The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.08 - August (2008 vol.20)
pp: 1013-1027
ABSTRACT
Malicious users can exploit the correlation among data to infer sensitive information from a series of seemingly innocuous data accesses. Thus, we develop an inference violation detection system to protect sensitive data content. Based on data dependency, database schema and semantic knowledge, we con-structed a semantic inference model (SIM) that represents the possible inference channels from any at-tribute to the pre-assigned sensitive attributes. The SIM is then instantiated to a semantic inference graph (SIG) for query-time inference violation detection. For a single user case, when a user poses a query, the detection system will examine his/her past query log and calculate the probability of inferring sensitive information. The query request will be denied if the inference probability exceeds the pre-specified threshold. For multi-user cases, the users may share their query answers to increase the inference prob-ability. Therefore, we develop a model to evaluate collaborative inference based on the query sequences of collaborators and their task-sensitive collaboration levels. Experimental studies reveal that information authoritativeness, communication fidelity and honesty in collaboration are three key factors that affect the level of achievable collaboration. An example is given to illustrate the use of the proposed technique to prevent multiple collaborative users from deriving sensitive information via inference.
INDEX TERMS
Security and Privacy Protection, Inference engines
CITATION
Yu Chen, Wesley W. Chu, "Protection of Database Security via Collaborative Inference Detection", IEEE Transactions on Knowledge & Data Engineering, vol.20, no. 8, pp. 1013-1027, August 2008, doi:10.1109/TKDE.2007.190642
REFERENCES
[1] K. Aberer and Z. Despotovic, “Managing Trust in a Peer-2-Peer Information System,” Proc. 10th ACM Int'l Conf. Information and Knowledge Management (CIKM '01), Oct. 2001.
[2] M. Chavira, D. Allen, and A. Darwiche, “Exploiting Evidence in Probabilistic Inference,” Proc. 21st Conf. Uncertainty in Artificial Intelligence (UAI '05), pp. 112-119, 2005.
[3] Y. Chen and W.W. Chu, “Database Security Protection via Inference Detection,” Proc. Third IEEE Int'l Conf. Intelligence and Security Informatics (ISI '06), 2006.
[4] M. Chavira and A. Darwiche, “Compiling Bayesian Networks with Local Structure,” Proc. 19th Int'l Joint Conf. Artificial Intelligence (IJCAI '05), pp. 1306-1312, 2005.
[5] F. Cornelli, E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, and P. Samarati, “Choosing Reputable Servents in a P2P Network,” Proc. 11th Int'l World Wide Web Conf. (WWW '02), May 2002.
[6] A. Darwiche, “Recursive Conditioning,” Artificial Intelligence, vol. 126, nos. 1-2, pp. 5-41, 2001.
[7] A. Darwiche, Class Notes for CS262A: Reasoning with Partial Beliefs. Univ. of California, Los Angeles, 2003.
[8] C.J. Date, An Introduction to Database Systems, sixth ed. Addison-Wesley, 1995.
[9] C. Duma, N. Shahmehri, and G. Caronni, “Dynamic Trust Metrics for Peer-to-Peer Systems,” Proc. 16th Int'l Workshop Database and Expert Systems Applications (DEXA '05), pp. 776-781, 2005.
[10] R. Dechter, “Bucket Elimination: A Unifying Framework for Probabilistic Inference,” Proc. 12th Conf. Uncertainty in Artificial Intelligence (UAI '96), pp. 211-219, 1996.
[11] R. Dechter, “Bucket Elimination: A Unifying Framework for Reasoning,” Artificial Intelligence, vol. 113, pp. 41-85, 1999.
[12] H.S. Delugach and T.H. Hinke, “Wizard: A Database Inference Analysis and Detection System,” IEEE Trans. Knowledge and Data Eng., vol. 8, no. 1, pp. 56-66, Feb. 1996.
[13] N. Friedman, L. Getoor, D. Koller, and A. Pfeffer, “Learning Probabilistic Relational Models,” Proc. 16th Int'l Joint Conf. Artificial Intelligence (IJCAI '99), pp. 1300-1307, Aug. 1999.
[14] C. Farkas and S. Jajodia, “The Inference Problem: A Survey,” SIGKDD Explorations, vol. 4, no. 2, pp. 6-11, 2002.
[15] C. Farkas, T. Toland, and C. Eastman, “The Inference Problem and Updates in Relational Databases,” Proc. 15th IFIP WG11.3 Working Conf. Database and Application Security, pp. 181-194, 2001.
[16] L. Getoor, N. Friedman, D. Koller, and A. Pfeffer, “Learning Probabilistic Relational Models,” Relational Data Mining, invited contribution, S. Dzeroski and N. Lavrac, eds., Springer, 2001.
[17] T.D. Garvey, T.F. Lunt, X. Quain, and M. Stickel, “Toward a Tool to Detect and Eliminate Inference Problems in the Design of Multilevel Databases,” Proc. Sixth Ann. IFIP WG 11.3 Working Conf. Data and Applications Security, 1992.
[18] L. Getoor, B. Taskar, and D. Koller, “Selectivity Estimation Using Probabilistic Relational Models,” Proc. ACM Int'l Conf. Management of Data (SIGMOD '01), 2001.
[19] D. Heckerman, “A Tutorial on Learning with Bayesian Networks,” technical report, Microsoft Research, 1996.
[20] T.H. Hinke and H.S. Delugach, “Aerie: An Inference Modeling and Detection Approach for Databases,” Proc. Sixth Ann. IFIP WG 11.3 Working Conf. Data and Applications Security, 1992.
[21] T.H. Hinke, H.S. Delugach, and R. Wolf, “Wolf: A Framework for Inference-Directed Data Mining,” Proc. 10th Ann. IFIP WG 11.3 Working Conf. Data and Applications Security, 1996.
[22] “Real-World Applications of Bayesian Networks” Comm. ACM, D.Heckerman, A. Mamdani, and M.P. Wellman, guest eds., vol.38, no. 3, pp. 24-68, Mar. 1995.
[23] F.V. Jensen, An Introduction to Bayesian Networks. Springer, 1996.
[24] F.V. Jensen, S.L. Lauritzen, and K.G. Olesen, “Bayesian Updating in Recursive Graphical Models by Local Computation,” Computational Statistics Quarterly, vol. 4, pp. 269-282, 1990.
[25] S.D. Kamvar, M.T. Schlosser, and H. Garcia-Molina, “The Eigentrust Algorithm for Reputation Management in P2P Networks,” Proc. 12th Int'l World Wide Web Conf. (WWW '03), May 2003.
[26] K.B. Laskey, “Sensitivity Analysis for Probability Assessments in Bayesian Networks,” IEEE Trans. Systems, Man, and Cybernetics, vol. 25, p. 909, 1995.
[27] S.L. Lauritzen and D.J. Spiegelhalter, “Local Computations with Probabilities on Graphical Structures and Their Application to Expert Systems (with Discussion),” J. Royal Statistical Soc. B, vol. 50, no. 2, pp. 157-224, 1988.
[28] H. Li and M. Singhal, “Trust Management in Distributed Systems,” Computer, vol. 40, no. 2, pp. 45-53, Feb. 2007.
[29] S. Marti and H. Garcia-Molina, “Taxonomy of Trust: Categorizing P2P Reputation Systems,” Computer Networks, vol. 50, no. 4, pp.472-484, 2006.
[30] L. Page and S. Brin, “The Anatomy of a Large-Scale Hypertextual Web Search Engine,” Proc. Seventh Int'l World Wide Web Conf. (WWW '98), Apr. 1998.
[31] J. Pearl, Probabilistic Reasoning in Intelligence Systems. Morgan Kaufmann, 1988.
[32] SamIam by Automated Reasoning Group, Univ. of California, Los Angeles, http://reasoning.cs.ucla.edusamiam/, 2006.
[33] B. Shafiq, E. Bertino, and A. Ghafoor, “Access Control Management in a Distributed Environment Supporting Dynamic Collaboration,” Proc. ACM Workshop Digital Identity Management, 2005.
[34] B.M. Thuraisingham, W. Ford, M. Collins, and J. O'Keeffe, “Design and Implementation of a Database Inference Controller,” IEEE Trans. Knowledge and Data Eng., vol. 11, no. 3, p. 271, June 1993.
[35] T.S. Toland, C. Farkas, and C. Eastman, “Dynamic Disclosure Monitor $({\rm D}^{2}{\rm Mon})$ : An Improved Query Processing Solution,” Proc. Second VLDB Workshop Secure Data Management (SDM '05), 2005.
[36] W. Winsborough and N. Li, “Safety in Automated Trust Negotiation,” Proc. IEEE Symp. Security and Privacy (SP '04), pp.147-160, 2004.
[37] L. Xiong and L. Liu, “PeerTrust: Supporting Reputation-Based Trust for Peer-to-Peer Electronic Communities,” IEEE Trans. Knowledge and Data Eng., vol. 16, 2004.
[38] R.W. Yip and K.N. Levitt, “Data Level Inference Detection in Database Systems,” Proc. 11th Computer Security Foundations Workshop (CSFW '98), 1998.
[39] B. Yu and M.P. Singh, “An Evidential Model of Distributed Reputation Management,” Proc. First Int'l Joint Conf. Autonomous Agents and Multi-Agent Systems (AAMAS '02), pp. 294-301, July 2002.
[40] B. Yu and M.P. Singh, “Detecting Deception in Reputation Management,” Proc. Second Int'l Joint Conf. Autonomous Agents and Multi-Agent Systems (AAMAS '03), July 2003.
[41] T. Yu and M. Winslett, “A Unified Scheme for Resource Protection in Automated Trust Negotiation,” Proc. IEEE Symp. Security and Privacy (SP '03), p. 110, May 2003.
[42] T. Yu and M. Winslett, “Policy Migration for Sensitive Credentials in Trust Negotiation,” Proc. Second ACM Workshop Privacy in the Electronic Soc. (WPES '03), Oct. 2003.
[43] G. Zhang, W.W. Chu, F. Meng, and G. Kong, “Query Formulation from High-Level Concepts for Relational Databases,” Proc. First User Interfaces to Data Intensive Systems (UIDIS '99), pp. 64-75, 1999.
[44] N. Zhang and D. Poole, “A Simple Approach to Bayesian Network Computations,” Proc. 10th Conf. Uncertainty in Artificial Intelligence (UAI '94), pp. 171-178, 1994.
[45] N. Zhang and D. Poole, “Exploiting Causal Independence in Bayesian Network Inference,” J. Artificial Intelligence Research, vol. 5, pp. 301-328, 1996.
27 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool