Protection of Database Security via Collaborative Inference Detection

Malicious users can exploit the correlation among data to infer sensitive information from a series of seemingly innocuous data accesses. Thus, we develop an inference violation detection system to protect sensitive data content. Based on data dependency, database schema and semantic knowledge, we constructed a semantic inference model (SIM) that represents the possible inference channels from any attribute to the pre-assigned sensitive attributes. The SIM is then instantiated to a semantic inference graph (SIG) for query-time inference violation detection. For a single user case, when a user poses a query, the detection system will examine his/her past query log and calculate the probability of inferring sensitive information. The query request will be denied if the inference probability exceeds the prespecified threshold. For multi-user cases, the users may share their query answers to increase the inference probability. Therefore, we develop a model to evaluate collaborative inference based on the query sequences of collaborators and their task-sensitive collaboration levels. Experimental studies reveal that information authoritativeness, communication fidelity and honesty in collaboration are three key factors that affect the level of achievable collaboration. An example is given to illustrate the use of the proposed technique to prevent multiple collaborative users from deriving sensitive information via inference.

[1]  Adnan Darwiche,et al.  Reasoning about Bayesian Network Classifiers , 2002, UAI.

[2]  Hector Garcia-Molina,et al.  The Eigentrust algorithm for reputation management in P2P networks , 2003, WWW '03.

[3]  C. J. Date An Introduction to Database Systems, 6th Edition , 1995 .

[4]  Bhavani M. Thuraisingham,et al.  Design and Implementation of a Database Inference Controller , 1993, Data Knowl. Eng..

[5]  Zhenyu Liu,et al.  Inferring Privacy Information from Social Networks , 2006, ISI.

[6]  Mukesh Singhal,et al.  Trust Management in Distributed Systems , 2007, Computer.

[7]  Adnan Darwiche,et al.  Sensitivity Analysis in Bayesian Networks: From Single to Multiple Parameters , 2004, UAI.

[8]  Randall P. Wolf,et al.  A Framework for Inference-Directed Data Mining , 1996, DBSec.

[9]  Ben Taskar,et al.  Selectivity estimation using probabilistic models , 2001, SIGMOD '01.

[10]  Michael P. Wellman,et al.  Real-world applications of Bayesian networks , 1995, CACM.

[11]  Harry S. Delugach,et al.  Aerie: An Inference Modeling and Detection Approach for Databases , 1993, DBSec.

[12]  Salvatore J. Stolfo,et al.  Real time data mining-based intrusion detection , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[13]  Wesley W. Chu,et al.  Database Security Protection Via Inference Detection , 2006, ISI.

[14]  Nevin L. Zhang,et al.  A simple approach to Bayesian network computations , 1994 .

[15]  Hua Yang,et al.  CoBase: A scalable and extensible cooperative information system , 1996, Journal of Intelligent Information Systems.

[16]  Mark E. Stickel,et al.  Toward a Tool to Detect and Eliminate Inference Problems in the Design of Multilevel Databases , 1993, Database Security.

[17]  Sergey Brin,et al.  The Anatomy of a Large-Scale Hypertextual Web Search Engine , 1998, Comput. Networks.

[18]  Rina Dechter,et al.  Bucket elimination: A unifying framework for probabilistic inference , 1996, UAI.

[19]  Lise Getoor,et al.  Learning Probabilistic Relational Models , 1999, IJCAI.

[20]  Hector Garcia-Molina,et al.  Taxonomy of trust: Categorizing P2P reputation systems , 2006, Comput. Networks.

[21]  Stéphane Bressan,et al.  Introduction to Database Systems , 2005 .

[22]  Adnan Darwiche,et al.  When do Numbers Really Matter? , 2001, UAI.

[23]  Elisa Bertino,et al.  Access control management in a distributed environment supporting dynamic collaboration , 2005, DIM '05.

[24]  Sushil Jajodia,et al.  The inference problem: a survey , 2002, SKDD.

[25]  Munindar P. Singh,et al.  An evidential model of distributed reputation management , 2002, AAMAS '02.

[26]  Harry S. Delugach,et al.  Wizard: A Database Inference Analysis and Detection System , 1996, IEEE Trans. Knowl. Data Eng..

[27]  Adnan Darwiche,et al.  Compiling Bayesian Networks with Local Structure , 2005, IJCAI.

[28]  Marianne Winslett,et al.  A unified scheme for resource protection in automated trust negotiation , 2003, 2003 Symposium on Security and Privacy, 2003..

[29]  Frank Meng,et al.  Query formulation from high-level concepts for relational databases , 1999, Proceedings User Interfaces to Data Intensive Systems.

[30]  Karl N. Levitt,et al.  A data-level database inference detection system , 1998 .

[31]  Adnan Darwiche,et al.  A distance measure for bounding probabilistic belief change , 2002, Int. J. Approx. Reason..

[32]  Adnan Darwiche,et al.  Recursive conditioning , 2001, Artif. Intell..

[33]  David Heckerman,et al.  Causal independence for probability assessment and inference using Bayesian networks , 1996, IEEE Trans. Syst. Man Cybern. Part A.

[34]  Qiming Chen,et al.  Query answering via cooperative data inference , 2004, Journal of Intelligent Information Systems.

[35]  H. J. Pels,et al.  An introduction to database systems, sixth edition , 1997 .

[36]  David Heckerman,et al.  A Tutorial on Learning with Bayesian Networks , 1999, Innovations in Bayesian Networks.

[37]  Marianne Winslett,et al.  Policy migration for sensitive credentials in trust negotiation , 2003, WPES '03.

[38]  Munindar P. Singh,et al.  Detecting deception in reputation management , 2003, AAMAS '03.

[39]  Lakhmi C. Jain,et al.  Introduction to Bayesian Networks , 2008 .

[40]  Karl Aberer,et al.  Managing trust in a peer-2-peer information system , 2001, CIKM '01.

[41]  Csilla Farkas,et al.  Dynamic Disclosure Monitor (D2Mon): An Improved Query Processing Solution , 2005, Secure Data Management.

[42]  Karl N. Levitt,et al.  Data level inference detection in database systems , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[43]  Ninghui Li,et al.  Safety in automated trust negotiation , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[44]  Nahid Shahmehri,et al.  Dynamic trust metrics for peer-to-peer systems , 2005, 16th International Workshop on Database and Expert Systems Applications (DEXA'05).

[45]  David J. Spiegelhalter,et al.  Local computations with probabilities on graphical structures and their application to expert systems , 1990 .

[46]  P. Kamakshi,et al.  Protection of Database Security VIA Collaborative Inference Detection , 2010 .

[47]  Bart Selman,et al.  The Hidden Web , 1997, AI Mag..

[48]  Kathryn B. Laskey Sensitivity analysis for probability assessments in Bayesian networks , 1995, IEEE Trans. Syst. Man Cybern..

[49]  Csilla Farkas,et al.  The Inference Problem and Updates in Relational Databases , 2001, DBSec.

[50]  David Allen,et al.  Exploiting Evidence in Probabilistic Inference , 2005, UAI.

[51]  Ling Liu,et al.  PeerTrust: supporting reputation-based trust for peer-to-peer electronic communities , 2004, IEEE Transactions on Knowledge and Data Engineering.

[52]  Nevin Lianwen Zhang,et al.  Exploiting Causal Independence in Bayesian Network Inference , 1996, J. Artif. Intell. Res..

[53]  Steffen L. Lauritzen,et al.  Bayesian updating in causal probabilistic networks by local computations , 1990 .

[54]  Rina Dechter,et al.  Bucket Elimination: A Unifying Framework for Reasoning , 1999, Artif. Intell..

[55]  Ernesto Damiani,et al.  Choosing reputable servents in a P2P network , 2002, WWW.