Skip to main content
SpringerLink
Log in

Online Randomization Strategies to Obfuscate User Behavioral Patterns

  • Published:
Journal of Network and Systems Management Aims and scope Submit manuscript

Abstract

When operating from the cloud, traces of user activities and behavioral patterns are accessible to anyone with enough privileges within the system. This could be, for example, the case of dishonest technical staff who may well be interested in selling user logs to competitors. In this paper, we investigate some of the security and privacy leakages derived from the analysis of user activities. We show that the working behavioral patterns exhibited by users can be easily captured into computationally useful representations that would allow an adversary to predict future activities, detect the occurrence of events of interest, or infer the organization’s internal structure. We then introduce the idea of obfuscating user behaviour through Online Action Randomization Algorithms. In doing so, we introduce an indistinguishability-based definition for perfectly obfuscated actions and a concrete scheme to randomize user traces in an incremental way. We report experimental results confirming the obfuscation quality and other properties of the proposed schemes.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

Notes

  1. Publicly available at http://www.schonlau.net.

  2. An alternative method to visualize this would be to compress the user traces generated by each heuristic. Whereas those generated by indistinguishability heuristics will be barely compressible, concept drift methods will produce traces with a compression rate similar to the unpadded ones.

References

  1. Chow, R., Golle, P., Jakobsson, M., Shi, E., Staddon, J., Masuoka, R., Molina, J.: Controlling data in the cloud: Outsourcing computation without outsourcing control. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security—CCSW 2009, pp. 85–90. (2009)

  2. Cloud Security Alliance: Security Guidance for Critical Areas of Focus in Cloud Computing v1.0. April 2009. Available at http://www.cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf

  3. Newman, R.E., Moskowitz, I.S., Syverson, P., Serjantov, A.: metrics for traffic analysis prevention. In: Privacy Enhancing Technologies Symposium - PET 2003, LNCS 2760, pp. 48–65. Springer, Berlin (2003)

  4. Agrawal, R., Srikant, R.: Privacy-preserving data mining. In: Proc. 2000 ACM SIGMOD International Conference on Management of Data - SIGMOD 2000, pp. 439–450. (2000)

  5. Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud! Exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM Conference on Computer and Communications Security—CCS 2009, pp. 199–212. (2009)

  6. Zukerman, I., Albrecht, D.W.: Predictive statistical models for user modeling. User Model. User-Adap. Inter. 11, 5–18 (2001)

    Article  MATH  Google Scholar 

  7. Davison, B.D., Hirsh, H.: Experiments in UNIX command prediction. Technical Report ML-TR-41, Dept. of Computer Science, Rutgers University (1997)

  8. Davison, B.D., Hirsh, H.: Toward an adaptive command line interface. In: Proceedings of the 7th International Conference on Human-Computer Interaction, pp. 505–508. Elsevier, Amsterdam (1997)

  9. MIT Reality Mining Project. See http://reality.media.mit.edu

  10. Ren, K., Wang, C., Wang, Q.: Security challenges for the public cloud. IEEE Internet Comput. 16(1), 69–73 (2012)

    Article  Google Scholar 

  11. Schonlau, M., DuMouchel, W., Ju, W.-H., Karr, A.F., Theus, M., Vardi, Y.: Computer intrusion: Detecting Masquerades. Stat. Sci. 16(1), 58–74 (2001)

    Article  MathSciNet  MATH  Google Scholar 

  12. Maxion, R.A., Townsend, T.N.: Masquerade detection using truncated command lines. In: Proceedings of the 2002 International Conference on Dependable Systems and Networks—DSN 2002), pp. 219–228 (2002)

  13. Maxion, R.A.: Masquerade detection using enriched command lines. In: Proceedings of the 2003 International Conference on Dependable Systems and Networks—DSN 2003), pp. 5–14. (2003)

  14. Killourhy, K.S., Maxion, R.A.: Toward realistic and artifact-free insider-threat data. In: 23rd Annual Computer Security Applications Conference—ACSAC 2007, pp. 87–96. (2007)

  15. Wang, K., Stolfo, S.: One-class training for Masquerade detection. In: ICDM Workshop on Data Mining for Computer Security. (2003)

  16. Tapiador, J.E., Clark, J.A.: Masquerade mimicry attack detection: A randomised approach. Comput. Secur. 30(5), 297–310 (2011)

    Article  Google Scholar 

  17. Bertacchini, M., Fierens, P.I.: Preliminary results on masquerader detection using compression-based similarity metrics. Electron. J. SADIO 7(1), (2007)

  18. Evans, S., Eiland, E., Markham, S., Impson, J., Laczo, A.: MDLcompress for intrusion detection: Signature inference and masquerade attack. In: 2007 IEEE Military Communications Conference—MILCOM 2007, pp. 1–7. (2007)

  19. Posadas, R., Mex-Perera, J.C., Monroy, R., Nolazco-Flores, J.A.: Hybrid method for detecting masqueraders using session folding and hidden markov models. In: Proceedings of the 5th Mexican International Conference on Artificial Intelligence, pp. 622–631. (2006)

  20. Oka, M., Oyama, Y., Abe, H., Kato, K.: Anomaly detection using layered networks based on eigen co-occurrence matrix. In: 2004 Symposium on Recent Advances in Intrusion Detection - RAID 2004, LNCS Vol. 3224, pp. 223–237. Springer, Berlin (2004)

  21. Latendresse, M.: Masquerade detection via customized grammars. In: Conference on Detection of Intrusions and Malware & Vulnerability Assessment - DIMVA 2005, LNCS Vol. 3548, pp. 141–159. Springer, Berlin (2005)

  22. Chen, L., Dong, G.: Masquerader Detection using OCLEP: One-class classification using length statistics of emerging patterns. In: WebAge Information Management Workshops—WAIMW 2006, pp. 5–5. (2006)

  23. Gebski, M., Wong, R.K.: Intrusion Detection via Analysis and Modelling of User Commands. In: Proc. 7th international Conference on Data Warehousing and Knowledge Discovery - DAWAK 2005, LNCS Vol. 3589, pp. 388–397. Springer, Berlin (2005)

  24. Ourston, D., Mooney, R.J.: Changing the rules: A comprehensive approach to theory refinement. In: 8th National Conference on Artificial Intelligence—AAAI 1990, Vol. 2, pp. 815–820. (1990)

  25. Davison, B.D., Hirsh, H.: Predicting sequences of user actions. In: AAAI-98/ICML’98 Workshop on Predicting the Future: AI Approaches to Time Series Analysis, pp. 5–12. (1998)

  26. Bauer, M.: Generation of alternative decompositions for plan libraries. IJCAI’99 Workshop on Learning about Users (1999)

  27. Stumpf, S., Bao, X., Dragunov, A., Dietterich, T.G., Herlocker, J., Johnsrude, K., Li, L., Shen, J.Q.: Predicting user tasks: i know what you’re doing!. In: 20th National Conference on Artificial Intelligence (AAAI-05), Workshop on Human Comprehensible Machine Learning (2005)

  28. Kullback, S., Leibler, R.A.: On information and sufficiency. Ann Math Stat 22(1), 79–86 (1951)

    Article  MathSciNet  MATH  Google Scholar 

Download references

Acknowledgments

We thank the anonymous reviewers for their insights and comments that have greatly contributed to improve the quality of this work.

Author information

Author notes

  1. Juan E. Tapiador

    Present address: Deptartment of Computer Science, Universidad Carlos III de Madrid, Avda. Universidad 30, 28991, Leganes, Madrid, Spain

Authors and Affiliations

  1. Department of Computer Science, University of York, Deramore Lane, York, YO10 5GH, UK

    Juan E. Tapiador

  2. School of Computing, University of Portsmouth, Buckingham Building, Lion Terrace, Portsmouth, PO1 3HE, UK

    Julio C. Hernandez-Castro

  3. Information Security and Privacy Lab, Delft University of Technology (TU-Delft), P.O. Box 5031, 2600 GA, Delft, The Netherlands

    Pedro Peris-Lopez

Authors
  1. Juan E. Tapiador
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Julio C. Hernandez-Castro
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pedro Peris-Lopez
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Juan E. Tapiador.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Tapiador, J.E., Hernandez-Castro, J.C. & Peris-Lopez, P. Online Randomization Strategies to Obfuscate User Behavioral Patterns. J Netw Syst Manage 20, 561–578 (2012). https://doi.org/10.1007/s10922-012-9246-0

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10922-012-9246-0

Keywords

Search

Navigation