On the detection of privacy and security anomalies

Simple item page
dc.availability.bitstreamopenaccess
dc.contributor.advisorO'Sullivan, Barryen
dc.contributor.advisorFoley, Simonen
dc.contributor.authorKhan, Muhammad Imran
dc.contributor.funderScience Foundation Irelanden
dc.date.accessioned2020-09-15T10:32:35Z
dc.date.available2020-09-15T10:32:35Z
dc.date.issued2020-03
dc.date.submitted2020-03
dc.description.abstractData analytics over generated personal data has the potential to derive meaningful insights to enable clarity of trends and predictions, for instance, disease outbreak prediction as well as it allows for data-driven decision making for contemporary organisations. Predominantly, the collected personal data is managed, stored, and accessed using a Database Management System (DBMS) by insiders as employees of an organisation. One of the data security and privacy concerns is of insider threats, where legitimate users of the system abuse the access privileges they hold. Insider threats come in two flavours; one is an insider threat to data security (security attacks), and the other is an insider threat to data privacy (privacy attacks). The insider threat to data security means that an insider steals or leaks sensitive personal information. The insider threat to data privacy is when the insider maliciously access information resulting in the violation of an individual’s privacy, for instance, browsing through customers bank account balances or attempting to narrow down to re-identify an individual who has the highest salary. Much past work has been done on detecting security attacks by insiders using behavioural-based anomaly detection approaches. This dissertation looks at to what extent these kinds of techniques can be used to detect privacy attacks by insiders. The dissertation proposes approaches for modelling insider querying behaviour by considering sequence and frequency-based correlations in order to identify anomalous correlations between SQL queries in the querying behaviour of a malicious insider. A behavioural-based anomaly detection using an n-gram based approach is proposed that considers sequences of SQL queries to model querying behaviour. The results demonstrate the effectiveness of detecting malicious insiders accesses to the DBMS as anomalies, based on query correlations. This dissertation looks at the modelling of normative behaviour from a DBMS perspective and proposes a record/DBMS-oriented approach by considering frequency-based correlations to detect potentially malicious insiders accesses as anomalies. Additionally, the dissertation investigates modelling of malicious insider SQL querying behaviour as rare behaviour by considering sequence and frequency-based correlations using (frequent and rare) item-sets mining. This dissertation proposes the notion of ‘Privacy-Anomaly Detection’ and considers the question whether behavioural-based anomaly detection approaches can have a privacy semantic interpretation and whether the detected anomalies can be related to the conventional (formal) definitions of privacy semantics such as k-anonymity and the discrimination rate privacy metric. The dissertation considers privacy attacks (violations of formal privacy definition) based on a sequence of SQL queries (query correlations). It is shown that interactive querying settings are vulnerable to privacy attacks based on query correlation. Whether these types of privacy attacks can potentially manifest themselves as anomalies, specifically as privacy-anomalies, is investigated. One result is that privacy attacks (violation of formal privacy definition) can be detected as privacy-anomalies by applying behavioural-based anomaly detection using n-gram over the logs of interactive querying mechanisms.en
dc.description.statusNot peer revieweden
dc.description.versionAccepted Versionen
dc.format.mimetypeapplication/pdfen
dc.identifier.citationKhan, M. I. 2020. On the detection of privacy and security anomalies. PhD Thesis, University College Cork.en
dc.identifier.endpage196en
dc.identifier.urihttps://hdl.handle.net/10468/10521
dc.language.isoenen
dc.publisherUniversity College Corken
dc.relation.projectinfo:eu-repo/grantAgreement/SFI/SFI Research Centres/12/RC/2289/IE/INSIGHT - Irelands Big Data and Analytics Research Centre/en
dc.rights© 2020, Muhammad Imran Khan.en
dc.rights.urihttps://creativecommons.org/licenses/by-nc-nd/4.0/en
dc.subjectAnomaly detectionen
dc.subjectElectronic privacyen
dc.subjectDatabase management system (DBMS)en
dc.subjectBehavioural modellingen
dc.subjectQuantifying privacyen
dc.titleOn the detection of privacy and security anomaliesen
dc.typeDoctoral thesisen
dc.type.qualificationlevelDoctoralen
dc.type.qualificationnamePhD - Doctor of Philosophyen
Files
Original bundle
Now showing 1 - 2 of 2
Thumbnail Image
Name:
Imran_Dissertation_Final.pdf
Size:
5.09 MB
Format:
Adobe Portable Document Format
Description:
Full Text E-thesis
Download
Thumbnail Image
Name:
3. - Muhammad Imran Khan - Submission Form.pdf
Size:
652.52 KB
Format:
Adobe Portable Document Format
Description:
Submission for Examination Form
License bundle
Now showing 1 - 1 of 1
Thumbnail Image
Name:
license.txt
Size:
5.2 KB
Format:
Item-specific license agreed upon to submission
Description:
Download
Collections
Research Theses Submission
College of Science, Engineering and Food Science - Doctoral Theses
Computer Science - Doctoral Theses
Insight Centre for Data Analytics - Doctoral Theses