To Warn or Not to Warn: Online Signaling in Audit Games

Routine operational use of sensitive data is often governed by law and regulation. For instance, in the medical domain, there are various statues at the state and federal level that dictate who is permitted to work with patients’ records and under what conditions. To screen for potential privacy breaches, logging systems are usually deployed to trigger alerts whenever a suspicious access is detected. However, such mechanisms are often inefficient because 1) the vast majority of triggered alerts are false positives, 2) small budgets make it unlikely that a real attack will be detected, and 3) attackers can behave strategically, such that traditional auditing mechanisms cannot easily catch them. To improve efficiency, information systems may invoke signaling, so that whenever a suspicious access request occurs, the system can, in real time, warn the user that the access may be audited. Then, at the close of a finite period, a selected subset of suspicious accesses are audited. This gives rise to an online problem in which one needs to determine 1) whether a warning should be triggered and 2) the likelihood that the data request event will be audited. In this paper, we formalize this auditing problem as a Signaling Audit Game (SAG), in which we model the interactions between an auditor and an attacker in the context of signaling and the usability cost is represented as a factor of the auditor’s payoff. We study the properties of its Stackelberg equilibria and develop a scalable approach to compute its solution. We show that a strategic presentation of warnings adds value in that SAGs realize significantly higher utility for the auditor than systems without signaling. We perform a series of experiments with 10 million real access events, containing over 26K alerts, from a large academic medical center to illustrate the value of the proposed auditing model and the consistency of its advantages over existing baseline methods.

[1]  Erik Brynjolfsson,et al.  Big data: the management revolution. , 2012, Harvard business review.

[2]  Sarit Kraus,et al.  Using Game Theory for Los Angeles Airport Security , 2009, AI Mag..

[3]  Carl A. Gunter,et al.  Experience-Based Access Management: A Life-Cycle Framework for Identity and Access Management Systems , 2011, IEEE Security & Privacy.

[4]  Barteld Kooi,et al.  Proceedings of the 18th International Conference on Autonomous Agents and MultiAgent Systems , 2011, Adaptive Agents and Multi-Agent Systems.

[5]  Chao Yan,et al.  Evaluating the Effectiveness of Auditing Rules for Electronic Health Record Systems , 2017, AMIA.

[6]  Okyay Kaynak,et al.  Big Data for Modern Industry: Challenges and Trends [Point of View] , 2015, Proc. IEEE.

[7]  Bo An,et al.  GUARDS and PROTECT: next generation applications of security games , 2011, SECO.

[8]  Bo An,et al.  Deploying PAWS: Field Optimization of the Protection Assistant for Wildlife Security , 2016, AAAI.

[9]  Seref Sagiroglu,et al.  A survey on security and privacy issues in big data , 2015, 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST).

[10]  共立出版株式会社 コンピュータ・サイエンス : ACM computing surveys , 1978 .

[11]  Hanna Mazzawi,et al.  Anomaly Detection in Large Databases Using Behavioral Patterning , 2017, 2017 IEEE 33rd International Conference on Data Engineering (ICDE).

[12]  Nicolas Christin,et al.  Audit Games , 2013, IJCAI.

[13]  Yishay Mansour,et al.  Proceedings of the forty-eighth annual ACM symposium on Theory of Computing , 2016, Symposium on the Theory of Computing.

[14]  Jessie Y. C. Chen,et al.  To Warn or Not to Warn , 2000 .

[15]  Daniel Fabbri,et al.  SELECT triggers for data auditing , 2013, 2013 IEEE 29th International Conference on Data Engineering (ICDE).

[16]  Uday S. Murthy,et al.  Continuous Auditing of Database Applications: An Embedded Audit Module Approach1 , 2018 .

[17]  Haifeng Xu,et al.  Algorithmic Bayesian persuasion , 2015, STOC.

[18]  Andriy Zapechelnyuk,et al.  Persuasion of a Privately Informed Receiver , 2016 .

[19]  Liang Tong,et al.  Finding Needles in a Moving Haystack: Prioritizing Alerts with Adversarial Reinforcement Learning , 2019, AAAI.

[20]  John C. Mitchell,et al.  Privacy and Utility in Business Processes , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[21]  Richard T. Snodgrass,et al.  DRAGOON: An Information Accountability System for High-Performance Databases , 2012, 2012 IEEE 28th International Conference on Data Engineering.

[22]  Haifeng Xu,et al.  Exploring Information Asymmetry in Two-Stage Security Games , 2015, AAAI.

[23]  Vincent Conitzer,et al.  Proceedings of the 2018 ACM Conference on Economics and Computation , 2018, EC.

[24]  Milind Tambe Security and Game Theory: EFFICIENT ALGORITHMS FOR MASSIVE SECURITY GAMES , 2011 .

[25]  Shaolei Ren,et al.  Game Theory for Cyber Security and Privacy , 2017, ACM Comput. Surv..

[26]  Manish Jain,et al.  Software Assistants for Randomized Patrol Planning for the LAX Airport Police and the Federal Air Marshal Service , 2010, Interfaces.

[27]  Nicolas Christin,et al.  Audit Games with Multiple Defender Resources , 2014, AAAI.

[28]  Yevgeniy Vorobeychik,et al.  Database Audit Workload Prioritization via Game Theory , 2019, ACM Trans. Priv. Secur..

[29]  Vincent Conitzer,et al.  Computing the optimal strategy to commit to , 2006, EC '06.

[30]  Ramón García-Martínez,et al.  Outlier detection in audit logs for application systems , 2014, Inf. Syst..

[31]  Jean Walrand,et al.  Decision and Game Theory for Security , 2012, Lecture Notes in Computer Science.

[32]  Yevgeniy Vorobeychik,et al.  A Game-Theoretic Approach for Alert Prioritization , 2017, AAAI Workshops.

[33]  Gerome Miklau,et al.  Auditing a Database under Retention Restrictions , 2009, 2009 IEEE 25th International Conference on Data Engineering.

[34]  Milind Tambe,et al.  Security and Game Theory - Algorithms, Deployed Systems, Lessons Learned , 2011 .

[35]  Martin Bronfenbrenner,et al.  インフレ理論の展望〔American Economic Review,Sept.1963掲載〕-2完- , 1971 .

[36]  Bo Li,et al.  Get Your Workload in Order: Game Theoretic Prioritization of Database Auditing , 2018, 2018 IEEE 34th International Conference on Data Engineering (ICDE).

[37]  Stephen T. C. Wong,et al.  Data security and privacy management in healthcare applications and clinical data warehouse environment , 2016, 2016 IEEE-EMBS International Conference on Biomedical and Health Informatics (BHI).

[38]  Darrell Burke,et al.  How Secure is the Healthcare Network from Insider Attacks? An Audit Guideline for Vulnerability Analysis , 2016, 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC).

[39]  Mina Guirguis,et al.  Don't Bury your Head in Warnings: A Game-Theoretic Approach for Intelligent Allocation of Cyber-security Alerts , 2017, IJCAI.

[40]  Emir Kamenica,et al.  Bayesian Persuasion , 2009 .

[41]  Nicolas Christin,et al.  Audit Mechanisms for Provable Risk Management and Accountable Data Governance , 2012, GameSec.

[42]  Haifeng Xu,et al.  Strategic Coordination of Human Patrollers and Mobile Sensors With Signaling for Security Games , 2018, AAAI.

[43]  Rajeev Motwani,et al.  Auditing SQL Queries , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[44]  Haifeng Xu,et al.  Information Disclosure as a Means to Security , 2015, AAMAS.

[45]  Julius T. Tou,et al.  Information Systems , 1973, GI Jahrestagung.

[46]  Bo An,et al.  Stackelberg Security Games: Looking Beyond a Decade of Success , 2018, IJCAI.