Optimizing Data Misuse Detection

Abstract

Data misuse may be performed by entities such as an organization's employees and business partners who are granted access to sensitive information and misuse their privileges. We assume that users can be either trusted or untrusted. The access of untrusted parties to data objects (e.g., client and patient records) should be monitored in an attempt to detect misuse. However, monitoring data objects is resource intensive and time-consuming and may also cause disturbance or inconvenience to the involved employees. Therefore, the monitored data objects should be carefully selected. In this article, we present two optimization problems carefully designed for selecting specific data objects for monitoring, such that the detection rate is maximized and the monitoring effort is minimized. In the first optimization problem, the goal is to select data objects for monitoring that are accessed by at most c trusted agents while ensuring access to at least k monitored objects by each untrusted agent (both c and k are integer variable). As opposed to the first optimization problem, the goal of the second optimization problem is to select monitored data objects that maximize the number of monitored data objects accessed by untrusted agents while ensuring that each trusted agent does not access more than d monitored data objects ( d is an integer variable as well). Two efficient heuristic algorithms for solving these optimization problems are proposed, and experiments were conducted simulating different scenarios to evaluate the algorithms’ performance. Moreover, we compared the heuristic algorithms’ performance to the optimal solution and conducted sensitivity analysis on the three parameters ( c , k , and d ) and on the ratio between the trusted and untrusted agents.