Abstract
In many organizations, it is common to control access to confidential information based on the need-to-know principle; The requests for access are authorized only if the content of the requested information is relevant to the requester’s current information analysis project. We formulate such content-based authorization, i.e. whether to accept or reject access requests as a binary classification problem. In contrast to the conventional error-minimizing classification, we handle this problem in a cost-sensitive learning framework in which the cost caused by incorrect decision is different according to the relative importance of the requested information. In particular, the cost (i.e., damaging effect) for a false positive (i.e., accepting an illegitimate request) is more expensive than that of false negative (i.e., rejecting a valid request). The former is a serious security problem because confidential information, which should not be revealed, can be accessed. From the comparison of the cost-sensitive classifiers with error-minimizing classifiers, we found that the costing with a logistic regression showed the best performance, in terms of the smallest cost paid, the lowest false positive rate, and the relatively low false negative rate.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Aleman-Meza, B., Burns, P., Eavenson, M., Palaniswami, D., Sheth, A.: An ontological approach to the document access problem of insider threat. In: Proceedings of IEEE International Conference on Intelligence and Security Informatics (ISI 2005), pp. 486–491 (2005)
Domingos, P.: MetaCost: A general method for making classifiers cost-sensitive. In: Proceedings of International Conference on Knowledge Discovery and Data Mining (KDD 1999), pp. 155–164 (1999)
Elkan, C.: The foundations of cost-sensitive learning. In: Proceedings of International Joint Conference on Artificial Intelligence (IJCAI 2001), pp. 973–978 (2001)
Fawcett, T.: ROC graphs: Notes and practical considerations for researchers, HP Lab Palo Alto, HPL-2003-4 (2003)
Giuri, L., Iglio, P.: Role templates for content-based access control. In: Proceedings of ACM Workshop on Role Based Access Control, pp. 153–159 (1997)
Lee, W., Miller, M., Stolfo, S., Jallad, K., Park, C., Zadok, E., Prabhakar, V.: Toward cost-sensitive modeling for intrusion detection. ACM Journal of Computer Society 10(1-2), 5–22 (2002)
Joachims, T.: Text categorization with support vector machines: Learning with many relevant features. In: Nédellec, C., Rouveirol, C. (eds.) ECML 1998. LNCS, vol. 1398, pp. 137–142. Springer, Heidelberg (1998)
Schutze, H., Hull, D.A., Pedersen, J.O.: A comparison of classifiers and document representations for the routing problem. In: Proceedings of International ACM Conference on Research and Development in Information Retrieval (SIGIR 1995), pp. 229–237 (1995)
Seo, Y.-W., Giampapa, J., Sycara, K.: A multi-agent system for enforcing Need-To-Know security policies. In: Proceedings of International Conference on Autonomous Agents and Multi Agent Systems (AAMAS) Workshop on Agent Oriented Information Systems (AOIS 2004), pp. 163–179 (2004)
Symonenko, S., Liddy, E.D., Yilmazel, O.: Semantic analysis for monitoring insider threats. In: Proceedings of Symposium on Intelligence and Security Informatics (2004)
Torkkola, T.: Linear discriminant analysis in document classification. In: IEEE Workshop on TextMining (2001)
Weippl, E., Ibrahim, K.: Content-based management of document access control. In: Proceedings of the 14th International Conference on Applications of Prolog (2001)
Zadrozny, B., Langford, J., Abe, N.: A simple method for cost-sensitive learning. IBM Tech Report (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Seo, YW., Sycara, K. (2006). Cost-Sensitive Access Control for Illegitimate Confidential Access by Insiders. In: Mehrotra, S., Zeng, D.D., Chen, H., Thuraisingham, B., Wang, FY. (eds) Intelligence and Security Informatics. ISI 2006. Lecture Notes in Computer Science, vol 3975. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11760146_11
Download citation
DOI: https://doi.org/10.1007/11760146_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34478-0
Online ISBN: 978-3-540-34479-7
eBook Packages: Computer ScienceComputer Science (R0)