# To Warn or Not to Warn: Online Signaling in Audit Games

**Authors:** Chao Yan, Haifeng Xu, Yevgeniy Vorobeychik, Bo Li, Daniel Fabbri,, Bradley Malin

arXiv: 1905.06946 · 2019-10-23

## TL;DR

This paper introduces a formal game-theoretic model called Signaling Audit Game (SAG) to optimize online warnings in data access auditing, improving detection efficiency and utility over traditional methods.

## Contribution

It formalizes the signaling auditing problem as a Stackelberg game and provides a scalable solution to enhance audit effectiveness and strategic warning presentation.

## Key findings

- SAG achieves higher utility for auditors compared to baseline methods.
- Strategic signaling significantly improves detection and auditing efficiency.
- The model's equilibria demonstrate the value of real-time warnings in audit games.

## Abstract

Routine operational use of sensitive data is often governed by law and regulation. For instance, in the medical domain, there are various statues at the state and federal level that dictate who is permitted to work with patients' records and under what conditions. To screen for potential privacy breaches, logging systems are usually deployed to trigger alerts whenever suspicious access is detected. However, such mechanisms are often inefficient because 1) the vast majority of triggered alerts are false positives, 2) small budgets make it unlikely that a real attack will be detected, and 3) attackers can behave strategically, such that traditional auditing mechanisms cannot easily catch them. To improve efficiency, information systems may invoke signaling, so that whenever a suspicious access request occurs, the system can, in real time, warn the user that the access may be audited. Then, at the close of a finite period, a selected subset of suspicious accesses are audited. This gives rise to an online problem in which one needs to determine 1) whether a warning should be triggered and 2) the likelihood that the data request event will be audited. In this paper, we formalize this auditing problem as a Signaling Audit Game (SAG), in which we model the interactions between an auditor and an attacker in the context of signaling and the usability cost is represented as a factor of the auditor's payoff. We study the properties of its Stackelberg equilibria and develop a scalable approach to compute its solution. We show that a strategic presentation of warnings adds value in that SAGs realize significantly higher utility for the auditor than systems without signaling. We illustrate the value of the proposed auditing model and the consistency of its advantages over existing baseline methods.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1905.06946/full.md

## Figures

24 figures with captions in the complete paper: https://tomesphere.com/paper/1905.06946/full.md

## References

34 references — full list in the complete paper: https://tomesphere.com/paper/1905.06946/full.md

---
Source: https://tomesphere.com/paper/1905.06946