Abstract
Due to further development of the Network and Information Processing Systems, many information accesses may be allowed via a login process. In order to control those accesses, there exist some control instructions within the network traffics. However, it has a weak point that someone can steal a user’s account details and access the information based on the authority that has been given to the user. It looks that the access controls work but the information that is accessed by a user may also be abused. We collected many RBAC traffics that are generated in the RBAC access control system, which is then analysed to find out and formulate any connections to a user’s information access. Using the outcomes from the above, we propose a system in this paper that should be able to detect any user accesses with a high probability of accessing information illegally.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Bertino E, Kamra A (2005) Intrusion detection in RBAC-administered databases. Annual Computer Security Application Conference(ACSAC 2005). IEEE
Cho E-A, Moon C-J, Park D-H, Baik D-K (2006) Access control policy management framework based on RBAC in OSGi service platform. in Proc. 6th IEEE Int. Conf. Comput. Inf. Technol. (CIT 2006). IEEE Computer Society, Washington, DC, pp 161–166
Chung T, Sim W (2007) A detection of network traffic abnormal symptoms using the PCA
Ferraiolo D, Chandramouli R, Ahn GJ, Gavrila SI (2003) The role control center: features and case studies. Proc. of the 8th ACM symposium on access control models and technologies, Como, Italy, pp12–20, June
Gold-Bernstein B, Ruh W (2004) Enterprise integration, pp 89–100. Addison Wesley, 2005, David SL “Next Generation Application Integration,” pp 271–290, Addison Wesley
Jackson JE (2003) A user’s guide to principal components. Wiley
Lee H, Yu S (2009) An extended role-based security system using context information. Korea Institute of Information Technology, Vol. 7, No. 3, June
Nam D (2004) An Implementation of the Web-Based ERP Security Framework’, from a master degree thesis at Jungang University
NIST (2003) American National Standard for Information Technology—Role Based Access Control, American National Standard Institute Inc
Nyanchama M, Osborn S (1999) The graph model and conflicts of interest. ACM Transactions on Information and System Security
Park S, Kim J (2008) A PCA of detected port scan attack summary information. Koran Institute of Information Scientists and Engineers, Vol 35, No. 2
Son J, Lee S (2003) A PMI based user authority managements for ERP. Korea Industrial and Systems Engineering,
Acknowledgement
This work was supported by a grant from Kyonggi university advanced Industrial Security Center of Korea Ministry of Knowledge Economy.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Lee, D., Kim, B. & Kim, K.J. PCA in ERP environment using the misuse detection system design and implementation of RBAC permissions. Multimed Tools Appl 73, 601–615 (2014). https://doi.org/10.1007/s11042-010-0675-z
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-010-0675-z