Skip to main content
SpringerLink
Log in

Bio-inspired Approach to Thwart Against Insider Threats: An Access Control Policy Regulation Framework

  • Conference paper
  • First Online:
Bio-inspired Information and Communication Technologies (BICT 2019)

Included in the following conference series:

Abstract

With the ever increasing number of insider attacks (data breaches) and security incidents it is evident that the traditional manual and standalone access control models for cyber-security are unable to defend complex and large organizations. The new access control models must focus on auto-resiliency, integration and fast response-time to timely react against insider attacks. To meet these objectives, even after decades of development of cyber-security systems, there still exist inherent limitations (i.e., understanding of behavioral anomalies) in current cyber-security architecture that allow adversaries to not only plan and launch attacks effectively but also learn and evade detection easily. In this research we propose a bio-inspired integrated access control policy regulation framework which not only allows us to understand anomalous behavior of an insider but also provides theoretical background to link behavioral anomalies to the access control regulation. To demonstrate the effectiveness of our proposed framework we use real-life threat dataset for the evaluation purposes.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. IBM QRadar, SIEM

    Google Scholar 

  2. www.dropbox.com/s/rerwekvuji12icm/logon_hotencoded_cleaned_data.csv?dl=0

  3. Access risk management. Technical report (2012)

    Google Scholar 

  4. Application access controls Governor. Technical report (2012)

    Google Scholar 

  5. Identity and access Governance. Technical report (2012)

    Google Scholar 

  6. Resource access control facility (RACF). Technical report (2012)

    Google Scholar 

  7. CERT threat test dataset. CERT (2016)

    Google Scholar 

  8. Defending against the wrong enemy. Technical report, SANS Insider Threat Survey (2017)

    Google Scholar 

  9. Insider threat report. Technical report, CA Technologies (2018)

    Google Scholar 

  10. McCormac, A., Parsons, K., Butavicius, M.: Preventing and profiling malicious insider attacks. Technical report, Defense Science and Technology Organization, April 2012

    Google Scholar 

  11. Agrafiotis, I., Erola, A., Goldsmith, M., Creese, S.: A tripwire grammar for insider threat detection. In: Proceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats, MIST 2016, pp. 105–108. ACM (2016)

    Google Scholar 

  12. Aziz, B., Foley, S.N., Herbert, J., Swart, G.: Reconfiguring role based access control policies using risk semantics. J. High Speed Netw. 15(3), 261–273 (2006)

    Google Scholar 

  13. Bishop, M., et al.: Insider threat identification by process analysis. In: 2014 IEEE Security and Privacy Workshops, pp. 251–264, May 2014

    Google Scholar 

  14. Biskup, J.: History-dependent inference control of queries by dynamic policy adaption. In: Li, Y. (ed.) DBSec 2011. LNCS, vol. 6818, pp. 106–121. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22348-8_10

    Chapter  Google Scholar 

  15. Brdiczka, O., et al.: Proactive insider threat detection through graph learning and psychological context. In: 2012 IEEE Symposium on Security and Privacy Workshops (SPW), pp. 142–149 (2012)

    Google Scholar 

  16. Cappelli, D.M., Moore, A.P., Trzeciak, R.F.: The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud). Addison-Wesley, Boston (2012)

    Google Scholar 

  17. Chakraborty, S., Ray, I.: TrustBAC: integrating trust relationships into the RBAC model for access control in open systems. In: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies, SACMAT 2006, New York, NY, USA, pp. 49–58. ACM (2006)

    Google Scholar 

  18. Chen, L., Crampton, J.: Risk-aware role-based access control. In: Meadows, C., Fernandez-Gago, C. (eds.) STM 2011. LNCS, vol. 7170, pp. 140–156. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29963-6_11

    Chapter  Google Scholar 

  19. Chen, T., Kammüller, F., Nemli, I., Probst, C.W.: A probabilistic analysis framework for malicious insider threats. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2015. LNCS, vol. 9190, pp. 178–189. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-20376-8_16

    Chapter  Google Scholar 

  20. Davidson, E.H., Erwin, D.H.: Gene regulatory networks and the evolution of animal body plans. Science 311(5762), 796–800 (2006)

    Article  Google Scholar 

  21. Davis, M., Putnam, H.: A computing procedure for quantification theory. J. ACM 7(3), 201–215 (1960)

    Article  MathSciNet  Google Scholar 

  22. de Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78800-3_24

    Chapter  Google Scholar 

  23. Dimmock, N., Belokosztolszki, A., Eyers, D., Bacon, J., Moody, K.: Using trust and risk in role-based access control policies. In: Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies, SACMAT 2004, New York, NY, USA, pp. 156–162. ACM (2004)

    Google Scholar 

  24. Dressler, F.: Self-organized network security facilities based on bio-inspired promoters and inhibitors. In: Dressler, F., Carreras, I. (eds.) Advances in Biologically Inspired Information Systems, pp. 81–98. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-72693-7_5

    Chapter  Google Scholar 

  25. Feng, F., Lin, C., Peng, D., Li, J.: A trust and context based access control model for distributed systems. In: 2008 10th IEEE International Conference on High Performance Computing and Communications, pp. 629–634, September 2008

    Google Scholar 

  26. Gheyas, I.A., Abdallah, A.E.: Detection and prediction of insider threats to cyber security: a systematic literature review and meta-analysis. Big Data Anal. 1(1), 6 (2016)

    Article  Google Scholar 

  27. Glasser, J., Lindauer, B. : Bridging the gap: a pragmatic approach to generating insider threat data. In: 2013 IEEE Security and Privacy Workshops, pp. 98–104, May 2013

    Google Scholar 

  28. Legg, P.A., Buckley, O., Goldsmith, M., Creese, S.: Automated insider threat detection system using user and role-based profile assessment. IEEE Syst. J. 11(2), 503–512 (2017)

    Article  Google Scholar 

  29. Ma, J., Adi, K., Mejri, M., Logrippo, L.: Risk analysis in access control systems. In: 2010 Eighth International Conference on Privacy, Security and Trust, pp. 160–166, Aug 2010

    Google Scholar 

  30. Nissanke, N., Khayat, E.J.: Risk based security analysis of permissions in RBAC. In: WOSIS (2004)

    Google Scholar 

  31. Nurse, J.R.C., et al.: Understanding insider threat: a framework for characterising attacks. In: 2014 IEEE Security and Privacy Workshops, pp. 214–228, May 2014

    Google Scholar 

  32. Zhang, R., Chen, X., Shi, J., Xu, F., Pu, Y.: Detecting insider threat based on document access behavior analysis. In: Han, W., Huang, Z., Hu, C., Zhang, H., Guo, L. (eds.) APWeb 2014. LNCS, vol. 8710, pp. 376–387. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11119-3_35

    Chapter  Google Scholar 

  33. Rashid, T., Agrafiotis, I., Nurse, J.R.C.: A new take on detecting insider threats: exploring the use of hidden markov models. In: Proceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats, MIST 2016, New York, NY, USA, pp. 47–56. ACM (2016)

    Google Scholar 

  34. Rauf, U.: A taxonomy of bio-inspired cyber security approaches: existing techniques and future directions. Arab. J. Sci. Eng. 43, 6693–6708 (2018)

    Article  Google Scholar 

  35. Salim, F., Reid, J., Dawson, E., Dulleck, U.: An approach to access control under uncertainty. In: 2011 Sixth International Conference on Availability, Reliability and Security, pp. 1–8, August 2011

    Google Scholar 

  36. Song, Y., Salem, M.B., Hershkop, S., Stolfo, S.J.: System level user behavior biometrics using Fisher features and Gaussian mixture models. In: 2013 IEEE Security and Privacy Workshops, pp. 52–59, May 2013

    Google Scholar 

  37. Ted, E., et al. Detecting insider threats in a real corporate database of computer usage activity. In: Proceedings of the 19th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1393–1401 (2013)

    Google Scholar 

  38. Thomas, L.C., d’Ari, R.: Biological feedback. CRC Press, Boca Raton (1990)

    MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Software and Information Systems, University of North Carolina at Charlotte, Charlotte, NC, USA

    Usman Rauf & Mohamed Shehab

  2. Governors State University, University Park, Chicago, IL, USA

    Nafees Qamar

  3. IBM T. J. Watson, Yorktown Heights, NY, USA

    Sheema Sameen

Authors
  1. Usman Rauf
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mohamed Shehab
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nafees Qamar
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sheema Sameen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Usman Rauf .

Editor information

Editors and Affiliations

  1. Stefens Institute of Technology USA, Hoboken, NJ, USA

    Adriana Compagnoni

  2. Carnegie Mellon University, Pittsburgh, PA, USA

    William Casey

  3. Cylab, Carnegie Mellon University, Pittsburgh, PA, USA

    Yang Cai

  4. New York University, New York, NY, USA

    Bud Mishra

Rights and permissions

Reprints and permissions

Copyright information

© 2019 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Rauf, U., Shehab, M., Qamar, N., Sameen, S. (2019). Bio-inspired Approach to Thwart Against Insider Threats: An Access Control Policy Regulation Framework. In: Compagnoni, A., Casey, W., Cai, Y., Mishra, B. (eds) Bio-inspired Information and Communication Technologies. BICT 2019. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 289. Springer, Cham. https://doi.org/10.1007/978-3-030-24202-2_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-24202-2_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-24201-5

  • Online ISBN: 978-3-030-24202-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation