Leveraging Physical Access Logs to Identify Tailgating: Limitations and Solutions

Abstract

Critical infrastructure facilities use physical access systems to control movement in their facilities. However, the cyber logs collected from such systems are not representative of all human movement in real life, including "tailgating", which is an important problem because it potentially allows unauthorized physical access to critical equipment. In this paper, we identify physical constraints on human movement and use those constraints to motivate several approaches for inferring tailgating from card tap logs. In particular, using our approach, we found 3,999 instances of tailgating in a railway station during a 17-month period. However, certain movement scenarios are not visible in card tap logs. We overcome that limitation by leveraging additional physical data sources to provide information regarding the physical presence of people within a space. We support our findings with an observation experiment that we conducted in a railway station.