Get Your Workload in Order: Game Theoretic Prioritization of Database Auditing

被引:11
作者
Yan, Chao [1 ]
Li, Bo [2 ]
Vorobeychik, Yevgeniy [1 ,4 ]
Laszka, Aron [3 ]
Fabbri, Daniel [1 ,4 ]
Malin, Bradley [1 ,4 ]
机构
[1] Vanderbilt Univ, Dept Elect Engn & Comp Sci, Nashville, TN 37240 USA
[2] Univ Calif Berkeley, Dept Elect Engn & Comp Sci, Berkeley, CA 94720 USA
[3] Univ Houston, Dept Comp Sci, Houston, TX 77004 USA
[4] Vanderbilt Univ, Dept Biomed Informat, Nashville, TN 37203 USA
来源
2018 IEEE 34TH INTERNATIONAL CONFERENCE ON DATA ENGINEERING (ICDE) | 2018年
基金
美国国家科学基金会; 美国国家卫生研究院;
关键词
D O I
10.1109/ICDE.2018.00136
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
A wide variety of mechanisms, such as alert triggers and auditing routines, have been developed to notify administrators about types of suspicious activities in the daily use of large databases of personal and sensitive information. However, such mechanisms are limited in that: 1) the volume of such alerts is often substantially greater than the auditing capabilities of budget-constrained organizations and 2) strategic attackers may disguise their actions or carefully choose which records they touch, thus evading auditing routines. To address these problems, we introduce a novel approach to database auditing that explicitly accounts for adversarial behavior by 1) prioritizing the order in which types of alerts are investigated and 2) providing an upper bound on how much budget to allocate for auditing each alert type. We model the interaction between a database auditor and potential attackers as a Stackelberg game in which the auditor chooses an auditing policy and attackers choose which records in a database to target. We further introduce an efficient approach that combines linear programming, column generation, and heuristic search to derive an auditing policy, in the form of a mixed strategy. We assess the performance of the policy selection method using a publicly available credit card application dataset, the results of which indicate that our method produces high-quality database audit policies, significantly outperforming baselines that are not based in a game theoretic framing.
引用
收藏
页码:1304 / 1307
页数:4
相关论文
共 16 条
[1]  
Ablon Lillian, 2014, Markets for Cybercrime Tools and Stolen Information: Hackers' Bazaa
[2]  
Blocki J., 2013, Proceedings of the Twenty-Third international joint conference on Artificial Intelligence, P41, DOI 10.5555/2540128.2540137
[3]  
Blocki J, 2015, AAAI CONF ARTIF INTE, P791
[4]   Using statistical and machine learning to help institutions detect suspicious access to electronic health records [J].
Boxwala, Aziz A. ;
Kim, Jihoon ;
Grillo, Janice M. ;
Ohno-Machado, Lucila .
JOURNAL OF THE AMERICAN MEDICAL INFORMATICS ASSOCIATION, 2011, 18 (04) :498-505
[5]  
Chen Y., 2012, Renewable energy power quality journal, P734, DOI [DOI 10.1155/2012/510158, 10.24084/repqj10.453, DOI 10.24084/REPQJ10.453]
[6]  
Fabbri D, 2013, PROC INT CONF DATA, P1141, DOI 10.1109/ICDE.2013.6544904
[7]  
Fabbri D, 2011, PROC VLDB ENDOW, V5, P1
[8]   Explaining accesses to electronic medical records using diagnosis information [J].
Fabbri, Daniel ;
LeFevre, Kristen .
JOURNAL OF THE AMERICAN MEDICAL INFORMATICS ASSOCIATION, 2013, 20 (01) :52-60
[9]   Dynamic Scheduling of Cybersecurity Analysts for Minimizing Risk Using Reinforcement Learning [J].
Ganesan, Rajesh ;
Jajodia, Sushil ;
Shah, Ankit ;
Cam, Hasan .
ACM TRANSACTIONS ON INTELLIGENT SYSTEMS AND TECHNOLOGY, 2016, 8 (01) :1-21
[10]   Experience-Based Access Management A Life-Cycle Framework for Identity and Access Management Systems [J].
Gunter, Carl A. ;
Liebovitz, David M. ;
Malin, Bradley .
IEEE SECURITY & PRIVACY, 2011, 9 (05) :48-55