Skip to main content
SpringerLink
Log in

Collaborating as Normal: Detecting Systemic Anomalies in Your Partner

  • Conference paper
  • First Online:
Security Protocols XXII (Security Protocols 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8809))

Included in the following conference series:

Abstract

It is considered whether anomaly detection techniques might be used to determine potentially malicious behavior by service providers. Data mining techniques can be used to derive patterns of repeating behavior from logs of past interactions between service consumers and providers. Consumers may use these patterns to detect anomalous provider behavior, while providers may seek to adapt their behavior in ways that cannot be detected by the consumer. A challenge is deriving a behavioral model that is a sufficiently precise representation of the consumer-provider interactions. Behavioral norms, which model these patterns of behavior, are used to explore these issues in a on-line photograph sharing style service.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. van der Aalst, W.M., Weijters, T., Maruster, L.: Workflow mining: discovering process models from event logs. IEEE Trans. Knowl. Data Eng. 16(9), 1128–1142 (2004)

    Article  Google Scholar 

  2. Accorsi, R., Stocker, T.: Automated privacy audits based on pruning of log data. In: EDOCW 12th Enterprise Distributed Object Computing Conference Workshops, pp. 175–182 (2008)

    Google Scholar 

  3. Agrawal, R., Gunopulos, D., Leymann, F.: Mining process models from workflow logs. In: Schek, H.-J., Saltor, F., Ramos, I., Alonso, G. (eds.) EDBT 1998. LNCS, vol. 1377, pp. 469–483. Springer, Heidelberg (1998)

    Google Scholar 

  4. Bellovin, S.M.: The insider attack problem nature and scope. In: Stolfo, S.J., Bellovin, S.M., Keromytis, A.D., Hershkop, S., Smith, S.W., Sinclair, S. (eds.) Insider Attack and Cyber Security. Advances in Information Security, vol. 39, pp. 1–4. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  5. Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)

    Article  MathSciNet  MATH  Google Scholar 

  6. Foley, S.: A non-functional approach to system integrity. IEEE J. Sel. Areas Commun. 21(1), 36–43 (2003)

    Article  MathSciNet  Google Scholar 

  7. Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A sense of self for unix processes. In: IEEE Symposium on Security and Privacy, pp. 120–128 (1996)

    Google Scholar 

  8. Frank, M., Buhmann, J., Basin, D.: On the definition of role mining. In: Joshi, J.B.D., Carminati, B. (eds.) ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 35–44. ACM (2010)

    Google Scholar 

  9. Hardt, D.: The OAuth 2.0 Authorization Framework. RFC 6749 (Proposed Standard) October 2012. http://www.ietf.org/rfc/rfc6749.txt

  10. Kuhlmann, M., Shohat, D., Schimpf, G.: Role mining - revealing business roles for security administration using data mining technology. In: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies, SACMAT ’03, pp. 179–186. ACM, New York (2003)

    Google Scholar 

  11. Louw, M.T., Venkatakrishnan, V.N.: Blueprint: robust prevention of cross-site scripting attacks for existing browsers. In: Proceedings of the 2009 30th IEEE Symposium on Security and Privacy, pp. 331–346. IEEE Computer Society (2009)

    Google Scholar 

  12. Pieczul, O., Foley, S.: Discovering emergent norms in security logs. In: 2013 IEEE Conference on Communications and Network Security (CNS - SafeConfig), pp. 438–445 (2013)

    Google Scholar 

  13. Ryan, P.Y.A.: Mathematical models of computer security. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 1–62. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  14. Sun, S.T., Beznosov, K.: The devil is in the (implementation) details: an empirical analysis of OAuth SSO systems. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS ’12, pp. 378–390. ACM, New York (2012)

    Google Scholar 

  15. Thomas, R., Sandhu, R.: Task-based authorization controls (TBAC): a family of models for active and enterprise-oriented autorization management. In: Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects (1998)

    Google Scholar 

  16. Wagner, D., Soto, P.: Mimicry attacks on host-based intrusion detection systems. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS ’02, pp. 255–264. ACM, New York (2002)

    Google Scholar 

Download references

Acknowledgments

This research has been partly supported by Science Foundation Ireland grant 08/SRC/11403.

Author information

Authors and Affiliations

  1. Ireland Lab, IBM Software Group, Dublin, Ireland

    Olgierd Pieczul

  2. Department of Computer Science, University College Cork, Cork, Ireland

    Olgierd Pieczul & Simon N. Foley

Authors
  1. Olgierd Pieczul
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Simon N. Foley
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Olgierd Pieczul or Simon N. Foley .

Editor information

Editors and Affiliations

  1. University of Hertfordshire, Hertfordshire, United Kingdom

    Bruce Christianson

  2. University of Hertfordshire, Hertfordshire, United Kingdom

    James Malcolm

  3. Masaryk University Faculty of Informatics, Brno, Czech Republic

    Vashek Matyáš

  4. Masaryk University Faculty of Informatics, Brno, Czech Republic

    Petr Å venda

  5. University of Cambridge, Cambridge, United Kingdom

    Frank Stajano

  6. Memorial University of Newfoundland, St. John's, Newfoundland and Labrador, Canada

    Jonathan Anderson

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Pieczul, O., Foley, S.N. (2014). Collaborating as Normal: Detecting Systemic Anomalies in Your Partner. In: Christianson, B., Malcolm, J., Matyáš, V., Švenda, P., Stajano, F., Anderson, J. (eds) Security Protocols XXII. Security Protocols 2014. Lecture Notes in Computer Science(), vol 8809. Springer, Cham. https://doi.org/10.1007/978-3-319-12400-1_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-12400-1_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-12399-8

  • Online ISBN: 978-3-319-12400-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation