Computing the Identification Capability of SQL Queries for Privacy Comparison

Comparing SQL queries is an interesting area of research, with applications of query similarity in different domains; for instance, anomaly-based intrusion detection systems. Comparing two SQL queries in terms of privacy - privacy comparison as well as computing a quantitative value for the identification capability of an SQL query is desirable. In this paper, we compute the identification capability of an SQL query and subsequently we propose an approach to compare two SQL queries in terms of privacy by introducing the notion of privacy equivalence, less-private and more-private relations. Additionally, an edge-labelled directed acyclic graph style privacy-aware attribute relationship diagram is proposed that facilitates the privacy comparison.

[1]  Vincent Frey,et al.  Discrimination rate: an attribute-centric metric to measure privacy , 2017, Ann. des Télécommunications.

[2]  Bart Preneel,et al.  Towards Measuring Anonymity , 2002, Privacy Enhancing Technologies.

[3]  Varun Chandola,et al.  Ettu: Analyzing Query Intents in Corporate Databases , 2016, WWW.

[4]  Michaël Rusinowitch,et al.  Protocol analysis in intrusion detection using decision tree , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[5]  Ninghui Li,et al.  t-Closeness: Privacy Beyond k-Anonymity and l-Diversity , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[6]  Iordanis Koutsopoulos,et al.  A Game Theoretic Framework for Data Privacy Preservation in Recommender Systems , 2011, ECML/PKDD.

[7]  Elisa Bertino,et al.  DetAnom: Detecting Anomalous Database Transactions by Insiders , 2015, CODASPY.

[8]  Giampaolo Bella,et al.  Enforcing privacy in e-commerce by balancing anonymity and trust , 2011, Comput. Secur..

[9]  George Danezis,et al.  Towards an Information Theoretic Metric for Anonymity , 2002, Privacy Enhancing Technologies.

[10]  Jaehong Park,et al.  Preserving user privacy from third-party applications in online social networks , 2013, WWW.

[11]  George Cybenko,et al.  Security Analytics and Measurements , 2012, IEEE Security & Privacy.

[12]  Jordi Forné,et al.  Measuring the privacy of user profiles in personalized information systems , 2014, Future Gener. Comput. Syst..

[13]  Shou-Hsuan Stephen Huang,et al.  Stepping-Stone Intrusion Detection Using Neural Networks Approach , 2008 .

[14]  Roland H. C. Yap,et al.  Improving Host-Based IDS with Argument Abstraction to Prevent Mimicry Attacks , 2005, RAID.

[15]  Elisa Bertino,et al.  Data and syntax centric anomaly detection for relational databases , 2016, WIREs Data Mining Knowl. Discov..

[16]  Carl E. Landwehr,et al.  Privacy research directions , 2016, Commun. ACM.

[17]  Vincent Frey,et al.  The Semantic Discrimination Rate Metric for Privacy Measurements which Questions the Benefit of t-closeness over l-diversity , 2017, SECRYPT.

[18]  Duc Thanh Anh Luong,et al.  Similarity Metrics for SQL Query Clustering , 2018, IEEE Transactions on Knowledge and Data Engineering.

[19]  ASHWIN MACHANAVAJJHALA,et al.  L-diversity: privacy beyond k-anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[20]  Cynthia Dwork,et al.  Differential Privacy: A Survey of Results , 2008, TAMC.

[21]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[22]  Simon N. Foley,et al.  Detecting Anomalous Behavior in DBMS Logs , 2016, CRiSIS.

[23]  Jérôme Darmont,et al.  Clustering-Based Materialized View Selection in Data Warehouses , 2006, ADBIS.

[24]  Matteo Golfarelli,et al.  Similarity measures for OLAP sessions , 2013, Knowledge and Information Systems.

[25]  Claudia Díaz Anonymity Metrics Revisited , 2005, Anonymous Communication and its Applications.

[26]  Andrew H. Sung,et al.  Feature Ranking and Selection for Intrusion Detection Using Artificial Neural Networks and Statistical Methods , 2006, The 2006 IEEE International Joint Conference on Neural Network Proceedings.

[27]  Simon N. Foley,et al.  A Semantic Approach to Frequency Based Anomaly Detection of Insider Access in Database Management Systems , 2017, CRiSIS.

[28]  Rafael D. C. Santos,et al.  Text Mining Applied to SQL Queries: A Case Study for the SDSS SkyServer , 2015, SIMBig.

[29]  Sin Yeung Lee,et al.  Learning Fingerprints for a Database Intrusion Detection System , 2002, ESORICS.

[30]  Joseph Lee,et al.  DIDAFIT: Detecting Intrusions in Databases Through Fingerprinting Transactions , 2002, ICEIS.

[31]  Chris Clifton,et al.  On syntactic anonymity and differential privacy , 2013, 2013 IEEE 29th International Conference on Data Engineering Workshops (ICDEW).

[32]  Tsvi Kuflik,et al.  PRAW - A PRivAcy model for the Web , 2005, J. Assoc. Inf. Sci. Technol..