東華大學圖書館 |

語系: 繁體中文

說明(常見問題)

回圖書館首頁

手機版館藏查詢

登入

回首頁

切換: 標籤 | MARC模式 | ISBD

FindBook

Google Book

Amazon

博客來

Game Theoretic Approaches for Intelligent Auditing.

紀錄類型:	書目-電子資源 : Monograph/item
正題名/作者:	Game Theoretic Approaches for Intelligent Auditing./
作者:	Yan, Chao.
出版者:	Ann Arbor : ProQuest Dissertations & Theses, : 2022,
面頁冊數:	162 p.
附註:	Source: Dissertations Abstracts International, Volume: 83-09, Section: B.
Contained By:	Dissertations Abstracts International83-09B.
標題:	Computer science. -
電子資源:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=29070483
ISBN:	9798790628399

Game Theoretic Approaches for Intelligent Auditing.
Yan, Chao.

Game Theoretic Approaches for Intelligent Auditing. - Ann Arbor : ProQuest Dissertations & Theses, 2022 - 162 p.

Source: Dissertations Abstracts International, Volume: 83-09, Section: B.

Thesis (Ph.D.)--Vanderbilt University, 2022.

This item must not be sold to any third party vendors.

The continuous advancement of computation and storage technology has been incentivizing the deep digitalization of human daily life for decades. This leads to a surge of mission-critical information systems centered on personal data (e.g., electronic health record systems). However, attacks are unfortunately never absent due to the great value of the data these systems hold, and, thus, pose a threat to personal privacy. In recognition of this problem, a logging system with an alert functionality often operates in tandem with these systems to detect and notify administrators about the potential data misuses incurred during daily use. However, such mechanisms are often inefficient because 1) small budgets make it unlikely that a real attack will be detected, 2) the vast majority of triggered alerts are false positives, and 3) attackers can behave strategically, such that traditional auditing mechanisms cannot easily catch them.In this dissertation, I develop a series of game-theoretic frameworks to improve the audit performance against data misuse by modeling the interactions of defender and attacker. In the first framework, I design and optimize the randomized alert type prioritization policy and budget allocation strategy to maximize the audit effectiveness. With a goal of extending the strategic modeling advantage to real time environment, I prototype the second framework by incorporating the real time information disclosure between players, which is made an advantage of the auditor to deter ongoing malicious data access. To address the strong assumptions in our previous works, the third framework models the practical adversarial environment where attackers are 1) diverse in their goals of attack and 2) imperfectly rational in selecting their strategies. Through experimental investigations, we show that the developed auditing frameworks and their solutions enable more effective and efficient auditing compared to the existing methods. The results of our performance evaluation are remarkable because they demonstrate that blending economic perspective and technical approaches together through a game theoretic lens can dramatically improve the system administrator's auditing capability in a budget-constraint adversarial environment. On the other hand, our auditing frameworks not only incorporate an explicit attacker deterrence mechanism but also maximize its effect using strategy randomization and signaling.

ISBN: 9798790628399Subjects--Topical Terms:

523869
Computer science.
Subjects--Index Terms:

Data access auditing

Game Theoretic Approaches for Intelligent Auditing.
LDR:03516nmm a2200337 4500 001 2349173
005 20220920135756.5
008 241004s2022 ||||||||||||||||| ||eng d
020 $a 9798790628399
035 $a (MiAaPQ)AAI29070483
035 $a (MiAaPQ)0242vireo1024Yan
035 $a AAI29070483
040 $a MiAaPQ $c MiAaPQ
100 1 $a Yan, Chao. $3 3688572
245 1 0 $a Game Theoretic Approaches for Intelligent Auditing.
260 1 $a Ann Arbor : $b ProQuest Dissertations & Theses, $c 2022
300 $a 162 p.
500 $a Source: Dissertations Abstracts International, Volume: 83-09, Section: B.
500 $a Advisor: Malin, Bradley A.
502 $a Thesis (Ph.D.)--Vanderbilt University, 2022.
506 $a This item must not be sold to any third party vendors.
520 $a The continuous advancement of computation and storage technology has been incentivizing the deep digitalization of human daily life for decades. This leads to a surge of mission-critical information systems centered on personal data (e.g., electronic health record systems). However, attacks are unfortunately never absent due to the great value of the data these systems hold, and, thus, pose a threat to personal privacy. In recognition of this problem, a logging system with an alert functionality often operates in tandem with these systems to detect and notify administrators about the potential data misuses incurred during daily use. However, such mechanisms are often inefficient because 1) small budgets make it unlikely that a real attack will be detected, 2) the vast majority of triggered alerts are false positives, and 3) attackers can behave strategically, such that traditional auditing mechanisms cannot easily catch them.In this dissertation, I develop a series of game-theoretic frameworks to improve the audit performance against data misuse by modeling the interactions of defender and attacker. In the first framework, I design and optimize the randomized alert type prioritization policy and budget allocation strategy to maximize the audit effectiveness. With a goal of extending the strategic modeling advantage to real time environment, I prototype the second framework by incorporating the real time information disclosure between players, which is made an advantage of the auditor to deter ongoing malicious data access. To address the strong assumptions in our previous works, the third framework models the practical adversarial environment where attackers are 1) diverse in their goals of attack and 2) imperfectly rational in selecting their strategies. Through experimental investigations, we show that the developed auditing frameworks and their solutions enable more effective and efficient auditing compared to the existing methods. The results of our performance evaluation are remarkable because they demonstrate that blending economic perspective and technical approaches together through a game theoretic lens can dramatically improve the system administrator's auditing capability in a budget-constraint adversarial environment. On the other hand, our auditing frameworks not only incorporate an explicit attacker deterrence mechanism but also maximize its effect using strategy randomization and signaling.
590 $a School code: 0242.
650 4 $a Computer science. $3 523869
653 $a Data access auditing
653 $a Game theory
653 $a Digitalization
690 $a 0984
710 2 $a Vanderbilt University. $3 1017501
773 0 $t Dissertations Abstracts International $g 83-09B.
790 $a 0242
791 $a Ph.D.
792 $a 2022
793 $a English
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=29070483