Gelareh Hasel Mehri, Inez L. Wester, F. Paci, Nicola Zannone
{"title":"通过异常检测减少访问控制中的权限滥用","authors":"Gelareh Hasel Mehri, Inez L. Wester, F. Paci, Nicola Zannone","doi":"10.1145/3600160.3604988","DOIUrl":null,"url":null,"abstract":"Access control is a fundamental component of IT systems to guarantee the confidentiality and integrity of sensitive resources. However, access control systems have inherent limitations: once permissions have been assigned to users, access control systems do not provide any means to prevent users from misusing such permissions. The problem of privilege misuse is typically addressed by employing auditing mechanisms, which verify users’ activities a posteriori. However, auditing does not allow for the timely detection and mitigation of privilege misuse. In this work, we propose a framework that complements access control with anomaly detection for the run-time monitoring of access requests and raises an alert when a user diverges from her normal access behavior. To detect anomalous access requests, we propose a novel approach to build user profiles by eliciting patterns of typical access behavior from historical access data. We evaluated our framework using the access log of a hospital. The results show that our framework has very few false positives and can detect several attack scenarios.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Mitigating Privilege Misuse in Access Control through Anomaly Detection\",\"authors\":\"Gelareh Hasel Mehri, Inez L. Wester, F. Paci, Nicola Zannone\",\"doi\":\"10.1145/3600160.3604988\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Access control is a fundamental component of IT systems to guarantee the confidentiality and integrity of sensitive resources. However, access control systems have inherent limitations: once permissions have been assigned to users, access control systems do not provide any means to prevent users from misusing such permissions. The problem of privilege misuse is typically addressed by employing auditing mechanisms, which verify users’ activities a posteriori. However, auditing does not allow for the timely detection and mitigation of privilege misuse. In this work, we propose a framework that complements access control with anomaly detection for the run-time monitoring of access requests and raises an alert when a user diverges from her normal access behavior. To detect anomalous access requests, we propose a novel approach to build user profiles by eliciting patterns of typical access behavior from historical access data. We evaluated our framework using the access log of a hospital. The results show that our framework has very few false positives and can detect several attack scenarios.\",\"PeriodicalId\":107145,\"journal\":{\"name\":\"Proceedings of the 18th International Conference on Availability, Reliability and Security\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-08-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 18th International Conference on Availability, Reliability and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3600160.3604988\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 18th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3600160.3604988","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Mitigating Privilege Misuse in Access Control through Anomaly Detection
Access control is a fundamental component of IT systems to guarantee the confidentiality and integrity of sensitive resources. However, access control systems have inherent limitations: once permissions have been assigned to users, access control systems do not provide any means to prevent users from misusing such permissions. The problem of privilege misuse is typically addressed by employing auditing mechanisms, which verify users’ activities a posteriori. However, auditing does not allow for the timely detection and mitigation of privilege misuse. In this work, we propose a framework that complements access control with anomaly detection for the run-time monitoring of access requests and raises an alert when a user diverges from her normal access behavior. To detect anomalous access requests, we propose a novel approach to build user profiles by eliciting patterns of typical access behavior from historical access data. We evaluated our framework using the access log of a hospital. The results show that our framework has very few false positives and can detect several attack scenarios.