ABSTRACT
Inside a "Bring Your Own Device" environment, the employees can freely use their devices. This allows them mix their personal and work life, but at the same time, if the users are not aware of a risky situation, or that situation is not covered by a company security policy or rule, this environment can become very insecure. The aim of this paper is defining a novel system architecture able to self-adapt itself, in the sense that it will learn from past, non secure situations, and therefore will be able to determine whether a new situation is risky or not.
This Paper proposes the use of a variety of techniques, from Data Mining of big amounts of recorded data to Evolutionary Algorithms for refining a set of existing policies, maybe creating new ones. A preliminary method that automatically extracts rules to avoid or deny URL connections helps to demonstrate that, by performing a good preprocessing of the data, useful conclusions can be extracted from new - unknown - situations. Therefore, it is possible to successfully extend a set of rules, usually laid out by the company, for covering new, and potentially dangerous, situations.
- Gregory D Abowd, Anind K Dey, Peter J Brown, Nigel Davies, Mark Smith, and Pete Steggles. Towards a better understanding of context and context-awareness. In Handheld and ubiquitous computing, pages 304--307. Springer, 1999. Google ScholarCross Ref
- Tamas Abraham and Olivier de Vel. Investigative profiling with computer forensic log data and association rules. In Data Mining, 2002. ICDM 2003. Proceedings. 2002 IEEE International Conference on, pages 11--18. IEEE, 2002. Google ScholarDigital Library
- Rakesh Agrawal and Ramakrishnan Srikant. Mining sequential patterns. In Data Engineering, 1995. Proceedings of the Eleventh International Conference on, pages 3--14. IEEE, 1995. Google ScholarDigital Library
- Ron Amadeo. A review of Android for Work: Dual-persona support comes to Android, 2015.Google Scholar
- Enrico Blanzieri and Anton Bryl. A survey of learning-based techniques of email spam filtering. Artificial Intelligence Review, 29(1):63--92, 2008. Google ScholarDigital Library
- GF Breivik. Abstract misuse patterns - a new approach to security requirements. Master Thesis. Dept of Information Science. Bergen, University of Bergen, N-5020 NORWAY, 2002.Google Scholar
- Silent Circle. Blackphone website, 2014.Google Scholar
- George Danezis. Inferring privacy policies for social networking services. In Proceedings of the 2Nd ACM Workshop on Security and Artificial Intelligence, AISec '09, pages 5--10, New York, NY, USA, 2009. ACM. Google ScholarDigital Library
- O. de Vel, A. Anderson, M. Corney, and G. Mohay. Mining e-mail content for author identification forensics. SIGMOD Record, 30(4):55--64, 2001. Google ScholarDigital Library
- Martin Ester, Hans-Peter Kriegel, Jörg Sander, and Xiaowei Xu. A density-based algorithm for discovering clusters in large spatial databases with noise. In KDD-96, pages 226--231, 1996.Google Scholar
- A. Gangula, S. Ansari, and M. Gondhalekar. Survey on mobile computing security. In Modelling Symposium (EMS), 2013 European, pages 536--542, Nov 2013. Google ScholarDigital Library
- Isabelle Guyon and André Elisseeff. An introduction to variable and feature selection. The Journal of Machine Learning Research, 3:1157--1182, 2003. Google ScholarDigital Library
- Jiawei Han, Hong Cheng, Dong Xin, and Xifeng Yan. Frequent pattern mining: current status and future directions. Data Mining and Knowledge Discovery, 15(1):55--86, 2007. Google ScholarDigital Library
- Merike Kaeo. Designing network security. Cisco Press, 2003. Google ScholarDigital Library
- Patrick Gage Kelley, Paul Hankes Drielsma, Norman Sadeh, and Lorrie Faith Cranor. User-controllable learning of security and privacy policies. In Proceedings of the 1st ACM Workshop on Workshop on AISec, AISec '08, pages 11--18, New York, NY, USA, 2008. ACM. Google ScholarDigital Library
- John R Koza. Genetic programming: on the programming of computers by means of natural selection, volume 1. MIT press, 1992. Google ScholarDigital Library
- Yow Tzu Lim, Pau Chen Cheng, John Andrew Clark, and Pankaj Rohatgi. Policy evolution with genetic programming: A comparison of three approaches. In Evolutionary Computation, 2008. CEC 2008.(IEEE World Congress on Computational Intelligence). IEEE Congress on, pages 1792--1800. IEEE, 2008.Google Scholar
- Yow Tzu Lim, Pau Chen Cheng, Pankaj Rohatgi, and John Andrew Clark. MLS security policy evolution with Genetic Programming. In Proceedings of the 10th annual conference on Genetic and evolutionary computation, pages 1571--1578. ACM, 2008. Google ScholarDigital Library
- A.M. Mora, P. De las Cuevas, and J.J. Merelo. Going a step beyond the black and white lists for url accesses in the enterprise by means of categorical classifiers. In Agostinho Rosa, Juan Julián Merelo, and Joaquim Filipe, editors, ECTA 2014 - Proceedings of the International Conference on Evolutionary Computation Theory and Applications, pages 125--134, 2014.Google Scholar
- A.M. Mora, P. De las Cuevas, J.J Merelo, S. Zamarripa, M. Juan, A.I. Esparcia-Alcázar, M. Burvall, H. Arfwedson, and Z. Hodaie. MUSES: A corporate user-centric system which applies computational intelligence methods. In Dongwan Shin et al., editor, 29th Symposium On Applied Computing, pages 1719--1723, 2014. Google ScholarDigital Library
- R. Oppliger. Security and privacy in an online world. IEEE Computer, 44(9):21--22, September 2011. Google ScholarDigital Library
- Jeffrey M Stanton, Kathryn R Stam, Paul Mastrangelo, and Jeffrey Jolton. Analysis of end user security behaviors. Computers & Security, 24(2):124--133, 2005. Google ScholarDigital Library
- Guillermo Suarez-Tangil, Esther Palomar, José María de Fuentes, J Blasco, and Arturo Ribagorda. Automatic rule generation based on genetic programming for event correlation. In Computational Intelligence in Security for Information Systems, pages 127--134. Springer, 2009.Google Scholar
- Good's Technology. Good's technology byod solution, 2012.Google Scholar
- Ian H Witten and Eibe Frank. Data Mining: Practical machine learning tools and techniques. Morgan Kaufmann, 2005. Google ScholarDigital Library
Index Terms
- Soft Computing Techniques Applied to Corporate and Personal Security
Recommendations
Enforcing corporate security policies via computational intelligence techniques
GECCO Comp '14: Proceedings of the Companion Publication of the 2014 Annual Conference on Genetic and Evolutionary ComputationThis paper presents an approach, based in a project in development, which combines Data Mining, Machine Learning and Computational Intelligence techniques, in order to create a user-centric and adaptable corporate security system. Thus, the system, ...
Human Talent Forecasting using Data Mining Classification Techniques
Talent management is a very crucial task and demands close attention from human resource HR professionals. Recently, among the challenges for HR professionals is how to manage organization's talents, particularly to ensure the right job for the right ...
Classification-based self-adaptive differential evolution with fast and reliable convergence performance
Special issue on advances in computational intelligence and bioinformaticsTo avoid the problems of slow and premature convergence of the differential evolution (DE) algorithm, this paper presents a new DE variant named p-ADE. It improves the convergence performance by implementing a new mutation strategy “DE/rand-to-best/pbest”...
Comments