On the detection of privacy and security anomalies
Loading...
Files
Full Text E-thesis
Date
2020-03
Authors
Khan, Muhammad Imran
Journal Title
Journal ISSN
Volume Title
Publisher
University College Cork
Published Version
Abstract
Data analytics over generated personal data has the potential to derive meaningful insights
to enable clarity of trends and predictions, for instance, disease outbreak prediction
as well as it allows for data-driven decision making for contemporary organisations.
Predominantly, the collected personal data is managed, stored, and accessed
using a Database Management System (DBMS) by insiders as employees of an organisation.
One of the data security and privacy concerns is of insider threats, where legitimate
users of the system abuse the access privileges they hold. Insider threats come in two
flavours; one is an insider threat to data security (security attacks), and the other is
an insider threat to data privacy (privacy attacks). The insider threat to data security
means that an insider steals or leaks sensitive personal information. The insider threat
to data privacy is when the insider maliciously access information resulting in the
violation of an individual’s privacy, for instance, browsing through customers bank
account balances or attempting to narrow down to re-identify an individual who has the
highest salary. Much past work has been done on detecting security attacks by insiders
using behavioural-based anomaly detection approaches. This dissertation looks at to
what extent these kinds of techniques can be used to detect privacy attacks by insiders.
The dissertation proposes approaches for modelling insider querying behaviour by
considering sequence and frequency-based correlations in order to identify anomalous
correlations between SQL queries in the querying behaviour of a malicious insider.
A behavioural-based anomaly detection using an n-gram based approach is proposed
that considers sequences of SQL queries to model querying behaviour. The results
demonstrate the effectiveness of detecting malicious insiders accesses to the DBMS
as anomalies, based on query correlations. This dissertation looks at the modelling of normative behaviour from a DBMS perspective and proposes a record/DBMS-oriented
approach by considering frequency-based correlations to detect potentially malicious
insiders accesses as anomalies. Additionally, the dissertation investigates modelling of
malicious insider SQL querying behaviour as rare behaviour by considering sequence
and frequency-based correlations using (frequent and rare) item-sets mining.
This dissertation proposes the notion of ‘Privacy-Anomaly Detection’ and considers
the question whether behavioural-based anomaly detection approaches can have a privacy
semantic interpretation and whether the detected anomalies can be related to the
conventional (formal) definitions of privacy semantics such as k-anonymity and the discrimination
rate privacy metric. The dissertation considers privacy attacks (violations
of formal privacy definition) based on a sequence of SQL queries (query correlations).
It is shown that interactive querying settings are vulnerable to privacy attacks based
on query correlation. Whether these types of privacy attacks can potentially manifest
themselves as anomalies, specifically as privacy-anomalies, is investigated. One
result is that privacy attacks (violation of formal privacy definition) can be detected
as privacy-anomalies by applying behavioural-based anomaly detection using n-gram
over the logs of interactive querying mechanisms.
Description
Keywords
Anomaly detection , Electronic privacy , Database management system (DBMS) , Behavioural modelling , Quantifying privacy
Citation
Khan, M. I. 2020. On the detection of privacy and security anomalies. PhD Thesis, University College Cork.