PriDe: A Quantitative Measure of Privacy-Loss in Interactive Querying Settings

This paper presents, PriDe, a model to measure the deviation of an analyst's (user) querying behaviour from normal querying behaviour. The deviation is measured in terms of privacy, that is to say, how much of the privacy loss has incurred due to this shift in querying behaviour. The shift is represented in terms of a score - a privacy-loss score, the higher the score the more the loss in privacy. Querying behaviour of analysts are modelled using n-grams of SQL query and subsequently, behavioural profiles are constructed. Profiles are then compared in terms of privacy resulting in a quantified score indicating the privacy loss.

[1]  Vincent Frey,et al.  Discrimination rate: an attribute-centric metric to measure privacy , 2017, Ann. des Télécommunications.

[2]  Varun Chandola,et al.  Ettu: Analyzing Query Intents in Corporate Databases , 2016, WWW.

[3]  Simon N. Foley,et al.  Computing the Identification Capability of SQL Queries for Privacy Comparison , 2019 .

[4]  Elisa Bertino,et al.  Detection of Temporal Insider Threats to Relational Databases , 2017, 2017 IEEE 3rd International Conference on Collaboration and Internet Computing (CIC).

[5]  Simon N. Foley,et al.  On database intrusion detection: A Query analytics-based model of normative behavior to detect insider attacks , 2017, ICCNS 2017.

[6]  Simon N. Foley,et al.  Detecting Anomalous Behavior in DBMS Logs , 2016, CRiSIS.

[7]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[8]  Nasir Memon,et al.  On a Scale from 1 to 10, How Private Are You? Scoring Facebook Privacy Settings , 2014 .

[9]  Stephanie Forrest,et al.  Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[10]  Justine Becker Measuring privacy risk in online social networks , 2009 .

[11]  Eerke A. Boiten,et al.  Privacy Risk Assessment: From Art to Science, By Metrics , 2018, DPM/CBT@ESORICS.

[12]  Simon N. Foley,et al.  DBMS Log Analytics for Detecting Insider Threats in Contemporary Organizations , 2019, Advances in Electronic Government, Digital Divide, and Regional Development.

[13]  Matteo Golfarelli,et al.  Similarity measures for OLAP sessions , 2013, Knowledge and Information Systems.

[14]  Rafael D. C. Santos,et al.  Text Mining Applied to SQL Queries: A Case Study for the SDSS SkyServer , 2015, SIMBig.

[15]  Simon N. Foley,et al.  Towards Modelling Insiders Behaviour as Rare Behaviour to Detect Malicious RDBMS Access , 2018, 2018 IEEE International Conference on Big Data (Big Data).

[16]  Duc Thanh Anh Luong,et al.  Similarity Metrics for SQL Query Clustering , 2018, IEEE Transactions on Knowledge and Data Engineering.

[17]  Evaggelia Pitoura,et al.  "You May Also Like" Results in Relational Databases , 2009 .

[18]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[19]  Stephanie Forrest,et al.  Automated Response Using System-Call Delay , 2000, USENIX Security Symposium.