Abstract
This paper addresses the topic of database security, which is a critical component of many systems. The goal of the work is to investigate the effectiveness of methods for ensuring database security. The work introduces an innovative way of evaluating the effectiveness of the launched attacks. A literature review identifies current solutions in areas relevant to database security and identifies the state of the art and science. The final analysis introduced cost estimation and transformation of the results into a payoff matrix, which allowed the use of decision-making methods from the field of game theory. No party, defender or attacker, obtained a dominant strategy, but the application of the min-max criterion showed that the defenders’ best strategy is to implement all means of protection, given the assumptions introduced. The presented evaluation method can be applied to decision making in cyber security and contribute to cost optimization in the organization.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Iso - iso/iec 27001:2013 - information technology — security techniques — information security management systems — requirements. https://www.iso.org/standard/54534.html. Accessed 14 June 2022
Kristen, E., Kloibhofer, R., Díaz, V.H., Castillejo, P.: Security assessment of agriculture IoT (AIoT) applications. Appl. Sci. 11(13), 5841 (2021). MDPI AGhttps://doi.org/10.3390/app11135841
Wang, P., Ali, A., Kelly, W.: Data security and threat modeling for smart city infrastructure. In: 2015 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC). IEEE, August 2015. https://doi.org/10.1109/ssic.2015.7245322
Hallberg, J., Hunstad, A., Peterson, M.: A framework for system security assessment. In: Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop, pp. 224–231 (2005)
Gao, J., Zhang, B., Chen, X., Luo, Z.: Ontology-based model of network and computer attacks for security assessment. J. Shanghai Jiaotong Univ. Sci. 18(5), 554–562 (2013). https://doi.org/10.1007/s12204-013-1439-5
de Franco Rosa, F., Jino, M., Bonacin, R.: Towards an ontology of security assessment: a core model proposal. In: Latifi, S. (ed.) Information Technology – New Generations. AISC, vol. 738, pp. 75–80. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-77028-4_12
Kamra, A., Ber, E.: Survey of machine learning methods for database security. In: Yu, P.S., Tsai, J.J.P. (eds.) Machine Learning in Cyber Trust, pp. 53–71. Springer, Boston (2009). https://doi.org/10.1007/978-0-387-88735-7_3
Wu, Y., Lyu, Y., Shi, Y.: Cloud storage security assessment through equilibrium analysis. Tsinghua Sci. Technol. 24(6), 738–749 (2019). https://doi.org/10.26599/tst.2018.9010127
Luh, R., Temper, M., Tjoa, S., Schrittwieser, S., Janicke, H.: PenQuest: a gamified attacker/defender meta model for cyber security assessment and education. J. Comput. Virol. Hacking Tech. 16(1), 19–61 (2019). https://doi.org/10.1007/s11416-019-00342-x
Nagels, J.: Availability and notification. Pract. Imaging Inform. (2021)
Tripathi, N., Hubballi, N.: Application layer denial-of-service attacks and defense mechanisms. ACM Comput. Surv. (CSUR), 54, 1–33 (2021)
Mahjabin, T., Xiao, Y., Sun, G., Jiang, W.: A survey of distributed denial-of-service attack, prevention, and mitigation techniques. Int. J. Distrib. Sens. Netw. 13 (2017)
Murthy, S., Abu Bakar, A., Abdul Rahim, F., Ramli, R.: A comparative study of data anonymization techniques. In: 2019 IEEE 5th International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing, (HPSC) and IEEE International Conference on Intelligent Data and Security (IDS), pp. 306–309 (2019). https://doi.org/10.1109/BigDataSecurity-HPSC-IDS.2019.00063
Savage, L.J.: The theory of statistical decision. J. Am. Stat. Assoc. 46, 55–67 (1951)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Warzyński, A., Łabuda, K., Falas, Ł., Schauer, P. (2023). Game Theory as a Method for Assessing the Security of Database Systems. In: Selvaraj, H., Fujimoto, T. (eds) Applied Systemic Studies. ICSEng 2022. Lecture Notes in Networks and Systems, vol 611. Springer, Cham. https://doi.org/10.1007/978-3-031-27470-1_12
Download citation
DOI: https://doi.org/10.1007/978-3-031-27470-1_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-27469-5
Online ISBN: 978-3-031-27470-1
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)