Abstract
It is considered whether anomaly detection techniques might be used to determine potentially malicious behavior by service providers. Data mining techniques can be used to derive patterns of repeating behavior from logs of past interactions between service consumers and providers. Consumers may use these patterns to detect anomalous provider behavior, while providers may seek to adapt their behavior in ways that cannot be detected by the consumer. A challenge is deriving a behavioral model that is a sufficiently precise representation of the consumer-provider interactions. Behavioral norms, which model these patterns of behavior, are used to explore these issues in a on-line photograph sharing style service.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
van der Aalst, W.M., Weijters, T., Maruster, L.: Workflow mining: discovering process models from event logs. IEEE Trans. Knowl. Data Eng. 16(9), 1128–1142 (2004)
Accorsi, R., Stocker, T.: Automated privacy audits based on pruning of log data. In: EDOCW 12th Enterprise Distributed Object Computing Conference Workshops, pp. 175–182 (2008)
Agrawal, R., Gunopulos, D., Leymann, F.: Mining process models from workflow logs. In: Schek, H.-J., Saltor, F., Ramos, I., Alonso, G. (eds.) EDBT 1998. LNCS, vol. 1377, pp. 469–483. Springer, Heidelberg (1998)
Bellovin, S.M.: The insider attack problem nature and scope. In: Stolfo, S.J., Bellovin, S.M., Keromytis, A.D., Hershkop, S., Smith, S.W., Sinclair, S. (eds.) Insider Attack and Cyber Security. Advances in Information Security, vol. 39, pp. 1–4. Springer, Heidelberg (2008)
Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)
Foley, S.: A non-functional approach to system integrity. IEEE J. Sel. Areas Commun. 21(1), 36–43 (2003)
Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A sense of self for unix processes. In: IEEE Symposium on Security and Privacy, pp. 120–128 (1996)
Frank, M., Buhmann, J., Basin, D.: On the definition of role mining. In: Joshi, J.B.D., Carminati, B. (eds.) ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 35–44. ACM (2010)
Hardt, D.: The OAuth 2.0 Authorization Framework. RFC 6749 (Proposed Standard) October 2012. http://www.ietf.org/rfc/rfc6749.txt
Kuhlmann, M., Shohat, D., Schimpf, G.: Role mining - revealing business roles for security administration using data mining technology. In: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies, SACMAT ’03, pp. 179–186. ACM, New York (2003)
Louw, M.T., Venkatakrishnan, V.N.: Blueprint: robust prevention of cross-site scripting attacks for existing browsers. In: Proceedings of the 2009 30th IEEE Symposium on Security and Privacy, pp. 331–346. IEEE Computer Society (2009)
Pieczul, O., Foley, S.: Discovering emergent norms in security logs. In: 2013 IEEE Conference on Communications and Network Security (CNS - SafeConfig), pp. 438–445 (2013)
Ryan, P.Y.A.: Mathematical models of computer security. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 1–62. Springer, Heidelberg (2001)
Sun, S.T., Beznosov, K.: The devil is in the (implementation) details: an empirical analysis of OAuth SSO systems. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS ’12, pp. 378–390. ACM, New York (2012)
Thomas, R., Sandhu, R.: Task-based authorization controls (TBAC): a family of models for active and enterprise-oriented autorization management. In: Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects (1998)
Wagner, D., Soto, P.: Mimicry attacks on host-based intrusion detection systems. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS ’02, pp. 255–264. ACM, New York (2002)
Acknowledgments
This research has been partly supported by Science Foundation Ireland grant 08/SRC/11403.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Pieczul, O., Foley, S.N. (2014). Collaborating as Normal: Detecting Systemic Anomalies in Your Partner. In: Christianson, B., Malcolm, J., Matyáš, V., Švenda, P., Stajano, F., Anderson, J. (eds) Security Protocols XXII. Security Protocols 2014. Lecture Notes in Computer Science(), vol 8809. Springer, Cham. https://doi.org/10.1007/978-3-319-12400-1_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-12400-1_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-12399-8
Online ISBN: 978-3-319-12400-1
eBook Packages: Computer ScienceComputer Science (R0)