Skip to main content
SpringerLink
Log in

Cost-Sensitive Access Control for Illegitimate Confidential Access by Insiders

  • Conference paper
Intelligence and Security Informatics (ISI 2006)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 3975))

Included in the following conference series:

Abstract

In many organizations, it is common to control access to confidential information based on the need-to-know principle; The requests for access are authorized only if the content of the requested information is relevant to the requester’s current information analysis project. We formulate such content-based authorization, i.e. whether to accept or reject access requests as a binary classification problem. In contrast to the conventional error-minimizing classification, we handle this problem in a cost-sensitive learning framework in which the cost caused by incorrect decision is different according to the relative importance of the requested information. In particular, the cost (i.e., damaging effect) for a false positive (i.e., accepting an illegitimate request) is more expensive than that of false negative (i.e., rejecting a valid request). The former is a serious security problem because confidential information, which should not be revealed, can be accessed. From the comparison of the cost-sensitive classifiers with error-minimizing classifiers, we found that the costing with a logistic regression showed the best performance, in terms of the smallest cost paid, the lowest false positive rate, and the relatively low false negative rate.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aleman-Meza, B., Burns, P., Eavenson, M., Palaniswami, D., Sheth, A.: An ontological approach to the document access problem of insider threat. In: Proceedings of IEEE International Conference on Intelligence and Security Informatics (ISI 2005), pp. 486–491 (2005)

    Google Scholar 

  2. Domingos, P.: MetaCost: A general method for making classifiers cost-sensitive. In: Proceedings of International Conference on Knowledge Discovery and Data Mining (KDD 1999), pp. 155–164 (1999)

    Google Scholar 

  3. Elkan, C.: The foundations of cost-sensitive learning. In: Proceedings of International Joint Conference on Artificial Intelligence (IJCAI 2001), pp. 973–978 (2001)

    Google Scholar 

  4. Fawcett, T.: ROC graphs: Notes and practical considerations for researchers, HP Lab Palo Alto, HPL-2003-4 (2003)

    Google Scholar 

  5. Giuri, L., Iglio, P.: Role templates for content-based access control. In: Proceedings of ACM Workshop on Role Based Access Control, pp. 153–159 (1997)

    Google Scholar 

  6. Lee, W., Miller, M., Stolfo, S., Jallad, K., Park, C., Zadok, E., Prabhakar, V.: Toward cost-sensitive modeling for intrusion detection. ACM Journal of Computer Society 10(1-2), 5–22 (2002)

    Google Scholar 

  7. Joachims, T.: Text categorization with support vector machines: Learning with many relevant features. In: Nédellec, C., Rouveirol, C. (eds.) ECML 1998. LNCS, vol. 1398, pp. 137–142. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  8. Schutze, H., Hull, D.A., Pedersen, J.O.: A comparison of classifiers and document representations for the routing problem. In: Proceedings of International ACM Conference on Research and Development in Information Retrieval (SIGIR 1995), pp. 229–237 (1995)

    Google Scholar 

  9. Seo, Y.-W., Giampapa, J., Sycara, K.: A multi-agent system for enforcing Need-To-Know security policies. In: Proceedings of International Conference on Autonomous Agents and Multi Agent Systems (AAMAS) Workshop on Agent Oriented Information Systems (AOIS 2004), pp. 163–179 (2004)

    Google Scholar 

  10. Symonenko, S., Liddy, E.D., Yilmazel, O.: Semantic analysis for monitoring insider threats. In: Proceedings of Symposium on Intelligence and Security Informatics (2004)

    Google Scholar 

  11. Torkkola, T.: Linear discriminant analysis in document classification. In: IEEE Workshop on TextMining (2001)

    Google Scholar 

  12. Weippl, E., Ibrahim, K.: Content-based management of document access control. In: Proceedings of the 14th International Conference on Applications of Prolog (2001)

    Google Scholar 

  13. Zadrozny, B., Langford, J., Abe, N.: A simple method for cost-sensitive learning. IBM Tech Report (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Robotics Institute, Carnegie Mellon University, Pittsburgh, PA, 15213, USA

    Young-Woo Seo & Katia Sycara

Authors
  1. Young-Woo Seo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Katia Sycara
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Information and Computer Science, University of California, Irvine

    Sharad Mehrotra

  2. MIS Department, University of Arizona, 85721, Tucson, AZ, USA

    Daniel D. Zeng

  3. Department of Management Information Systems, Eller College of Management, The University of Arizona, 85721, AZ, USA

    Hsinchun Chen

  4. University of Texas at Dallas,  

    Bhavani Thuraisingham

  5. Chinese Academy of Sciences, 100190, Beijing, China

    Fei-Yue Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Seo, YW., Sycara, K. (2006). Cost-Sensitive Access Control for Illegitimate Confidential Access by Insiders. In: Mehrotra, S., Zeng, D.D., Chen, H., Thuraisingham, B., Wang, FY. (eds) Intelligence and Security Informatics. ISI 2006. Lecture Notes in Computer Science, vol 3975. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11760146_11

Download citation

  • DOI: https://doi.org/10.1007/11760146_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-34478-0

  • Online ISBN: 978-3-540-34479-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation