Abstract
In the context of data access and export control from enterprise information systems, one of the issue is the generation of the rules. Currently, this time consuming and difficult task is highly based on experience. Expert security analysts merge their experience of Enterprise Resource Planning (ERP) systems with the random exploration of the logs generated by the system to try to envision the most relevant attack paths. This project allowed to explore different approaches for creating support for human experts in security rule identification and validation, while preserving interpretability of the results and inspectability of the approach used. This resulted in a tool that complements the security engine by supporting experts in defining uncommon patterns as security-related events to be monitored and vetted by the event classification engine. The result is a promising instrument allowing the human inspection of candidate security-related relevant events/patterns. Main focus being the definition of security rules to be enforced by the specific security engine at run-time. An initial evaluation round shows a positive trend into the users’ perception, even tough a miss of contextual information still hinders its usage by more business-oriented profiles.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Al-Mashari, M., Al-Mudimigh, A., Zairi, M.: Enterprise resource planning: a taxonomy of critical factors. Eur. J. Oper. Res. 146(2), 352–364 (2003)
Breunig, M., Kriegel, H.P., Ng, R., Sander, J.: LOF: identifying density-based local outliers. vol. 29, pp. 93–104, June 2000. https://doi.org/10.1145/342009.335388
Dekhtiar, J., Durupt, A., Bricogne, M., Eynard, B., Rowson, H., Kiritsis, D.: Deep learning for big data applications in CAD and PLM-research review, opportunities and case study. Comput. Ind. 100, 227–243 (2018)
Ester, M., Kriegel, H.P., Sander, J., Xu, X., et al.: A density-based algorithm for discovering clusters in large spatial databases with noise. In: KDD, vol. 96, pp. 226–231 (1996)
Kamarudin, M.H., Maple, C., Watson, T., Safa, N.S.: A logitboost-based algorithm for detecting known and unknown web attacks. IEEE Access 5, 26190–26200 (2017)
Kim, B., Pardo, B.: A human-in-the-loop system for sound event detection and annotation. ACM Trans. Interact. Intell. Syst. (TiiS) 8(2), 1–23 (2018)
Kim, T., Hong, H., Magerko, B.: Designing for persuasion: toward ambient eco-visualization for awareness. In: Ploug, T., Hasle, P., Oinas-Kukkonen, H. (eds.) PERSUASIVE 2010. LNCS, vol. 6137, pp. 106–116. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13226-1_12
Lanza, M., Hattori, L., Guzzi, A.: Supporting collaboration awareness with real-time visualization of development activity. In: 2010 14th European Conference on Software Maintenance and Reengineering, pp. 202–211. IEEE (2010)
McInnes, L., Healy, J.: Accelerated hierarchical density based clustering. In: 2017 IEEE International Conference on Data Mining Workshops (ICDMW), pp. 33–42. IEEE (2017)
Monk, E., Wagner, B.: Concepts in Enterprise Resource Planning. Cengage Learning, Boston (2012)
Ning, P., Jajodia, S.: Intrusion detection techniques. The Internet Encyclopedia (2004)
Riveiro, M., Falkman, G., Ziemke, T.: Improving maritime anomaly detection and situation awareness through interactive visualization. In: 2008 11th International Conference on Information Fusion, pp. 1–8. IEEE (2008)
Sanders, N.R.: Big Data Driven Supply Chain Management: A Framework for Implementing Analytics and Turning Information into Intelligence. Pearson Education, London (2014)
Schreyer, M., Sattarov, T., Reimer, B., Borth, D.: Adversarial learning of deepfakes in accounting. arXiv preprint arXiv:1910.03810 (2019)
Schubert, E., Sander, J., Ester, M., Kriegel, H.P., Xu, X.: DBSCAN revisited, revisited: why and how you should (still) use DBSCAN. ACM Trans. Database Syst. (TODS) 42(3), 1–21 (2017)
She, W., Thuraisingham, B.: Security for enterprise resource planning systems. Inf. Syst. Secur. 16(3), 152–163 (2007)
Valkanova, N., Jorda, S., Tomitsch, M., Vande Moere, A.: Reveal-it! the impact of a social visualization projection on public awareness and discourse. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 3461–3470 (2013)
Wiegenstein, A., Schumacher, M., Jia, X.: Apparatus and method for detecting, prioritizing and fixing security defects and compliance violations in SAP® ABAP code, US Patent 8,402,547, 19 Mar 2013
Acknowledgement
The research leading to this work was partially financed by Innosuisse - Swiss federal agency for Innovation, through a competitive call. The project 29926.1 IP-ICT is called IAC: Intelligent Automatic Configuration (https://www.aramis.admin.ch/Grunddaten/?ProjectID=42722). The authors would like to thanks all the people involved on the implementation-side at SECUDE International AG (https://secude.com/) for all the constructive and fruitful discussions and insight into the functioning of a security engine and the characterisation of security event types. Final Note: the work briefly described here is under review for an U.S. Patent, with application number 17/174,837.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Mazzola, L. et al. (2021). Security Rules Identification and Validation: The Role of Explainable Clustering and Information Visualisation. In: Stephanidis, C., Antona, M., Ntoa, S. (eds) HCI International 2021 - Posters. HCII 2021. Communications in Computer and Information Science, vol 1420. Springer, Cham. https://doi.org/10.1007/978-3-030-78642-7_58
Download citation
DOI: https://doi.org/10.1007/978-3-030-78642-7_58
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-78641-0
Online ISBN: 978-3-030-78642-7
eBook Packages: Computer ScienceComputer Science (R0)