Mitigating Privilege Misuse in Access Control through Anomaly Detection

Proceedings of the 18th International Conference on Availability, Reliability and Security Pub Date : 2023-08-29 DOI:10.1145/3600160.3604988

Gelareh Hasel Mehri, Inez L. Wester, F. Paci, Nicola Zannone

{"title":"Mitigating Privilege Misuse in Access Control through Anomaly Detection","authors":"Gelareh Hasel Mehri, Inez L. Wester, F. Paci, Nicola Zannone","doi":"10.1145/3600160.3604988","DOIUrl":null,"url":null,"abstract":"Access control is a fundamental component of IT systems to guarantee the confidentiality and integrity of sensitive resources. However, access control systems have inherent limitations: once permissions have been assigned to users, access control systems do not provide any means to prevent users from misusing such permissions. The problem of privilege misuse is typically addressed by employing auditing mechanisms, which verify users’ activities a posteriori. However, auditing does not allow for the timely detection and mitigation of privilege misuse. In this work, we propose a framework that complements access control with anomaly detection for the run-time monitoring of access requests and raises an alert when a user diverges from her normal access behavior. To detect anomalous access requests, we propose a novel approach to build user profiles by eliciting patterns of typical access behavior from historical access data. We evaluated our framework using the access log of a hospital. The results show that our framework has very few false positives and can detect several attack scenarios.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 18th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3600160.3604988","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Access control is a fundamental component of IT systems to guarantee the confidentiality and integrity of sensitive resources. However, access control systems have inherent limitations: once permissions have been assigned to users, access control systems do not provide any means to prevent users from misusing such permissions. The problem of privilege misuse is typically addressed by employing auditing mechanisms, which verify users’ activities a posteriori. However, auditing does not allow for the timely detection and mitigation of privilege misuse. In this work, we propose a framework that complements access control with anomaly detection for the run-time monitoring of access requests and raises an alert when a user diverges from her normal access behavior. To detect anomalous access requests, we propose a novel approach to build user profiles by eliciting patterns of typical access behavior from historical access data. We evaluated our framework using the access log of a hospital. The results show that our framework has very few false positives and can detect several attack scenarios.

查看原文本刊更多论文

通过异常检测减少访问控制中的权限滥用

访问控制是IT系统中保证敏感资源机密性和完整性的基本组成部分。然而，访问控制系统有其固有的局限性:一旦权限被分配给用户，访问控制系统不提供任何手段来防止用户滥用这些权限。特权滥用的问题通常通过采用事后验证用户活动的审计机制来解决。但是，审计不允许及时发现和减轻特权滥用。在这项工作中，我们提出了一个框架，该框架将访问控制与异常检测相结合，用于访问请求的运行时监控，并在用户偏离其正常访问行为时发出警报。为了检测异常访问请求，我们提出了一种通过从历史访问数据中提取典型访问行为模式来构建用户配置文件的新方法。我们使用一家医院的访问日志来评估我们的框架。结果表明，该框架的误报率非常低，能够检测到多种攻击场景。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 18th International Conference on Availability, Reliability and Security

自引率

0.00%

发文量