Cost-Sensitive Access Control for Illegitimate Confidential Access by Insiders

Young-Woo Seo and Katia Sycara
Conference Paper, IEEE International Conference on Intelligence and Security Informatics (ISI 2006), pp. 117-128, May, 2006

View Publication

Copyright notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.


In many organizations, it is common to control access to confidential information based on the need-to-know principle; The requests for access are authorized only if the content of the requested information is relevant to the requester?s current information analysis project. We formulate such content-based authorization, i.e. whether to accept or reject access requests as a binary classification problem. In contrast to the conventional error-minimizing classification, we handle this problem in a cost-sensitive learning framework in which the cost caused by incorrect decision is different according to the relative importance of the requested information. In particular, the cost (i.e., damaging effect) for a false positive (i.e., accepting an illegitimate request) is more expensive than that of false negative (i.e., rejecting a valid request). The former is a serious security problem because confidential information, which should not be revealed, can be accessed. From the comparison of the cost-sensitive classifiers with error-minimizing classifiers, we found that the costing with a logistic regression showed the best performance, in terms of the smallest cost paid, the lowest false positive rate, and the relatively low false negative rate.

author = {Young-Woo Seo and Katia Sycara},
title = {Cost-Sensitive Access Control for Illegitimate Confidential Access by Insiders},
booktitle = {IEEE International Conference on Intelligence and Security Informatics (ISI 2006)},
year = {2006},
month = {May},
editor = {Sharad Mehrotra, Daniel D. Zeng, Hsinchun Chen, Bhavani Thuraisingham, Fei-Yue Wang},
pages = {117-128},
publisher = {Springer},
keywords = {cost-sensitive learning, insider threat, security, machine learning},
} 2017-09-13T10:42:47-04:00