Abstract
With the ever increasing number of insider attacks (data breaches) and security incidents it is evident that the traditional manual and standalone access control models for cyber-security are unable to defend complex and large organizations. The new access control models must focus on auto-resiliency, integration and fast response-time to timely react against insider attacks. To meet these objectives, even after decades of development of cyber-security systems, there still exist inherent limitations (i.e., understanding of behavioral anomalies) in current cyber-security architecture that allow adversaries to not only plan and launch attacks effectively but also learn and evade detection easily. In this research we propose a bio-inspired integrated access control policy regulation framework which not only allows us to understand anomalous behavior of an insider but also provides theoretical background to link behavioral anomalies to the access control regulation. To demonstrate the effectiveness of our proposed framework we use real-life threat dataset for the evaluation purposes.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
IBM QRadar, SIEM
www.dropbox.com/s/rerwekvuji12icm/logon_hotencoded_cleaned_data.csv?dl=0
Access risk management. Technical report (2012)
Application access controls Governor. Technical report (2012)
Identity and access Governance. Technical report (2012)
Resource access control facility (RACF). Technical report (2012)
CERT threat test dataset. CERT (2016)
Defending against the wrong enemy. Technical report, SANS Insider Threat Survey (2017)
Insider threat report. Technical report, CA Technologies (2018)
McCormac, A., Parsons, K., Butavicius, M.: Preventing and profiling malicious insider attacks. Technical report, Defense Science and Technology Organization, April 2012
Agrafiotis, I., Erola, A., Goldsmith, M., Creese, S.: A tripwire grammar for insider threat detection. In: Proceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats, MIST 2016, pp. 105–108. ACM (2016)
Aziz, B., Foley, S.N., Herbert, J., Swart, G.: Reconfiguring role based access control policies using risk semantics. J. High Speed Netw. 15(3), 261–273 (2006)
Bishop, M., et al.: Insider threat identification by process analysis. In: 2014 IEEE Security and Privacy Workshops, pp. 251–264, May 2014
Biskup, J.: History-dependent inference control of queries by dynamic policy adaption. In: Li, Y. (ed.) DBSec 2011. LNCS, vol. 6818, pp. 106–121. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22348-8_10
Brdiczka, O., et al.: Proactive insider threat detection through graph learning and psychological context. In: 2012 IEEE Symposium on Security and Privacy Workshops (SPW), pp. 142–149 (2012)
Cappelli, D.M., Moore, A.P., Trzeciak, R.F.: The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud). Addison-Wesley, Boston (2012)
Chakraborty, S., Ray, I.: TrustBAC: integrating trust relationships into the RBAC model for access control in open systems. In: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies, SACMAT 2006, New York, NY, USA, pp. 49–58. ACM (2006)
Chen, L., Crampton, J.: Risk-aware role-based access control. In: Meadows, C., Fernandez-Gago, C. (eds.) STM 2011. LNCS, vol. 7170, pp. 140–156. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29963-6_11
Chen, T., Kammüller, F., Nemli, I., Probst, C.W.: A probabilistic analysis framework for malicious insider threats. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2015. LNCS, vol. 9190, pp. 178–189. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-20376-8_16
Davidson, E.H., Erwin, D.H.: Gene regulatory networks and the evolution of animal body plans. Science 311(5762), 796–800 (2006)
Davis, M., Putnam, H.: A computing procedure for quantification theory. J. ACM 7(3), 201–215 (1960)
de Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78800-3_24
Dimmock, N., Belokosztolszki, A., Eyers, D., Bacon, J., Moody, K.: Using trust and risk in role-based access control policies. In: Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies, SACMAT 2004, New York, NY, USA, pp. 156–162. ACM (2004)
Dressler, F.: Self-organized network security facilities based on bio-inspired promoters and inhibitors. In: Dressler, F., Carreras, I. (eds.) Advances in Biologically Inspired Information Systems, pp. 81–98. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-72693-7_5
Feng, F., Lin, C., Peng, D., Li, J.: A trust and context based access control model for distributed systems. In: 2008 10th IEEE International Conference on High Performance Computing and Communications, pp. 629–634, September 2008
Gheyas, I.A., Abdallah, A.E.: Detection and prediction of insider threats to cyber security: a systematic literature review and meta-analysis. Big Data Anal. 1(1), 6 (2016)
Glasser, J., Lindauer, B. : Bridging the gap: a pragmatic approach to generating insider threat data. In: 2013 IEEE Security and Privacy Workshops, pp. 98–104, May 2013
Legg, P.A., Buckley, O., Goldsmith, M., Creese, S.: Automated insider threat detection system using user and role-based profile assessment. IEEE Syst. J. 11(2), 503–512 (2017)
Ma, J., Adi, K., Mejri, M., Logrippo, L.: Risk analysis in access control systems. In: 2010 Eighth International Conference on Privacy, Security and Trust, pp. 160–166, Aug 2010
Nissanke, N., Khayat, E.J.: Risk based security analysis of permissions in RBAC. In: WOSIS (2004)
Nurse, J.R.C., et al.: Understanding insider threat: a framework for characterising attacks. In: 2014 IEEE Security and Privacy Workshops, pp. 214–228, May 2014
Zhang, R., Chen, X., Shi, J., Xu, F., Pu, Y.: Detecting insider threat based on document access behavior analysis. In: Han, W., Huang, Z., Hu, C., Zhang, H., Guo, L. (eds.) APWeb 2014. LNCS, vol. 8710, pp. 376–387. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11119-3_35
Rashid, T., Agrafiotis, I., Nurse, J.R.C.: A new take on detecting insider threats: exploring the use of hidden markov models. In: Proceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats, MIST 2016, New York, NY, USA, pp. 47–56. ACM (2016)
Rauf, U.: A taxonomy of bio-inspired cyber security approaches: existing techniques and future directions. Arab. J. Sci. Eng. 43, 6693–6708 (2018)
Salim, F., Reid, J., Dawson, E., Dulleck, U.: An approach to access control under uncertainty. In: 2011 Sixth International Conference on Availability, Reliability and Security, pp. 1–8, August 2011
Song, Y., Salem, M.B., Hershkop, S., Stolfo, S.J.: System level user behavior biometrics using Fisher features and Gaussian mixture models. In: 2013 IEEE Security and Privacy Workshops, pp. 52–59, May 2013
Ted, E., et al. Detecting insider threats in a real corporate database of computer usage activity. In: Proceedings of the 19th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1393–1401 (2013)
Thomas, L.C., d’Ari, R.: Biological feedback. CRC Press, Boca Raton (1990)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Rauf, U., Shehab, M., Qamar, N., Sameen, S. (2019). Bio-inspired Approach to Thwart Against Insider Threats: An Access Control Policy Regulation Framework. In: Compagnoni, A., Casey, W., Cai, Y., Mishra, B. (eds) Bio-inspired Information and Communication Technologies. BICT 2019. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 289. Springer, Cham. https://doi.org/10.1007/978-3-030-24202-2_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-24202-2_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-24201-5
Online ISBN: 978-3-030-24202-2
eBook Packages: Computer ScienceComputer Science (R0)