Conference Paper

Methodologies for Detecting Covert Database

Center for Inf. Security Technol., Korea Univ., Seoul;
DOI: 10.1109/IIH-MSP.2008.258 Conference: Intelligent Information Hiding and Multimedia Signal Processing, 2008. IIHMSP '08 International Conference on
Source: IEEE Xplore

ABSTRACT Forensic accounting has recently gained great attention in the accounting and computer forensic fields since government regulations such as Health Insurance Portability and accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), sarbanes-oxley Act~cite{b1} (SOX) were introduced in the United States. Although these regulations force corporations to provide financial transparency, they still commit accounting frauds such as slush fund or tax evasion. moreover, companies have substituted paper-work with IT systems such as DBMS (database management system), EDMS (electronic document management system), and ERP (Enterprise Resource Planning) system. Since the majority of corporations use DBMS we should focus our attention on discovering financial information in a database server. However, frauds are difficult to observe and detect because the perpetrators did their best to conceal their fraudulent activities. In particular, we need to consider the case of a covert database server. This paper proposes a methodology for detecting covert database server, which would be helpful for forensic investigators. Therefore, we describe an example of covert database server and suggest several detection techniques. Finally, we provide our methodology according to classification of investigation cooperation.

  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: We discuss malicious interference based denial of service (DoS) attacks in multi-band covert timing networks using an adversarial game theoretic approach. A covert timing network operating on a set of multiple spectrum bands is considered. Each band has an associated utility which represents the critical nature of the covert data transmitted in the band. A malicious attacker wishes to cause a DoS attack by sensing and creating malicious interference on some or all of the bands. The covert timing network deploys camouflaging resources to appropriately defend the spectrum bands. A two tier game theoretic approach is proposed to model this scenario. The first tier of the game is the sensing game in which, the covert timing network determines the amount of camouflaging resources to be deployed in each band and the malicious attacker determines the optimal sensing resources to be deployed in each band. In the second tier of the game, the malicious attacker determines the optimal transmit powers on each spectral band it chooses to attack. We prove the existence of Nash equilibriums for the games. We compare the performance of our proposed game theoretic mechanism with that of other well known heuristic mechanisms and demonstrate the effectiveness of the proposed approach.
    INFOCOM, 2010 Proceedings IEEE; 04/2010
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: In this paper, we study tactical covert timing networks with dynamic spectrum access ca-pability amidst adversaries. We present a two-tier game framework to model the attack-defense scenario. There are very few studies available in the literature on covert timing channels with multiple parallel transmissions. This paper presents a new paradigm com-bining the time diversity provided by covert timing channels and frequency diversity pro-vided by dynamic spectrum switching, to combat jamming. The dynamic sensing of different spectrum bands and subsequent jamming by the attacker, and the camouflaging defense by the covert network are modeled as a two-tier game. We present a dynamic minimax camou-flaging strategy for the covert network and sensing and jamming strategies for the attacker. We compare the performance of our proposed equilibrium strategies with that of other well known strategies and demonstrate the effectiveness of our proposed solution. We use theo-retical analysis, simulations and testbed experiments to illustrate our ideas.
    Mobile Computing and Communications Review. 01/2009; 13.
  • [Show abstract] [Hide abstract]
    ABSTRACT: Many companies produce public financial statements as part of their annual accounts. These financial statements are audited by the Financial Supervisory Service (FSS) in Korea to identify their financial transparency (1). However, even if financial risk has been evaluated using fraud symptom analysis, fraudulent acts committed by fabricating financial statements and transactions may lead to creative accounting. The adverse impact of financial fraud is rapidly increasing worldwide; it affects both individuals and national economic systems. For example, fraudulent companies may be unable to raise funds; in the worst case, they may go into bankruptcy. Generally, the financial accounts of companies exist as digital accounting data in computer system. Database systems efficiently manage this digital data. Therefore, we are conducting research on digital forensic accounting to detect fraud factors in financial transactions. In this paper, we suggest methodologies for forensic accounting investigation. We explain the process and cycle of financial fraud investigation. We also propose forensic accounting techniques that can detected the fraud factors. The techniques are representatively included in a covert resource detection system. This uses financial and business data extraction techniques in the company's server, a data acquisition tool in an external file server, a forensic accounting tool to detect financial fraud factors.