A Bayesian Network Approach to Detecting Privacy Intrusion

Personal information privacy could be compromised during information collection, transmission, and handling. In information handling, privacy could be violated by both the inside and the outside intruders. Though, within an organization, private data are generally protected by the organization's privacy policies and the corresponding platforms for privacy practices, private data could still be misused intentionally or unintentionally by individuals who have legitimate access to them in the organization. In this paper, we propose a Bayesian network-based method for insider privacy intrusion detection in database systems

[1]  Siani Pearson,et al.  Towards accountable management of identity and privacy: sticky policies and enforceable tracing services , 2003, 14th International Workshop on Database and Expert Systems Applications, 2003. Proceedings..

[2]  H. Garcia-Molina,et al.  Enabling Privacy for the Paranoids , 2004 .

[3]  John C. Mitchell,et al.  Conflict and combination in privacy policy languages , 2004, WPES '04.

[4]  Victor C. S. Lee,et al.  Intrusion detection in real-time database systems via time signatures , 2000, Proceedings Sixth IEEE Real-Time Technology and Applications Symposium. RTAS 2000.

[5]  Dorothy E. Denning,et al.  Inference Controls for Statistical Databases , 1983, Computer.

[6]  Elisa Bertino,et al.  A roadmap for comprehensive online privacy policy management , 2007, CACM.

[7]  Josep Domingo-Ferrer,et al.  Inference Control in Statistical Databases , 2002, Lecture Notes in Computer Science.

[8]  Elisa Bertino,et al.  A ROADMAP FOR COMPREHENSIVE ONLINE PRIVACY POLICY , 2004 .

[9]  Yi Hu,et al.  Identification of malicious transactions in database systems , 2003, Seventh International Database Engineering and Applications Symposium, 2003. Proceedings..

[10]  Brent Waters,et al.  Privacy management for portable recording devices , 2004, WPES '04.

[11]  Elisa Bertino,et al.  State-of-the-art in privacy preserving data mining , 2004, SGMD.

[12]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[13]  Roberto J. Bayardo,et al.  Data privacy through optimal k-anonymization , 2005, 21st International Conference on Data Engineering (ICDE'05).

[14]  Günter Karjoth,et al.  A privacy policy model for enterprises , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[15]  Jan H. P. Eloff,et al.  PIDS: a privacy intrusion detection system , 2004, Internet Res..

[16]  Jennifer Widom,et al.  Vision Paper: Enabling Privacy for the Paranoids , 2004, VLDB.

[17]  Elisa Bertino,et al.  Intrusion detection in RBAC-administered databases , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[18]  Michael Gertz,et al.  DEMIDS: A Misuse Detection System for Database Systems , 2000, IICIS.

[19]  Ramakrishnan Srikant,et al.  Hippocratic Databases , 2002, VLDB.

[20]  Jerry den Hartog,et al.  An audit logic for accountability , 2005, Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05).

[21]  Anita K. Jones,et al.  Computer System Intrusion Detection: A Survey , 2000 .

[22]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.