To Warn or Not to Warn: Online Signaling in Audit Games
share
Routine operational use of sensitive data is commonly governed by laws and regulations. For instance, in the medical domain, there are various laws at the state and federal level that dictate who is permitted to work with patients' records and under what conditions. To screen for potential privacy breaches, logging systems typically trigger alerts whenever a suspicious access is detected. However, the efficiency of such mechanism is low because 1) the vast majority of alerts are false positive and 2) limited budget leads to a small chance of detecting the true attack. To improve efficiency, information systems may invoke signaling so that whenever a suspicious access request occurs, the system can, in real time, warn the user that the access may be audited. At the end of some period, a selected subset of suspicious accesses is then audited. This gives rise to an online problem in which one needs to determine 1) whether a warning should be triggered and 2) the likelihood that the event of data request will be audited. In this work, we formulate this problem as a Signaling Audit Game (SAG), study the properties of its Stackelberg equilibria, and develop a scalable approach to compute its solution. We show that an intelligent presentation of warnings adds value in that SAGs can realize significantly higher utility for the auditor than systems without signaling. We perform an analysis over 10 million real access events in a large academic medical center to illustrate the value of our approach.
READ FULL TEXT