| dc.description.abstract | The continuous advancement of computation and storage technology has been incentivizing the deep digitalization of human daily life for decades. This leads to a surge of mission-critical information systems centered on personal data (e.g., electronic health record systems). However, attacks are unfortunately never absent due to the great value of the data these systems hold, and, thus, pose a threat to personal privacy. In recognition of this problem, a logging system with an alert functionality often operates in tandem with these systems to detect and notify administrators about the potential data misuses incurred during daily use. However, such mechanisms are often inefficient because 1) small budgets make it unlikely that a real attack will be detected, 2) the vast majority of triggered alerts are false positives, and 3) attackers can behave strategically, such that traditional auditing mechanisms cannot easily catch them.
In this dissertation, I develop a series of game-theoretic frameworks to improve the audit performance against data misuse by modeling the interactions of defender and attacker. In the first framework, I design and optimize the randomized alert type prioritization policy and budget allocation strategy to maximize the audit effectiveness. With a goal of extending the strategic modeling advantage to real time environment, I prototype the second framework by incorporating the real time information disclosure between players, which is made an advantage of the auditor to deter ongoing malicious data access. To address the strong assumptions in our previous works, the third framework models the practical adversarial environment where attackers are 1) diverse in their goals of attack and 2) imperfectly rational in selecting their strategies. Through experimental investigations, we show that the developed auditing frameworks and their solutions enable more effective and efficient auditing compared to the existing methods. The results of our performance evaluation are remarkable because they demonstrate that blending economic perspective and technical approaches together through a game theoretic lens can dramatically improve the system administrator's auditing capability in a budget-constraint adversarial environment. On the other hand, our auditing frameworks not only incorporate an explicit attacker deterrence mechanism but also maximize its effect using strategy randomization and signaling. | |
