IEEE Transactions on Knowledge and Data Engineering, 2007
ABSTRACT We consider adaptive index utilization as a fine-grained problem in autonomic databases ... more ABSTRACT We consider adaptive index utilization as a fine-grained problem in autonomic databases in which an existing index is dynamically determined to be used or not in query processing. As a special case, we study this problem for structural joins, the core operator in XML query processing, in the main memory. We find that index utilization is beneficial for structural joins only under certain join selectivity and distribution of matching elements. Therefore, we propose adaptive algorithms to decide whether to use an index probe or a data scan for each step of matching during the processing of a structural join operator. Our adaptive algorithms are based on the history, the look-ahead information, or both. We have developed a cost model to facilitate this adaptation and have conducted experiments with both synthetic and real-world data sets. Our results show that adaptively utilizing indexes in a structural join improves the performance by taking advantage of both sequential scans and index probes
Feature selection is critical to knowledge-based authentication. In this paper, we adopt a wrappe... more Feature selection is critical to knowledge-based authentication. In this paper, we adopt a wrapper method in which the learning machine is a generative probabilistic model, and the objective is to maximize the Kullback–Leibler divergence between the true empirical distribution defined by the legitimate knowledge and the approximating distribution representing an attacking strategy, both in the same feature space. The closed-form solutions to this optimization problem lead to three adaptive algorithms, unified under the principle of maximum entropy. Our experimental results show that the proposed adaptive methods are superior to the commonly used random selection method.
IEEE Transactions on Knowledge and Data Engineering, 2007
Knowledge-based authentication (KBA) has gained prominence as a user authentication method for el... more Knowledge-based authentication (KBA) has gained prominence as a user authentication method for electronic transactions. This paper presents a Bayesian network model of KBA grounded in probabilistic reasoning and information theory. The probabilistic semantics of the model parameters naturally lead to the definitions of two key KBA metrics - guessability and memorability. The statistical modeling approach allows parameter estimation using methods such as the maximum likelihood estimator (MLE). The information-theoretic view helps to derive the closed-form solutions to estimating the guessability and guessing entropy metrics. The results related to KBA metrics and the models under different attacking strategies and factoid distributions are unified under a game-theoretic framework that yields lower and upper bounds of optimal guessability. The paper also proposes a methodology for implementing a Bayesian network-based KBA system. Further, an empirical evaluation of the relative merits of two Bayesian network structures for KBA, the naive Bayes (NB) and the tree augmented naive Bayes (TAN), confirms the hypothesis that the TAN structure is superior in terms of authentication accuracy and error rates. The results of the theoretical analysis and the empirical study provide insights into the KBA design problem and establish a foundation for future research in the KBA area
With the growing importance of Internet-based businesses, malicious code attacks on information t... more With the growing importance of Internet-based businesses, malicious code attacks on information technology infrastructures have been on the rise. Prior studies have indicated that these malicious attacks are associated with detrimental economic effects on the attacked firms. On the other hand, we conjecture that more intense malicious attacks boost the stock price of information security firms. Furthermore, we use artificial neural networks and vector autoregression analyses as complementary methods to study the relationship ...
Malicious attacks on enterprise it infrastructures have become a serious threat with the growing ... more Malicious attacks on enterprise it infrastructures have become a serious threat with the growing importance of the Internet. Regulatory frameworks and legislations such as HIPAA (Health Insurance Portability and Accountability Act), GLBA (Gramm-Leach-Bliley Act), and SOX (Sarbanes-Oxley Act) require organizations to implement the necessary safeguards to ensure the confidentiality, integrity, and availability of information. Failure to do so makes them vulnerable to heavy monetary penalties and loss of customer base and goodwill. ...
Abstract With a rich fare of localized content, but limited regional media outlet channels, mobil... more Abstract With a rich fare of localized content, but limited regional media outlet channels, mobile content generates new business opportunities for Media News, a small media company with considerable growth potential. Two business models are considered: partnering with wireless service providers and strategic alliances with mobile content syndicators. First, the models are evaluated based on their resource requirements, market share acquisition, revenue generation, and nature, scope and control of content and ...
In this paper, we develop a decision model of a firm’s optimal strategy for investment in securit... more In this paper, we develop a decision model of a firm’s optimal strategy for investment in security process innovations (SPIs) when confronted with a sequence of malicious attacks. The model incorporates real options as a methodology to capture the flexibility embedded in such investment decisions. SPIs, when seamlessly integrated with the organization’s overall business dynamics, induce organizational learning and provide the flexibility of switching to more suitable technologies as the environment of malicious attacks changes. The theoretical contribution of this paper is a mathematical model of the invest-to-learn and switching options generated upon early investment in flexible SPIs. The practical significance of the paper is the application of a binomial lattice model to approximate the continuous-time model, resulting in an easy to use decision aid for managers.
We propose a Bayesian model of privacy in e-authentication and develop associated entropy-based m... more We propose a Bayesian model of privacy in e-authentication and develop associated entropy-based metrics. A major contribution of this work is the application of weighted entropy to characterize the user’s privacy preferences. Further, we model the effects of side information on privacy and relate it to self-disclosure on Internet web sites and social networks. Specifically, our empirical study of Internet users’ information disclosure habits within social networks along with the theoretical results provide insights into building a regulatory framework to address privacy concerns in e-authentication.
The relationship between technology use and political activism is significant but not as strong. ... more The relationship between technology use and political activism is significant but not as strong. One possible implication of this result, which is also supported by the technology usage results, is that we have yet to fully leverage technologies that may increase involvement in the political process. The results of the study indicate that technology can be utilized to influence political interest and political activism. The fact that it is possible to expand technology use in politics both by fully realizing the use of new technologies and getting more individuals to use this technology indicates that the influence of technology in politics will only increase. It was previously noted that technology can change the means by which freedom of choice is attained and can help reshape the political interests and goals of various parties in a political system. We also believe that the purpose of using technology in the political arena is to inform, involve, and mobilize large groups of people for a particular cause. The same out comes are desired for many other altruistic purposes.
The management of digital identities, despite its potential to generate business value, creates s... more The management of digital identities, despite its potential to generate business value, creates significant engineering challenges for modern firms. In this paper, we first provide an architectural overview of identity and access management (IDAM) technologies along with an analysis of patenting activities to establish that the IDAM market segment dominates the information security sector. An empirical study, based on data pertaining to public firms with a significant share of the IDAM market, shows that regulations and the frequency of malicious attacks are strongly correlated with increasing demand. While demand for identity and access management products has been exponentially increasing, innovation has only been moving at a moderate rate after declining near the end of the market bubble of 2000. The stock market's valuation of IDAM firms, while controlling for overall market conditions, has consequently been fairly static since 2001 and has followed similar trends in other segments of the IT industry. We therefore propose a two-pronged strategy involving: (i) standardization efforts on the engineering front; and (ii) additional regulations to stimulate innovation by IDAM firms.
IEEE Transactions on Knowledge and Data Engineering, 2007
ABSTRACT We consider adaptive index utilization as a fine-grained problem in autonomic databases ... more ABSTRACT We consider adaptive index utilization as a fine-grained problem in autonomic databases in which an existing index is dynamically determined to be used or not in query processing. As a special case, we study this problem for structural joins, the core operator in XML query processing, in the main memory. We find that index utilization is beneficial for structural joins only under certain join selectivity and distribution of matching elements. Therefore, we propose adaptive algorithms to decide whether to use an index probe or a data scan for each step of matching during the processing of a structural join operator. Our adaptive algorithms are based on the history, the look-ahead information, or both. We have developed a cost model to facilitate this adaptation and have conducted experiments with both synthetic and real-world data sets. Our results show that adaptively utilizing indexes in a structural join improves the performance by taking advantage of both sequential scans and index probes
Feature selection is critical to knowledge-based authentication. In this paper, we adopt a wrappe... more Feature selection is critical to knowledge-based authentication. In this paper, we adopt a wrapper method in which the learning machine is a generative probabilistic model, and the objective is to maximize the Kullback–Leibler divergence between the true empirical distribution defined by the legitimate knowledge and the approximating distribution representing an attacking strategy, both in the same feature space. The closed-form solutions to this optimization problem lead to three adaptive algorithms, unified under the principle of maximum entropy. Our experimental results show that the proposed adaptive methods are superior to the commonly used random selection method.
IEEE Transactions on Knowledge and Data Engineering, 2007
Knowledge-based authentication (KBA) has gained prominence as a user authentication method for el... more Knowledge-based authentication (KBA) has gained prominence as a user authentication method for electronic transactions. This paper presents a Bayesian network model of KBA grounded in probabilistic reasoning and information theory. The probabilistic semantics of the model parameters naturally lead to the definitions of two key KBA metrics - guessability and memorability. The statistical modeling approach allows parameter estimation using methods such as the maximum likelihood estimator (MLE). The information-theoretic view helps to derive the closed-form solutions to estimating the guessability and guessing entropy metrics. The results related to KBA metrics and the models under different attacking strategies and factoid distributions are unified under a game-theoretic framework that yields lower and upper bounds of optimal guessability. The paper also proposes a methodology for implementing a Bayesian network-based KBA system. Further, an empirical evaluation of the relative merits of two Bayesian network structures for KBA, the naive Bayes (NB) and the tree augmented naive Bayes (TAN), confirms the hypothesis that the TAN structure is superior in terms of authentication accuracy and error rates. The results of the theoretical analysis and the empirical study provide insights into the KBA design problem and establish a foundation for future research in the KBA area
With the growing importance of Internet-based businesses, malicious code attacks on information t... more With the growing importance of Internet-based businesses, malicious code attacks on information technology infrastructures have been on the rise. Prior studies have indicated that these malicious attacks are associated with detrimental economic effects on the attacked firms. On the other hand, we conjecture that more intense malicious attacks boost the stock price of information security firms. Furthermore, we use artificial neural networks and vector autoregression analyses as complementary methods to study the relationship ...
Malicious attacks on enterprise it infrastructures have become a serious threat with the growing ... more Malicious attacks on enterprise it infrastructures have become a serious threat with the growing importance of the Internet. Regulatory frameworks and legislations such as HIPAA (Health Insurance Portability and Accountability Act), GLBA (Gramm-Leach-Bliley Act), and SOX (Sarbanes-Oxley Act) require organizations to implement the necessary safeguards to ensure the confidentiality, integrity, and availability of information. Failure to do so makes them vulnerable to heavy monetary penalties and loss of customer base and goodwill. ...
Abstract With a rich fare of localized content, but limited regional media outlet channels, mobil... more Abstract With a rich fare of localized content, but limited regional media outlet channels, mobile content generates new business opportunities for Media News, a small media company with considerable growth potential. Two business models are considered: partnering with wireless service providers and strategic alliances with mobile content syndicators. First, the models are evaluated based on their resource requirements, market share acquisition, revenue generation, and nature, scope and control of content and ...
In this paper, we develop a decision model of a firm’s optimal strategy for investment in securit... more In this paper, we develop a decision model of a firm’s optimal strategy for investment in security process innovations (SPIs) when confronted with a sequence of malicious attacks. The model incorporates real options as a methodology to capture the flexibility embedded in such investment decisions. SPIs, when seamlessly integrated with the organization’s overall business dynamics, induce organizational learning and provide the flexibility of switching to more suitable technologies as the environment of malicious attacks changes. The theoretical contribution of this paper is a mathematical model of the invest-to-learn and switching options generated upon early investment in flexible SPIs. The practical significance of the paper is the application of a binomial lattice model to approximate the continuous-time model, resulting in an easy to use decision aid for managers.
We propose a Bayesian model of privacy in e-authentication and develop associated entropy-based m... more We propose a Bayesian model of privacy in e-authentication and develop associated entropy-based metrics. A major contribution of this work is the application of weighted entropy to characterize the user’s privacy preferences. Further, we model the effects of side information on privacy and relate it to self-disclosure on Internet web sites and social networks. Specifically, our empirical study of Internet users’ information disclosure habits within social networks along with the theoretical results provide insights into building a regulatory framework to address privacy concerns in e-authentication.
The relationship between technology use and political activism is significant but not as strong. ... more The relationship between technology use and political activism is significant but not as strong. One possible implication of this result, which is also supported by the technology usage results, is that we have yet to fully leverage technologies that may increase involvement in the political process. The results of the study indicate that technology can be utilized to influence political interest and political activism. The fact that it is possible to expand technology use in politics both by fully realizing the use of new technologies and getting more individuals to use this technology indicates that the influence of technology in politics will only increase. It was previously noted that technology can change the means by which freedom of choice is attained and can help reshape the political interests and goals of various parties in a political system. We also believe that the purpose of using technology in the political arena is to inform, involve, and mobilize large groups of people for a particular cause. The same out comes are desired for many other altruistic purposes.
The management of digital identities, despite its potential to generate business value, creates s... more The management of digital identities, despite its potential to generate business value, creates significant engineering challenges for modern firms. In this paper, we first provide an architectural overview of identity and access management (IDAM) technologies along with an analysis of patenting activities to establish that the IDAM market segment dominates the information security sector. An empirical study, based on data pertaining to public firms with a significant share of the IDAM market, shows that regulations and the frequency of malicious attacks are strongly correlated with increasing demand. While demand for identity and access management products has been exponentially increasing, innovation has only been moving at a moderate rate after declining near the end of the market bubble of 2000. The stock market's valuation of IDAM firms, while controlling for overall market conditions, has consequently been fairly static since 2001 and has followed similar trends in other segments of the IT industry. We therefore propose a two-pronged strategy involving: (i) standardization efforts on the engineering front; and (ii) additional regulations to stimulate innovation by IDAM firms.
Uploads