Statistical and fuzzy approach for database security

A new type of database anomaly is described by addressing the concept of Cumulated Anomaly in this paper. Dubiety-Determining Model (DDM), which is a detection model basing on statistical and fuzzy set theories for Cumulated Anomaly, is proposed. DDM can measure the dubiety degree of each database transaction quantitatively. Software system architecture to support the DDM for monitoring database transactions is designed. We also implemented the system and tested it. Our experimental results show that the DDM method is feasible and effective

Statistical Security of a Statistical Data Base

This paper proposes a statistical perturbation scheme to protect a statistical database against compromise. The proposed scheme can handle the security of numerical as well as non-numerical sensitive fields or a combination of fields. Furthermore, knowledge of some records in a database does not help to compromise unknown records. We use Chebychev's inequality to analyze the tradeoffs between the magnitude of the perturbations, the error incurred by statistical queries and the size of the query set to which they apply. We show that if the statistician is given absolute error guarantees, then a compromise is possible but the cost is made exponential in the size of the database

Taxes in Europe Database

The Taxes in Europe database is the European Commission's on-line information tool covering the main taxes in force in the EU Member States. Access is free for all users. The system contains information on around 650 taxes, as provided to the European Commission by the national authorities. The "Taxes in Europe" database contains, for each individual tax, information on its legal basis, assessment base, main exemptions, applicable rate(s), economic and statistical classification, as well as the revenue generated by it. The information is listed in the form of a downloadable file. The "Taxes in Europe" database is not meant to constitute a reference for legal purposes. The "Taxes in Europe" database covers the following types of taxes: All main taxes in revenue terms. These include notably personal income taxes, corporate income taxes, value added taxes, excise duties; The main social security contributions. A list of minor taxes yielding less than 0.1% of GDP (not covered by the database) can be found here. The database does NOT cover information on Customs duties and tariffs. This type of information can be found in the customs tariff database TARIC.European Union, taxation, database

How (Not) to Index Order Revealing Encrypted Databases

Order Reveling Encryption (ORE) enables efficient range queries on encrypted databases, but may leak information that could be exploited by inference attacks. State-of-the-art ORE schemes claim different security guarantees depending on the adversary attack surface. Intuitively, online adversaries who access the database server at runtime may access information leakage; offline adversaries who access only a snapshot of the database data should not be able to gain useful information. We focus on offline security of the ORE scheme proposed by Lewi and Wu (LW-ORE, CCS 2016), which guarantees semantic security of ciphertexts stored in the database, but requires that ciphertexts are maintained sorted with regard to the corresponding plaintexts to support sublinear time queries. The design of LW-ORE does not discuss how to build indexing data structures to maintain sorting. The risk is that practitioners consider indexes as a technicality whose design does not affect security. We show that indexes can affect offline security of LW-ORE because they may leak duplicate plaintext values, and statistical information on plaintexts distribution and on transactions history. As a real-world demonstration, we found two open source implementations related to academic research (JISA 2018, VLDB 2019), and both adopt standard search trees which may introduce such vulnerabilities. We discuss necessary conditions for indexing data structures to be secure for ORE databases, and we outline practical solutions. Our analyses could represent an insightful lesson in the context of security failures due to gaps between theoretical modeling and actual implementation, and may also apply to other cryptographic techniques for securing outsourced databases

Detection of denial of service attacks using database queries

In the current intrusion detection world, most intrusion detection systems output data into flat files. This project was conducted in order to improve intrusion detection data and alerts by writing them into a database system and analyzing them with SQL. A database plug-in was developed that helps to transition the data from an intrusion detection system to a database. Storing, analyzing, categorizing, and accessing data are major advantages and reasons for using databases in intrusion detection. Security analysts have to constantly perform the difficult task of sorting through a haystack of attack alerts, many of which turn out to be inaccurate. It is possible to make the job of managing these alerts, analyzing data with high precision, and searching for attacks or intrusions easier by using SQL based analysis. In addition, a statistical analysis was conducted and proved that such a method can be effective in detecting intrusions and increasing the security of the network

Terahertz Security Image Quality Assessment by No-reference Model Observers

To provide the possibility of developing objective image quality assessment (IQA) algorithms for THz security images, we constructed the THz security image database (THSID) including a total of 181 THz security images with the resolution of 127*380. The main distortion types in THz security images were first analyzed for the design of subjective evaluation criteria to acquire the mean opinion scores. Subsequently, the existing no-reference IQA algorithms, which were 5 opinion-aware approaches viz., NFERM, GMLF, DIIVINE, BRISQUE and BLIINDS2, and 8 opinion-unaware approaches viz., QAC, SISBLIM, NIQE, FISBLIM, CPBD, S3 and Fish_bb, were executed for the evaluation of the THz security image quality. The statistical results demonstrated the superiority of Fish_bb over the other testing IQA approaches for assessing the THz image quality with PLCC (SROCC) values of 0.8925 (-0.8706), and with RMSE value of 0.3993. The linear regression analysis and Bland-Altman plot further verified that the Fish__bb could substitute for the subjective IQA. Nonetheless, for the classification of THz security images, we tended to use S3 as a criterion for ranking THz security image grades because of the relatively low false positive rate in classifying bad THz image quality into acceptable category (24.69%). Interestingly, due to the specific property of THz image, the average pixel intensity gave the best performance than the above complicated IQA algorithms, with the PLCC, SROCC and RMSE of 0.9001, -0.8800 and 0.3857, respectively. This study will help the users such as researchers or security staffs to obtain the THz security images of good quality. Currently, our research group is attempting to make this research more comprehensive.Comment: 13 pages, 8 figures, 4 table

Food Reserve Stocks and Critical Food Shortages - a Proposal Based on the Needs of Sub-Saharan Africa

This working paper examines the food security policy, where food security means ensuring an adequate supply of food for hungry people. In particular, the recommendations of FAO are being used as a measuring rod against which food security policies are assessed. By means of FAO's database a statistical analysis of all Sub-Saharan Africa countries with respect to measuring the incidence and severity of critical food shortages are carried out. Stock policies seem to have been the answer when issues of ensuring adequate supplies have surfaced. In the paper, an estimate of the costs of keeping stocks is provided, and the costs are quite staggering. Based on the statistical analysis an estimate of the number and volume of acute food shortages per year in Sub-Saharan Africa is achieved. Upon this number a much cheaper alternative to keeping stocks for security purposes is proposed. It is proposed that a financial fund is set up with the sole purpose of purchasing grains on the open market when acute food shortages occur. In order for the fund to achieve its goals it must be completely independent of politics, and the financing and replenishing of the fund must be automatic. The advantages are that a lot of costs are saved which could be used to improve food security policies in developing countries. Furthermore, the supply of food aid is done via a global fund, and is not the result of political considerations in donor (big exporting) countries. The reservations voiced by some developing countries that further liberalisations in agricultural policies in the WTO round of negotiations could jeopardise food security is answered by this fund. Liberalisations of agricultural policies may lead to lower food stocks in the big exporting countries, but the proposed financial fund does not rely on such stocks. It is found that the purchases the fund would have to conduct only comprise a small fraction of the world trade in cereals.Food, stocks, shortages, uncertainty, Sub-Saharan Africa, Food Security and Poverty,

Establishing an Internet Based Paediatric Cancer Registration and Communication System for the Hungarian Paediatric Oncology Network

Cancer registration has developed in Europe over the last 50 years, and in the last decade intensive joint activities between the European Cancer Registries, in response to the need of pan-European harmonization of registration practices, have taken place. The Hungarian Paediatric Cancer Registry has been functioning as the database of the Hungarian Paediatric Oncology Network since 1971, aiming to follow the incidence and the treatment efficacy of malignant diseases.The goals of this globally unique open source information system are the following: 1) to raise the quality of the registration system to the European level by developing an Internet-based registration and communication system, modernizing the database, establishing automatic statistical analyses and adding an Internet website, 2) to support clinical epidemiological studies that we conduct with international collaborators on detailed analyses of the characteristics of patients and their diseases, evaluation of new diagnostic and therapeutic methods, prevention programs, and long-term quality of life and side effects.The benefits of the development of the Internet-based registration and communication system are as follows: a) introduction of an Internet-based case reporting system, b) modernization of the registry database according to international recommendations, c) automatic statistical summaries, encrypted mail systems, document repository, d) application of data security and privacy standards, e) establishment of a website and compilation of educational materials.The overall objective of this scientific project is to contribute towards the improvement of cancer prevention and cancer care for the benefit of the public in general and of cancer patients in particular

Private Information Retrieval with Sublinear Online Time

We present the first protocols for private information retrieval that allow fast (sublinear-time) database lookups without increasing the server-side storage requirements. To achieve these efficiency goals, our protocols work in an offline/online model. In an offline phase, which takes place before the client has decided which database bit it wants to read, the client fetches a short string from the servers. In a subsequent online phase, the client can privately retrieve its desired bit of the database by making a second query to the servers. By pushing the bulk of the server-side computation into the offline phase (which is independent of the client\u27s query), our protocols allow the online phase to complete very quickly—in time sublinear in the size of the database. Our protocols can provide statistical security in the two-server setting and computational security in the single-server setting. Finally, we prove that, in this model, our protocols are optimal in terms of the trade-off they achieve between communication and running time