is NP-Hard. Then, we introduce a method that combines linear programming, column generation, and heuristic searching to derive an auditing policy. On the synthetic data, we perform an extensive evaluation on the approximation degree of our solution with the optimal one. The two real datasets, (1) 1.5 months of audit logs from Vanderbilt University Medical Center and (2) a publicly available credit card application dataset, are used to test the policy-searching performance. The findings demonstrate the effectiveness of the proposed methods for searching the audit strategies, and our general approach significantly outperforms non-game-theoretic baselines.
- Lillian Ablon, Martin C. Libicki, and Andrea A. Golay. 2014. Markets for Cybercrime Tools and Stolen Data: Hackers’ Bazaar. Rand.Google Scholar
- Rakesh Agrawal and Chris Johnson. 2007. Securing electronic health records without impeding the flow of information. Int. J. Med. Info. 76, 5--6 (2007), 471--479.Google Scholar
Cross Ref
- Khalid Alsubhi, Issam Aib, and Raouf Boutaba. 2012. FuzMet: A fuzzy-logic-based alert prioritization engine for intrusion detection systems. Int. J. Netw. Manage. 22, 4 (2012), 263--284. Google Scholar
Digital Library
- Bo An, Fernando Ordóñez, Milind Tambe, Eric Shieh, Rong Yang, Craig Baldwin, Joseph DiRenzo III, Kathryn Moretti, Ben Maule, and Garrett Meyer. 2013. A deployed quantal response-based patrol planning system for the U.S. Coast Guard. Interfaces 43, 5 (2013), 400--420.Google Scholar
Digital Library
- Ron Ben-Natan. 2008. System and methods for nonintrusive database security. U.S. Patent 7,437,362.Google Scholar
- Siddhartha Bhattacharyya, Sanjeev Jha, Kurian Tharakunnel, and J. Christopher Westland. 2011. Data mining for credit card fraud: A comparative study. Decis. Support Syst. 50, 3 (2011), 602--613.Google Scholar
Digital Library
- Jeremiah Blocki, Nicolas Christin, Anupam Datta, Ariel Procaccia, and Arunesh Sinha. 2014. Audit games with multiple defender resources. arXiv preprint arXiv:1409.4503.Google Scholar
- Jeremiah Blocki, Nicolas Christin, Anupam Datta, Ariel D. Procaccia, and Arunesh Sinha. 2013. Audit games. arXiv preprint arXiv:1303.0356.Google Scholar
- Aziz A. Boxwala, Jihoon Kim, Janice M. Grillo, and Lucila Ohno-Machado. 2011. Using statistical and machine learning to help institutions detect suspicious access to electronic health records. J. Amer. Med. Inform. Assoc. 18, 4 (2011), 498--505.Google Scholar
Cross Ref
- R. Brause, T. Langsdorf, and Michael Hepp. 1999. Neural data mining for credit card fraud detection. In Proceedings of the International Conference on Tools with Artificial Intelligence. 103--106. Google Scholar
Digital Library
- Matthew Brown, Arunesh Sinha, Aaron Schlenker, and Milind Tambe. 2016. One size does not fit all: A game-theoretic approach for dynamically and effectively screening for threats. In Proceedings of the AAAI Conference on Artificial Intelligence. 425--431. Google Scholar
Digital Library
- Philip K. Chan, Wei Fan, Andreas L. Prodromidis, and Salvatore J. Stolfo. 1999. Distributed data mining in credit card fraud detection. IEEE Intell. Syst. Appl. 14, 6 (1999), 67--74. Google Scholar
Digital Library
- Rong-Chang Chen, Tung-Shou Chen, and Chih-Chiang Lin. 2006. A new binary support vector system for increasing detection rate of credit card fraud. Int. J. Pattern Recogn. Artific. Intell. 20, 2 (2006), 227--239.Google Scholar
Cross Ref
- You Chen, Steve Nyemba, and Bradley Malin. 2012. Detecting anomalous insiders in collaborative information systems. IEEE Trans. Depend. Secure Comput. 99 (2012), 1--1. Google Scholar
Digital Library
- You Chen, Steve Nyemba, Wen Zhang, Bradley Malin, H. Y. Shahir, U. Glässer, R. Farahbod, P. Jackson, H. Wehn, K. Glass et al. 2012. Specializing network analysis to detect anomalous insider actions. Secur. Inform. 1, 1 (2012), 5.Google Scholar
Cross Ref
- Vincent Conitzer. 2016. On stackelberg mixed strategies. Synthese 193, 3 (2016), 689--703.Google Scholar
Cross Ref
- William R. Cook and Martin R. Gannholm. 2004. Rule-based database security system and method. U.S. Patent 6,820,082.Google Scholar
- Frédéric Cuppens and Alexandre Miege. 2002. Alert correlation in a cooperative intrusion detection framework. In Proceedings of the IEEE Symposium on Security and Privacy. 202--215. Google Scholar
Digital Library
- Linda Delamaire, H. A. H. Abdou, and John Pointon. 2009. Credit card fraud and detection techniques: A review. Banks Bank Syst. 4, 2 (2009), 57--68.Google Scholar
- Daniel Fabbri and Kristen LeFevre. 2011. Explanation-based auditing. Proc. VLDB Endow. 5, 1 (2011), 1--12. Google Scholar
Digital Library
- Daniel Fabbri and Kristen LeFevre. 2013. Explaining accesses to electronic medical records using diagnosis information. J. Amer. Med. Inform. Assoc. 20, 1 (2013), 52--60.Google Scholar
Cross Ref
- Daniel Fabbri, Ravi Ramamurthy, and Raghav Kaushik. 2013. Select triggers for data auditing. In Proceedings of the IEEE International Conference on Data Engineering. 1141--1152. Google Scholar
Digital Library
- Fei Fang, Thanh H. Nguyen, Rob Pickles, Wai Y. Lam, Gopalasamy R. Clements, Bo An, Amandeep Singh, Brian C. Schwedock, Milind Tambe, and Andrew Lemieux. 2017. PAWS—A deployed game-theoretic application to combat poaching. AI Mag. 38, 1 (2017), 23--36.Google Scholar
Digital Library
- Rajesh Ganesan, Sushil Jajodia, Ankit Shah, and Hasan Cam. 2016. Dynamic scheduling of cybersecurity analysts for minimizing risk using reinforcement learning. ACM Trans. Intell. Syst. Technol. 8, 1 (2016), 4. Google Scholar
Digital Library
- Carl Gunter, David Liebovitz, and Bradley Malin. 2011. Experience-based access management. IEEE Secur. Privacy Mag. 9 (2011), 48--55. Google Scholar
Digital Library
- Ashish Kamra and Elisa Ber. 2009. Survey of machine-learning methods for database security. Mach. Learn. Cyber Trust (2009), 53--71.Google Scholar
- Ashish Kamra, Evimaria Terzi, and Elisa Bertino. 2008. Detecting anomalous access patterns in relational databases. Int. J. Very Large Data Bases 17, 5 (2008), 1063--1077. Google Scholar
Digital Library
- Christopher Kiekintveld, Manish Jain, Jason Tsai, James Pita, Fernando Ordóñez, and Milind Tambe. 2009. Computing optimal randomized resource allocations for massive security games. In Proceedings of the International Conference on Autonomous Agents and Multiagent Systems. 689--696. Google Scholar
Digital Library
- Peter Kieseberg, Bernd Malle, Peter Frühwirt, Edgar Weippl, and Andreas Holzinger. 2016. A tamper-proof audit and control system for the doctor in the loop. Brain Inform. 3, 4 (2016), 269--279.Google Scholar
Cross Ref
- Horacio D. Kuna, Ramón García-Martinez, and Francisco R. Villatoro. 2014. Outlier detection in audit logs for application systems. Info. Syst. 44 (2014), 22--33.Google Scholar
- Aron Laszka, Yevgeniy Vorobeychik, Daniel Fabbri, Chao Yan, and Bradley Malin. 2017. A game-theoretic approach for alert prioritization. In Proceedings of the AAAI Workshop on Artificial Intelligence for Cyber Security.Google Scholar
- Federico Maggi, Matteo Matteucci, and Stefano Zanero. 2009. Reducing false positives in anomaly detectors through fuzzy alert aggregation. Info. Fusion 10, 4 (2009), 300--311. Google Scholar
Digital Library
- Sunu Mathew, Michalis Petropoulos, Hung Q. Ngo, and Shambhu J. Upadhyaya. 2010. A data-Centric approach to insider attack detection in database systems. In Proceedings of the International Symposium on Research in Attacks, Intrusions and Defenses. 382--401. Google Scholar
Digital Library
- Andrew McAfee and Erik Brynjolfsson. 2012. Big data: The management revolution. Harvard Business Rev. (Oct. 2012), 3--9.Google Scholar
- E. W. T. Ngai, Yong Hu, Y. H. Wong, Yijun Chen, and Xin Sun. 2011. The application of data mining techniques in financial fraud detection: A classification framework and an academic review of literature. Decis. Support Syst. 50, 3 (2011), 559--569. Google Scholar
Digital Library
- Humphrey Waita Njogu and Luo Jiawei. 2010. Using alert cluster to reduce IDS alerts. In Proceedings of the International Conference on Computer Science and Information Technology, Vol. 5. 467--471.Google Scholar
- Sara Ashley O’Brien. 2017. Giant Equifax data breach: 143 million people could be affected. Retrieved from http://money.cnn.com/2017/09/07/technology/business/equifax-data-breach/index.html.Google Scholar
- Lillian Rostad and Ole Edsberg. 2006. A study of access control requirements for healthcare systems based on audit trails from access logs. In Proceedings of the Annual Computer Security Applications Conference. 175--186. Google Scholar
Digital Library
- Sriram Samu, Namit Jain, and Wei Wang. 2002. Database system event triggers. U.S. Patent 6,405,212.Google Scholar
- Aaron Schlenker, Milind Tambe, Christopher Kiekintveld, Haifeng Xu, Mina Guirguis, Arunesh Sinha, Solomon Sonya, Noah Dunstatter, and Darryl Balderas. 2017. Don’t bury your head in warnings: A game-theoretic approach for intelligent allocation of cyber-security alerts. In Proceedings of the International Joint Conference on Artificial Intelligence.Google Scholar
Cross Ref
- Abhinav Srivastava, Amlan Kundu, Shamik Sural, and Arun Majumdar. 2008. Credit card fraud detection using hidden Markov model. IEEE Trans. Depend. Secure Comput. 5, 1 (2008), 37--48. Google Scholar
Digital Library
- Michael Sternberg and Robert G. Reynolds. 1997. Using cultural algorithms to support re-engineering of rule-based expert systems in dynamic performance environments: A case study in fraud detection. IEEE Trans. Evol. Comput. 1, 4 (1997), 225--243. Google Scholar
Digital Library
- Mubeena Syeda, Yan-Qing Zhang, and Yi Pan. 2002. Parallel granular neural networks for fast credit card fraud detection. In Proceedings of the IEEE International Conference on Fuzzy Systems. 572--577.Google Scholar
Cross Ref
- Chee-Wooi Ten, Govindarasu Manimaran, and Chen-Ching Liu. 2010. Cybersecurity for critical infrastructures: Attack and defense modeling. IEEE Trans. Syst. Man Cybernet. Part A: Syst. Hum. 40, 4 (2010), 853--865. Google Scholar
Digital Library
- Liang Tong, Sixie Yu, Scott Alfeld, and Yevgeniy Vorobeychik. 2018. Adversarial regression with multiple learners. In Proceedings of the 35th International Conference on Machine Learning. 4946--4954.Google Scholar
- Shisong Xiao, Yugang Zhang, Xuejiao Liu, and Jingju Gao. 2008. Alert fusion based on cluster and correlation analysis. In Proceedings of the International Conference on Convergence and Hybrid Information Technology. 163--168. Google Scholar
Digital Library
- I.-Cheng Yeh and Che-hui Lien. 2009. The comparisons of data mining techniques for the predictive accuracy of probability of default of credit card clients. Expert Syst. Appl. 36, 2 (2009), 2473--2480. Google Scholar
Digital Library
- Sixie Yu, Yevgeniy Vorobeychik, and Scott Alfeld. 2018. Adversarial classification on social networks. In Proceedings of the International Conference on Autonomous Agents and Multiagent Systems. 211--219. Google Scholar
Digital Library
Index Terms
Database Audit Workload Prioritization via Game Theory
Recommendations
Modeling Email Worm Propagation Using Game Theory
MINES '09: Proceedings of the 2009 International Conference on Multimedia Information Networking and Security - Volume 01One of the most prevalent security problems in network is the rampant propagation of email worms. In this paper game theory is suggested as a method for modeling and computing the probabilities of expected behaviors of email users in the email worm ...
Rule generalisation in intrusion detection systems using SNORT
Intrusion Detection Systems (IDSs) provide an important layer of security for computer systems and networks. An IDS's responsibility is to detect suspicious or unacceptable system and network activity and to alert a systems administrator to this ...
On the Tradeoff between Privacy and Utility in Collaborative Intrusion Detection Systems-A Game Theoretical Approach
HoTSoS: Proceedings of the Hot Topics in Science of Security: Symposium and BootcampIntrusion Detection Systems (IDSs) are crucial security mechanisms widely deployed for critical network protection. However, conventional IDSs become incompetent due to the rapid growth in network size and the sophistication of large scale attacks. To ...






Comments