Toward Deep Learning Based Access Control

Nobi, Mohammad Nur; Krishnan, Ram; Huang, Yufei; Shakarami, Mehrnoosh; Sandhu, Ravi

doi:10.1145/3508398.3511497

Cited by 31 publications

(20 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In addition, [8] points out that these methods do not offer convergence on large datasets. Some authors have employed nonsymbolic classifiers such as support vector machines (SVMs) [11] and neural networks [18] for mining large datasets, but they are difficult to train when categorical values of logs are anonymized and granted entries outnumber the denied ones.…”

Section: Abac Rule Extractionmentioning

confidence: 99%

ABAC Policy Mining through Affiliation Networks and Biclique Analysis

Perez-Haro,

Diaz-Perez

2024

Information

View full text Add to dashboard Cite

Policy mining is an automated procedure for generating access rules by means of mining patterns from single permissions, which are typically registered in access logs. Attribute-based access control (ABAC) is a model which allows security administrators to create a set of rules, known as the access control policy, to restrict access in information systems by means of logical expressions defined through the attribute–values of three types of entities: users, resources, and environmental conditions. The application of policy mining in large-scale systems oriented towards ABAC is a must because it is not workable to create rules by hand when the system requires the management of thousands of users and resources. In the literature on ABAC policy mining, current solutions follow a frequency-based strategy to extract rules; the problem with that approach is that selecting a high-frequency support leaves many resources without rules (especially those with few requesters), and a low support leads to the rule explosion of unreliable rules. Another challenge is the difficulty of collecting a set of test examples for correctness evaluation, since the classes of user–resource pairs available in logs are imbalanced. Moreover, alternative evaluation criteria for correctness, such as peculiarity and diversity, have not been explored for ABAC policy mining. To address these challenges, we propose the modeling of access logs as affiliation networks for applying network and biclique analysis techniques (1) to extract ABAC rules supported by graph patterns without a frequency threshold, (2) to generate synthetic examples for correctness evaluation, and (3) to create alternative evaluation measures to correctness. We discovered that the rules extracted through our strategy can cover more resources than the frequency-based strategy and perform this without rule explosion; moreover, our synthetics are useful for increasing the certainty level of correctness results. Finally, our alternative measures offer a wider evaluation profile for policy mining.

show abstract

Section: Abac Rule Extractionmentioning

confidence: 99%

ABAC Policy Mining through Affiliation Networks and Biclique Analysis

Perez-Haro,

Diaz-Perez

2024

Information

View full text Add to dashboard Cite

show abstract

“…Similarly to BC, DRL has experienced exponential growth in the last decade [20,21], and there is currently strong interest in exploring the use of DRL to improve SC network performance (Table 1) [22][23][24][25][26]; however, [22] is the only work reported in the literature that introduces a distributed collaborative dynamic access control scheme utilizing DRL, and redefining network security architecture by combining anomaly detection, dynamic updates to user trust profiles, and collaborative adjustments for mitigation policies, to the best of authors knowledge. This scheme addresses the escalating challenge of insider threats in network security.…”

Section: Related Workmentioning

confidence: 99%

Blockchain-Based Zero Trust Supply Chain Security Integrated with Deep Reinforcement Learning

Ismail,

Moudoud,

Dawoud

et al. 2024

Preprint

View full text Add to dashboard Cite

The modern supply chain (SC) is growing in terms of data, devices, users, and stakeholders, which introduced new security challenges and threats, especially with the reliance on centralized servers or cloud platforms. In addition, increased trust among system participants exposes the SC to a higher risk of vulnerabilities which require strong security measures. This article proposes a hybrid security framework for SC systems, BC-DRLzSC, that integrates Blockchain (BC) and Deep Reinforcement Learning (DRL) designed to operate in a zero trust (ZT) environment. In particular, we propose a decentralized BC-based approach integrated with smart contracts to manage system participant registration and authentication and to control access to system resources. BC-DRLzSC adopts a ZT architecture to reinforce SC security, which can be achieved with an advocate to verify each entity’s trustworthiness before granting or retaining access to system resources. Incorporating the ZT architecture, with BC and DRL, can potentially and significantly bolster SC system security. DRL is employed to develop a proactive attack detection model that continuously monitors the incoming traffic from authenticated nodes within the network and predicts any malicious actions. Finally, we evaluate the performance of our proposed DRL solution using the NSL-KDD dataset.

show abstract

“…The main contributions of this paper are as follows: Introduction of federated learning into ACP recognition technology, constructing a privacy-preserving authorized ACP recognition framework. Enhancement of ACP recognition capability in a distributed environment by incorporating pre-trained word embeddings from Natural Language Processing (NLP) [ 17 ] into federated learning. Experimental results validate the effectiveness of the proposed model in significantly improving the accuracy of authorized ACP recognition while ensuring data privacy and security.…”

Section: Introductionmentioning

confidence: 99%

“…Enhancement of ACP recognition capability in a distributed environment by incorporating pre-trained word embeddings from Natural Language Processing (NLP) [ 17 ] into federated learning.…”

Section: Introductionmentioning

confidence: 99%

Statement Recognition of Access Control Policies in IoT Networks

Ma,

Yang,

et al. 2023

Sensors

View full text Add to dashboard Cite

Access Control Policies (ACPs) are essential for ensuring secure and authorized access to resources in IoT networks. Recognizing these policies involves identifying relevant statements within project documents expressed in natural language. While current research focuses on improving recognition accuracy through algorithm enhancements, the challenge of limited labeled data from individual clients is often overlooked, which impedes the training of highly accurate models. To address this issue and harness the potential of IoT networks, this paper presents FL-Bert-BiLSTM, a novel model that combines federated learning and pre-trained word embedding techniques for access control policy recognition. By leveraging the capabilities of IoT networks, the proposed model enables real-time and distributed training on IoT devices, effectively mitigating the scarcity of labeled data and enhancing accessibility for IoT applications. Additionally, the model incorporates pre-trained word embeddings to leverage the semantic information embedded in textual data, resulting in improved accuracy for access control policy recognition. Experimental results substantiate that the proposed model not only enhances accuracy and generalization capability but also preserves data privacy, making it well-suited for secure and efficient access control in IoT networks.

show abstract

Toward Deep Learning Based Access Control

Cited by 31 publications

References 18 publications

ABAC Policy Mining through Affiliation Networks and Biclique Analysis

ABAC Policy Mining through Affiliation Networks and Biclique Analysis

Blockchain-Based Zero Trust Supply Chain Security Integrated with Deep Reinforcement Learning

Statement Recognition of Access Control Policies in IoT Networks

Contact Info

Product

Resources

About