On the detection of privacy and security anomalies

Show simple item record

dc.contributor.advisor O'Sullivan, Barry en
dc.contributor.advisor Foley, Simon en
dc.contributor.author Khan, Muhammad Imran
dc.date.accessioned 2020-09-15T10:32:35Z
dc.date.available 2020-09-15T10:32:35Z
dc.date.issued 2020-03
dc.date.submitted 2020-03
dc.identifier.citation Khan, M. I. 2020. On the detection of privacy and security anomalies. PhD Thesis, University College Cork. en
dc.identifier.endpage 196 en
dc.identifier.uri http://hdl.handle.net/10468/10521
dc.description.abstract Data analytics over generated personal data has the potential to derive meaningful insights to enable clarity of trends and predictions, for instance, disease outbreak prediction as well as it allows for data-driven decision making for contemporary organisations. Predominantly, the collected personal data is managed, stored, and accessed using a Database Management System (DBMS) by insiders as employees of an organisation. One of the data security and privacy concerns is of insider threats, where legitimate users of the system abuse the access privileges they hold. Insider threats come in two flavours; one is an insider threat to data security (security attacks), and the other is an insider threat to data privacy (privacy attacks). The insider threat to data security means that an insider steals or leaks sensitive personal information. The insider threat to data privacy is when the insider maliciously access information resulting in the violation of an individual’s privacy, for instance, browsing through customers bank account balances or attempting to narrow down to re-identify an individual who has the highest salary. Much past work has been done on detecting security attacks by insiders using behavioural-based anomaly detection approaches. This dissertation looks at to what extent these kinds of techniques can be used to detect privacy attacks by insiders. The dissertation proposes approaches for modelling insider querying behaviour by considering sequence and frequency-based correlations in order to identify anomalous correlations between SQL queries in the querying behaviour of a malicious insider. A behavioural-based anomaly detection using an n-gram based approach is proposed that considers sequences of SQL queries to model querying behaviour. The results demonstrate the effectiveness of detecting malicious insiders accesses to the DBMS as anomalies, based on query correlations. This dissertation looks at the modelling of normative behaviour from a DBMS perspective and proposes a record/DBMS-oriented approach by considering frequency-based correlations to detect potentially malicious insiders accesses as anomalies. Additionally, the dissertation investigates modelling of malicious insider SQL querying behaviour as rare behaviour by considering sequence and frequency-based correlations using (frequent and rare) item-sets mining. This dissertation proposes the notion of ‘Privacy-Anomaly Detection’ and considers the question whether behavioural-based anomaly detection approaches can have a privacy semantic interpretation and whether the detected anomalies can be related to the conventional (formal) definitions of privacy semantics such as k-anonymity and the discrimination rate privacy metric. The dissertation considers privacy attacks (violations of formal privacy definition) based on a sequence of SQL queries (query correlations). It is shown that interactive querying settings are vulnerable to privacy attacks based on query correlation. Whether these types of privacy attacks can potentially manifest themselves as anomalies, specifically as privacy-anomalies, is investigated. One result is that privacy attacks (violation of formal privacy definition) can be detected as privacy-anomalies by applying behavioural-based anomaly detection using n-gram over the logs of interactive querying mechanisms. en
dc.format.mimetype application/pdf en
dc.language.iso en en
dc.publisher University College Cork en
dc.rights © 2020, Muhammad Imran Khan. en
dc.rights.uri https://creativecommons.org/licenses/by-nc-nd/4.0/ en
dc.subject Anomaly detection en
dc.subject Electronic privacy en
dc.subject Database management system (DBMS) en
dc.subject Behavioural modelling en
dc.subject Quantifying privacy en
dc.title On the detection of privacy and security anomalies en
dc.type Doctoral thesis en
dc.type.qualificationlevel Doctoral en
dc.type.qualificationname PhD - Doctor of Philosophy en
dc.internal.availability Full text available en
dc.description.version Accepted Version en
dc.contributor.funder Science Foundation Ireland en
dc.description.status Not peer reviewed en
dc.internal.school Computer Science and Information Technology en
dc.internal.conferring Autumn 2020 en
dc.internal.ricu Insight - Centre for Data Analytics en
dc.relation.project info:eu-repo/grantAgreement/SFI/SFI Research Centres/12/RC/2289/IE/INSIGHT - Irelands Big Data and Analytics Research Centre/ en
dc.availability.bitstream openaccess

Files in this item

This item appears in the following Collection(s)

Show simple item record

© 2020, Muhammad Imran Khan. Except where otherwise noted, this item's license is described as © 2020, Muhammad Imran Khan.
This website uses cookies. By using this website, you consent to the use of cookies in accordance with the UCC Privacy and Cookies Statement. For more information about cookies and how you can disable them, visit our Privacy and Cookies statement