Article

Applying role based access control and genetic algorithms to insider threat detection

Authors:
Ning Hu

The University of Alabama, Tuscaloosa, Alabama

The University of Alabama, Tuscaloosa, Alabama
View Profile

,
Phillip G. Bradford

The University of Alabama, Tuscaloosa, Alabama

The University of Alabama, Tuscaloosa, Alabama
View Profile

,
Jun Liu

The University of Alabama, Tuscaloosa, Alabama

The University of Alabama, Tuscaloosa, Alabama
View Profile

ACM-SE 44: Proceedings of the 44th annual Southeast regional conferenceMarch 2006Pages 790–791https://doi.org/10.1145/1185448.1185638

Published:10 March 2006Publication History

ACM-SE 44: Proceedings of the 44th annual Southeast regional conference

Pages 790–791

ABSTRACT

An insider threat is caused by authorized users potentially performing unsanctioned or inappropriate actions that endanger the computer security of an organization. This paper describes a novel approach that employs the ideas of Role-Based Access Control (RBAC) to initiate role-action mapping rules in line with organization specific security policies. These rules can be refined by genetic algorithms (GAs) to identify discrepancies between user roles and processes.

References

E. Bertino, A. Kamra, E. Terzi, and A. Vakali, "Intrusion Detection in RBAC-administered Databases," CERIAS TR 2005--70, 2005.Google Scholar
P. G. Bradford, M. Brown, J. Perdue, and B. Self, "Towards Proactive Computer-System Forensics," Proc. of International Conference on Information Technology: Coding and Computing, Vol. 2, 2004 (ITCC 2004), 648--652. Google ScholarDigital Library
P. G. Bradford and N. Hu, "A Layered Approach to Insider Threat Detection and Proactive Forensics," Annual Computer Security Applications Conference (ACSAC), Technology Blitz, Dec. 2005, Tucson, AZ.Google Scholar
D. Ferraiolo and R. Kuhn, "Role-Based Access Controls," Proc. of the 15th National Computer Security Conference, Oct. 1992, 554--563.Google Scholar
J. H. Holland, "Genetic Algorithms and the Optimal Allcation of Trials," SIAM Journal on Computing, Vol. 2, No. 2, 88--105, 1973.Google ScholarCross Ref
R. Sandhu, D. Ferraiolo, and R. Kuhn, "The NIST Model for Role-Based Access Control: Towards a Unified Standard," Proc. of the 5th ACM Workshop on Role Based Access Control, July 26--27, 2000. Google ScholarDigital Library

Index Terms

Applying role based access control and genetic algorithms to insider threat detection

Recommendations

Role-Based Access Control Models

Since the 1970s, computer systems have featured multiple applications and served multiple users, leading to heightened awareness of data security issues. System administrators and software developers focused on different kinds of access control to ...
Read More
Administrating role-based access control by genetic algorithms
GECCO '17: Proceedings of the Genetic and Evolutionary Computation Conference Companion

In the paper we address the problem of administering Role-Based Access Control (RBAC) systems, which consists in substantiation of the choice of solution of the RBAC design or reconfiguration problem based on using genetic algorithms (in conditions of ...
Read More
Delegation in role-based access control

User delegation is a mechanism for assigning access rights available to one user to another user. A delegation can either be a grant or transfer operation. Existing work on delegation in the context of role-based access control models has extensively ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
ACM-SE 44: Proceedings of the 44th annual Southeast regional conference
March 2006
823 pages
ISBN:1595933158
DOI:10.1145/1185448
General Chair:
Ronaldo Menezes
Florida Institute of Technology
Copyright © 2006 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 10 March 2006
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Qualifiers
- Article
Conference

Acceptance Rates
Overall Acceptance Rate178of377submissions,47%
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 21
  Total Citations
  View Citations
- 587
  Total Downloads
- Downloads (Last 12 months)21
- Downloads (Last 6 weeks)5
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Applying role based access control and genetic algorithms to insider threat detection

ACM-SE 44: Proceedings of the 44th annual Southeast regional conference

ABSTRACT

References

Cited By

Index Terms

Recommendations

Role-Based Access Control Models

Administrating role-based access control by genetic algorithms

Delegation in role-based access control