{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,14]],"date-time":"2026-02-14T06:28:54Z","timestamp":1771050534815,"version":"3.50.1"},"reference-count":48,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2019,6,10]],"date-time":"2019-06-10T00:00:00Z","timestamp":1560124800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-1526014, CNS-1640624, IIS-1649972, and IIS-1526860"],"award-info":[{"award-number":["CNS-1526014, CNS-1640624, IIS-1649972, and IIS-1526860"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000006","name":"Office of Naval Research","doi-asserted-by":"crossref","award":["N00014-15-1-2621"],"award-info":[{"award-number":["N00014-15-1-2621"]}],"id":[{"id":"10.13039\/100000006","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/100000183","name":"Army Research Office","doi-asserted-by":"crossref","award":["W911NF-16-1-0069"],"award-info":[{"award-number":["W911NF-16-1-0069"]}],"id":[{"id":"10.13039\/100000183","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/100000002","name":"National Institutes of Health","doi-asserted-by":"crossref","award":["R01LM10207"],"award-info":[{"award-number":["R01LM10207"]}],"id":[{"id":"10.13039\/100000002","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Priv. Secur."],"published-print":{"date-parts":[[2019,8,31]]},"abstract":"<jats:p>The quantity of personal data that is collected, stored, and subsequently processed continues to grow rapidly. Given its sensitivity, ensuring privacy protections has become a necessary component of database management. To enhance protection, a number of mechanisms have been developed, such as audit logging and alert triggers, which notify administrators about suspicious activities. However, this approach is limited. First, the volume of alerts is often substantially greater than the auditing capabilities of organizations. Second, strategic attackers can attempt to disguise their actions or carefully choose targets, thus hide illicit activities. In this article, we introduce an auditing approach that accounts for adversarial behavior by (1) prioritizing the order in which types of alerts are investigated and (2) providing an upper bound on how much resource to allocate for each type.<\/jats:p>\n          <jats:p>Specifically, we model the interaction between a database auditor and attackers as a Stackelberg game. We show that even a highly constrained version of such problem is NP-Hard. Then, we introduce a method that combines linear programming, column generation, and heuristic searching to derive an auditing policy. On the synthetic data, we perform an extensive evaluation on the approximation degree of our solution with the optimal one. The two real datasets, (1) 1.5 months of audit logs from Vanderbilt University Medical Center and (2) a publicly available credit card application dataset, are used to test the policy-searching performance. The findings demonstrate the effectiveness of the proposed methods for searching the audit strategies, and our general approach significantly outperforms non-game-theoretic baselines.<\/jats:p>","DOI":"10.1145\/3323924","type":"journal-article","created":{"date-parts":[[2019,6,11]],"date-time":"2019-06-11T13:28:16Z","timestamp":1560259696000},"page":"1-21","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":8,"title":["Database Audit Workload Prioritization via Game Theory"],"prefix":"10.1145","volume":"22","author":[{"given":"Chao","family":"Yan","sequence":"first","affiliation":[{"name":"Vanderbilt University, Nashville, TN USA"}]},{"given":"Bo","family":"Li","sequence":"additional","affiliation":[{"name":"University of Illinois at Urbana\u2013Champaign, Urbana, IL USA"}]},{"given":"Yevgeniy","family":"Vorobeychik","sequence":"additional","affiliation":[{"name":"Washington University in St. Louis, MO, USA"}]},{"given":"Aron","family":"Laszka","sequence":"additional","affiliation":[{"name":"University of Houston, Houston, TX, USA"}]},{"given":"Daniel","family":"Fabbri","sequence":"additional","affiliation":[{"name":"Vanderbilt University, Nashville, TN USA"}]},{"given":"Bradley","family":"Malin","sequence":"additional","affiliation":[{"name":"Vanderbilt University, Nashville, TN USA"}]}],"member":"320","published-online":{"date-parts":[[2019,6,10]]},"reference":[{"key":"e_1_2_1_1_1","volume-title":"Golay","author":"Ablon Lillian","year":"2014","unstructured":"Lillian Ablon , Martin C. Libicki , and Andrea A . Golay . 2014 . Markets for Cybercrime Tools and Stolen Data: Hackers\u2019 Bazaar . Rand . Lillian Ablon, Martin C. Libicki, and Andrea A. Golay. 2014. Markets for Cybercrime Tools and Stolen Data: Hackers\u2019 Bazaar. Rand."},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijmedinf.2006.09.015"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1002\/nem.804"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.5555\/2871806.2871808"},{"key":"e_1_2_1_5_1","first-page":"437","article-title":"System and methods for nonintrusive database security","volume":"7","author":"Ben-Natan Ron","year":"2008","unstructured":"Ron Ben-Natan . 2008 . System and methods for nonintrusive database security . U.S. Patent 7 , 437 ,362. Ron Ben-Natan. 2008. System and methods for nonintrusive database security. U.S. Patent 7,437,362.","journal-title":"U.S. Patent"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2010.08.008"},{"key":"e_1_2_1_7_1","doi-asserted-by":"crossref","unstructured":"Jeremiah Blocki Nicolas Christin Anupam Datta Ariel Procaccia and Arunesh Sinha. 2014. Audit games with multiple defender resources. arXiv preprint arXiv:1409.4503.  Jeremiah Blocki Nicolas Christin Anupam Datta Ariel Procaccia and Arunesh Sinha. 2014. Audit games with multiple defender resources. arXiv preprint arXiv:1409.4503.","DOI":"10.1609\/aaai.v29i1.9317"},{"key":"e_1_2_1_8_1","unstructured":"Jeremiah Blocki Nicolas Christin Anupam Datta Ariel D. Procaccia and Arunesh Sinha. 2013. Audit games. arXiv preprint arXiv:1303.0356.  Jeremiah Blocki Nicolas Christin Anupam Datta Ariel D. Procaccia and Arunesh Sinha. 2013. Audit games. arXiv preprint arXiv:1303.0356."},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1136\/amiajnl-2011-000217"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.5555\/850950.853684"},{"key":"e_1_2_1_11_1","volume-title":"Proceedings of the AAAI Conference on Artificial Intelligence. 425--431","author":"Brown Matthew","year":"2016","unstructured":"Matthew Brown , Arunesh Sinha , Aaron Schlenker , and Milind Tambe . 2016 . One size does not fit all: A game-theoretic approach for dynamically and effectively screening for threats . In Proceedings of the AAAI Conference on Artificial Intelligence. 425--431 . Matthew Brown, Arunesh Sinha, Aaron Schlenker, and Milind Tambe. 2016. One size does not fit all: A game-theoretic approach for dynamically and effectively screening for threats. In Proceedings of the AAAI Conference on Artificial Intelligence. 425--431."},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/5254.809570"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1142\/S0218001406004624"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2012.11"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1186\/2190-8532-1-5"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11229-015-0927-6"},{"key":"e_1_2_1_17_1","first-page":"820","article-title":"Rule-based database security system and method","volume":"6","author":"Cook William R.","year":"2004","unstructured":"William R. Cook and Martin R. Gannholm . 2004 . Rule-based database security system and method . U.S. Patent 6 , 820 ,082. William R. Cook and Martin R. Gannholm. 2004. Rule-based database security system and method. U.S. Patent 6,820,082.","journal-title":"U.S. Patent"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.5555\/829514.830542"},{"key":"e_1_2_1_19_1","first-page":"57","article-title":"Credit card fraud and detection techniques: A review","volume":"4","author":"Delamaire Linda","year":"2009","unstructured":"Linda Delamaire , H. A. H. Abdou , and John Pointon . 2009 . Credit card fraud and detection techniques: A review . Banks Bank Syst. 4 , 2 (2009), 57 -- 68 . Linda Delamaire, H. A. H. Abdou, and John Pointon. 2009. Credit card fraud and detection techniques: A review. Banks Bank Syst. 4, 2 (2009), 57--68.","journal-title":"Banks Bank Syst."},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.14778\/2047485.2047486"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1136\/amiajnl-2012-001018"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDE.2013.6544904"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1609\/aimag.v38i1.2710"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2882969"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2011.72"},{"key":"e_1_2_1_26_1","volume-title":"Survey of machine-learning methods for database security. Mach. Learn. Cyber Trust","author":"Kamra Ashish","year":"2009","unstructured":"Ashish Kamra and Elisa Ber . 2009. Survey of machine-learning methods for database security. Mach. Learn. Cyber Trust ( 2009 ), 53--71. Ashish Kamra and Elisa Ber. 2009. Survey of machine-learning methods for database security. Mach. Learn. Cyber Trust (2009), 53--71."},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00778-007-0051-4"},{"key":"e_1_2_1_28_1","volume-title":"Proceedings of the International Conference on Autonomous Agents and Multiagent Systems. 689--696","author":"Kiekintveld Christopher","year":"2009","unstructured":"Christopher Kiekintveld , Manish Jain , Jason Tsai , James Pita , Fernando Ord\u00f3\u00f1ez , and Milind Tambe . 2009 . Computing optimal randomized resource allocations for massive security games . In Proceedings of the International Conference on Autonomous Agents and Multiagent Systems. 689--696 . Christopher Kiekintveld, Manish Jain, Jason Tsai, James Pita, Fernando Ord\u00f3\u00f1ez, and Milind Tambe. 2009. Computing optimal randomized resource allocations for massive security games. In Proceedings of the International Conference on Autonomous Agents and Multiagent Systems. 689--696."},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1007\/s40708-016-0046-2"},{"key":"e_1_2_1_30_1","first-page":"22","article-title":"Outlier detection in audit logs for application systems. Info","volume":"44","author":"Kuna Horacio D.","year":"2014","unstructured":"Horacio D. Kuna , Ram\u00f3n Garc\u00eda-Martinez , and Francisco R. Villatoro . 2014 . Outlier detection in audit logs for application systems. Info . Syst. 44 (2014), 22 -- 33 . Horacio D. Kuna, Ram\u00f3n Garc\u00eda-Martinez, and Francisco R. Villatoro. 2014. Outlier detection in audit logs for application systems. Info. Syst. 44 (2014), 22--33.","journal-title":"Syst."},{"key":"e_1_2_1_31_1","volume-title":"Proceedings of the AAAI Workshop on Artificial Intelligence for Cyber Security.","author":"Laszka Aron","year":"2017","unstructured":"Aron Laszka , Yevgeniy Vorobeychik , Daniel Fabbri , Chao Yan , and Bradley Malin . 2017 . A game-theoretic approach for alert prioritization . In Proceedings of the AAAI Workshop on Artificial Intelligence for Cyber Security. Aron Laszka, Yevgeniy Vorobeychik, Daniel Fabbri, Chao Yan, and Bradley Malin. 2017. A game-theoretic approach for alert prioritization. In Proceedings of the AAAI Workshop on Artificial Intelligence for Cyber Security."},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.inffus.2009.01.004"},{"key":"e_1_2_1_33_1","volume-title":"Proceedings of the International Symposium on Research in Attacks, Intrusions and Defenses. 382--401","author":"Mathew Sunu","unstructured":"Sunu Mathew , Michalis Petropoulos , Hung Q. Ngo , and Shambhu J. Upadhyaya . 2010. A data-Centric approach to insider attack detection in database systems . In Proceedings of the International Symposium on Research in Attacks, Intrusions and Defenses. 382--401 . Sunu Mathew, Michalis Petropoulos, Hung Q. Ngo, and Shambhu J. Upadhyaya. 2010. A data-Centric approach to insider attack detection in database systems. In Proceedings of the International Symposium on Research in Attacks, Intrusions and Defenses. 382--401."},{"key":"e_1_2_1_34_1","volume-title":"Big data: The management revolution. Harvard Business Rev. (Oct","author":"McAfee Andrew","year":"2012","unstructured":"Andrew McAfee and Erik Brynjolfsson . 2012. Big data: The management revolution. Harvard Business Rev. (Oct . 2012 ), 3--9. Andrew McAfee and Erik Brynjolfsson. 2012. Big data: The management revolution. Harvard Business Rev. (Oct. 2012), 3--9."},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2010.08.006"},{"key":"e_1_2_1_36_1","volume-title":"Proceedings of the International Conference on Computer Science and Information Technology","volume":"5","author":"Njogu Humphrey Waita","year":"2010","unstructured":"Humphrey Waita Njogu and Luo Jiawei . 2010 . Using alert cluster to reduce IDS alerts . In Proceedings of the International Conference on Computer Science and Information Technology , Vol. 5 . 467--471. Humphrey Waita Njogu and Luo Jiawei. 2010. Using alert cluster to reduce IDS alerts. In Proceedings of the International Conference on Computer Science and Information Technology, Vol. 5. 467--471."},{"key":"e_1_2_1_37_1","unstructured":"Sara Ashley O\u2019Brien. 2017. Giant Equifax data breach: 143 million people could be affected. Retrieved from http:\/\/money.cnn.com\/2017\/09\/07\/technology\/business\/equifax-data-breach\/index.html.  Sara Ashley O\u2019Brien. 2017. Giant Equifax data breach: 143 million people could be affected. Retrieved from http:\/\/money.cnn.com\/2017\/09\/07\/technology\/business\/equifax-data-breach\/index.html."},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2006.8"},{"key":"e_1_2_1_39_1","first-page":"405","article-title":"Database system event triggers","volume":"6","author":"Samu Sriram","year":"2002","unstructured":"Sriram Samu , Namit Jain , and Wei Wang . 2002 . Database system event triggers . U.S. Patent 6 , 405 ,212. Sriram Samu, Namit Jain, and Wei Wang. 2002. Database system event triggers. U.S. Patent 6,405,212.","journal-title":"U.S. Patent"},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.24963\/ijcai.2017\/54"},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2007.70228"},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/4235.687883"},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/FUZZ.2002.1005055"},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSMCA.2010.2048028"},{"key":"e_1_2_1_45_1","volume-title":"Proceedings of the 35th International Conference on Machine Learning. 4946--4954","author":"Tong Liang","year":"2018","unstructured":"Liang Tong , Sixie Yu , Scott Alfeld , and Yevgeniy Vorobeychik . 2018 . Adversarial regression with multiple learners . In Proceedings of the 35th International Conference on Machine Learning. 4946--4954 . Liang Tong, Sixie Yu, Scott Alfeld, and Yevgeniy Vorobeychik. 2018. Adversarial regression with multiple learners. In Proceedings of the 35th International Conference on Machine Learning. 4946--4954."},{"key":"e_1_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICHIT.2008.197"},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2007.12.020"},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.5555\/3237383.3237420"}],"container-title":["ACM Transactions on Privacy and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3323924","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3323924","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3323924","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:54:12Z","timestamp":1750204452000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3323924"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,6,10]]},"references-count":48,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2019,8,31]]}},"alternative-id":["10.1145\/3323924"],"URL":"https:\/\/doi.org\/10.1145\/3323924","relation":{},"ISSN":["2471-2566","2471-2574"],"issn-type":[{"value":"2471-2566","type":"print"},{"value":"2471-2574","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,6,10]]},"assertion":[{"value":"2018-05-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2019-03-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2019-06-10","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}