HengHa

Data harvesting detection on hidden databases

Shiyuan Wang, Divyakant Agrawal, Amr El Abbadi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Citations (Scopus)

Abstract

The back-end databases of web-based applications are a major data security concern to enterprises. The problem becomes more critical with the proliferation of enterprise hosted web applications in the cloud. While prior work has concentrated on malicious attacks that try to break into the database using vulnerabilities of web applications, little work has focused on the threat of data harvesting through web form interfaces, in which large collections of the underlying data can be harvested and sensitive information can be learnt by iteratively submitting legitimate queries and analyzing the returned results for designing new queries. To defend against data harvesting without compromising usability, we consider a detection approach. We summarize the characteristics of data harvesting, and propose the notions of query correlation and result coverage for data harvesting detection. We design a detection system called HengHa, in which Heng examines the correlation among queries in a session, and Ha evaluates the data coverage of the results of queries in the same session. The experimental results verify the effectiveness and efficiency of HengHa for data harvesting detection.

Original languageEnglish
Title of host publicationProceedings of the ACM Conference on Computer and Communications Security
Pages59-64
Number of pages6
DOIs
Publication statusPublished - 20 Dec 2010
Externally publishedYes
Event2010 ACM Workshop on Cloud Computing Security Workshop, CCSW '10, Co-located with CCS'10 - Chicago, IL, United States
Duration: 4 Oct 20108 Oct 2010

Other

Other2010 ACM Workshop on Cloud Computing Security Workshop, CCSW '10, Co-located with CCS'10
CountryUnited States
CityChicago, IL
Period4/10/108/10/10

Fingerprint

Security of data
Industry

Keywords

  • Security

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Cite this

Wang, S., Agrawal, D., & Abbadi, A. E. (2010). HengHa: Data harvesting detection on hidden databases. In Proceedings of the ACM Conference on Computer and Communications Security (pp. 59-64) https://doi.org/10.1145/1866835.1866847

HengHa : Data harvesting detection on hidden databases. / Wang, Shiyuan; Agrawal, Divyakant; Abbadi, Amr El.

Proceedings of the ACM Conference on Computer and Communications Security. 2010. p. 59-64.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Wang, S, Agrawal, D & Abbadi, AE 2010, HengHa: Data harvesting detection on hidden databases. in Proceedings of the ACM Conference on Computer and Communications Security. pp. 59-64, 2010 ACM Workshop on Cloud Computing Security Workshop, CCSW '10, Co-located with CCS'10, Chicago, IL, United States, 4/10/10. https://doi.org/10.1145/1866835.1866847
Wang S, Agrawal D, Abbadi AE. HengHa: Data harvesting detection on hidden databases. In Proceedings of the ACM Conference on Computer and Communications Security. 2010. p. 59-64 https://doi.org/10.1145/1866835.1866847
Wang, Shiyuan ; Agrawal, Divyakant ; Abbadi, Amr El. / HengHa : Data harvesting detection on hidden databases. Proceedings of the ACM Conference on Computer and Communications Security. 2010. pp. 59-64
@inproceedings{70a2d77a4a1c4776b454a7c27a37293a,
title = "HengHa: Data harvesting detection on hidden databases",
abstract = "The back-end databases of web-based applications are a major data security concern to enterprises. The problem becomes more critical with the proliferation of enterprise hosted web applications in the cloud. While prior work has concentrated on malicious attacks that try to break into the database using vulnerabilities of web applications, little work has focused on the threat of data harvesting through web form interfaces, in which large collections of the underlying data can be harvested and sensitive information can be learnt by iteratively submitting legitimate queries and analyzing the returned results for designing new queries. To defend against data harvesting without compromising usability, we consider a detection approach. We summarize the characteristics of data harvesting, and propose the notions of query correlation and result coverage for data harvesting detection. We design a detection system called HengHa, in which Heng examines the correlation among queries in a session, and Ha evaluates the data coverage of the results of queries in the same session. The experimental results verify the effectiveness and efficiency of HengHa for data harvesting detection.",
keywords = "Security",
author = "Shiyuan Wang and Divyakant Agrawal and Abbadi, {Amr El}",
year = "2010",
month = "12",
day = "20",
doi = "10.1145/1866835.1866847",
language = "English",
isbn = "9781450300896",
pages = "59--64",
booktitle = "Proceedings of the ACM Conference on Computer and Communications Security",

}

TY - GEN

T1 - HengHa

T2 - Data harvesting detection on hidden databases

AU - Wang, Shiyuan

AU - Agrawal, Divyakant

AU - Abbadi, Amr El

PY - 2010/12/20

Y1 - 2010/12/20

N2 - The back-end databases of web-based applications are a major data security concern to enterprises. The problem becomes more critical with the proliferation of enterprise hosted web applications in the cloud. While prior work has concentrated on malicious attacks that try to break into the database using vulnerabilities of web applications, little work has focused on the threat of data harvesting through web form interfaces, in which large collections of the underlying data can be harvested and sensitive information can be learnt by iteratively submitting legitimate queries and analyzing the returned results for designing new queries. To defend against data harvesting without compromising usability, we consider a detection approach. We summarize the characteristics of data harvesting, and propose the notions of query correlation and result coverage for data harvesting detection. We design a detection system called HengHa, in which Heng examines the correlation among queries in a session, and Ha evaluates the data coverage of the results of queries in the same session. The experimental results verify the effectiveness and efficiency of HengHa for data harvesting detection.

AB - The back-end databases of web-based applications are a major data security concern to enterprises. The problem becomes more critical with the proliferation of enterprise hosted web applications in the cloud. While prior work has concentrated on malicious attacks that try to break into the database using vulnerabilities of web applications, little work has focused on the threat of data harvesting through web form interfaces, in which large collections of the underlying data can be harvested and sensitive information can be learnt by iteratively submitting legitimate queries and analyzing the returned results for designing new queries. To defend against data harvesting without compromising usability, we consider a detection approach. We summarize the characteristics of data harvesting, and propose the notions of query correlation and result coverage for data harvesting detection. We design a detection system called HengHa, in which Heng examines the correlation among queries in a session, and Ha evaluates the data coverage of the results of queries in the same session. The experimental results verify the effectiveness and efficiency of HengHa for data harvesting detection.

KW - Security

UR - http://www.scopus.com/inward/record.url?scp=78650119933&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=78650119933&partnerID=8YFLogxK

U2 - 10.1145/1866835.1866847

DO - 10.1145/1866835.1866847

M3 - Conference contribution

SN - 9781450300896

SP - 59

EP - 64

BT - Proceedings of the ACM Conference on Computer and Communications Security

ER -