Abstract
Big Data offers opportunities for in-depth data analytics and advanced personalized services. Yet, while valuable, data analytics might rely on data that should not have been used due to, e.g., privacy constraints from the data subject or regulations. As decision makers and data controllers often act outside any control mechanism and with no requirement of transparency, it is challenging to verify whether constraints on data usage are actually satisfied. In this work, we relate the problem of finding evidence of data misuse to the identification of unique decision rules, i.e. rules that have likely been used for decision making. Accordingly, we propose an approach to find reliable evidence of data misuse in the context of classification problems using association rule mining, along with novel metrics to assess the level of redundancy among decision rules. Our proposed approach is able to identify the use of sensitive information in decisional processes along with their context. We evaluated our approach through both controlled experiments and two case studies using real-life event data. The results show that our approach finds more reliable evidence of data misuse compared to previous work.
Original language | English |
---|---|
Article number | 101577 |
Number of pages | 17 |
Journal | Computers and Security |
Volume | 87 |
DOIs | |
Publication status | Published - 1 Nov 2019 |
Funding
This work is partially supported by the ITEA2 project M2MGrids (13011). Laura Genga received her Ph.D. degree in science of engineering at the Università Politecnica delle Marche, Italy, in 2016. She is an assistant professor in the Information Systems Group at the Eindhoven University of Technology, the Netherlands. Her research interests include data mining, business process analysis, compliance checking, and anomaly detection. Nicola Zannone received his Ph.D. degree in computer science at the University of Trento, Italy, in 2007. He is an associate professor in the Security Group at the Eindhoven University of Technology, the Netherlands. His research interests include computer security, data protection, access control and formal methods. Anna Squicciarini is an associate professor in the College of Information Sciences and Technology at the Pennsylvania State University. Squicciarinis main research interests include data and application security, with emphasis on access control for modern IT ecosystems (cloud computing, Web 2.0, smart networks). Currently, she is exploring security issues in the context of social networks and is developing analytical models for online deception and deviance. Dr. Squicciarinis work has resulted in over 80 academic publications at selective conferences and academic journals. Her research has been supported by National Science Foundation, Department of Defense, and various Industry grants.
Keywords
- Classification rules
- Data mining
- Data misuse detection
- Redundancy reduction
- Rule evaluation