Abstract
Typically, a security audit is conducted to detect and track inappropriate activities, such as security policy misconfigurations and attacks. Practically, an audit can be done through the analysis and assessment of data in logs registering traces of queries according to predefined policies. In this paper, we present an auditing approach that detects and resolves efficiently conflicting rules of a security policy. Such efficiency translates into a reduction in the time it takes to detect and resolve conflicts. Such efficiency is a consequence of the fact that conflict detection is executed only among suspicious pairs of rules, instead of all pairs of rules. The idea of using suspicious pairs of rules has recently been applied to reduce the execution time of previous detection methods. The present study goes further by applying the idea not only for conflict detection, but also for reducing the resolution time of the detected conflicts. We present experimental results that illustrate the efficiency of the suggested method.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ait El Hadj, M., Khoumsi, A., Benkaouz, Y., Erradi, M.: Efficient security policy management using suspicious rules through access log analysis. In: International Conference on Networked Systems, pp. 250–266. Springer (2019)
Du, M., Li, F., Zheng, G., Srikumar, V.: DeepLog: anomaly detection and diagnosis from system logs through deep learning. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM (2017)
Lin, Q., Zhang, H., Lou, J.-G., Zhang, Y., Chen, X.: Log clustering based problem identification for online service systems. In: Proceedings of the 38th International Conference on Software Engineering Companion, pp. 102–111. ACM (2016)
Ait El Hadj, M., Khoumsi, A., Benkaouz, Y., Erradi, M.: Formal approach to detect and resolve anomalies while clustering ABAC policies. EAI Endorsed Trans. Secur. Saf. 5(16) (2018)
Nguyen, Q.P., Lim, K.W., Divakaran, D.M., Low, K.H., Chan, M.C.: GEE: a gradient-based explainable variational autoencoder for network anomaly detection. In: 2019 IEEE Conference on Communications and Network Security (CNS), pp. 91–99. IEEE (2019)
Patcha, A., Park, J.-M.: An overview of anomaly detection techniques: Existing solutions and latest technological trends. Comput. Netw. 51(12), 3448–3470 (2007)
Yagoub, I., Khan, M.A., Jiyun, L.: IT equipment monitoring and analyzing system for forecasting and detecting anomalies in log files utilizing machine learning techniques. In: 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems (icABCD), pp. 1–6. IEEE (2018)
Yang, H., Cheng, L., Chuah, M.C.: Deep-learning-based network intrusion detection for SCADA systems. In: 2019 IEEE Conference on Communications and Network Security (CNS), pp. 1–7. IEEE (2019)
Yuan, D., Park, S., Huang, P., Liu, Y., Lee, M.M.-J., Tang, X., Zhou, Y., Savage, S.: Be conservative: enhancing failure diagnosis with proactive logging. In: OSDI, vol. 12, pp. 293–306 (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Ait El Hadj, M., Khoumsi, A., Benkaouz, Y., Erradi, M. (2021). A Log-Based Method to Detect and Resolve Efficiently Conflicts in Access Control Policies. In: Abraham, A., et al. Proceedings of the 12th International Conference on Soft Computing and Pattern Recognition (SoCPaR 2020). SoCPaR 2020. Advances in Intelligent Systems and Computing, vol 1383. Springer, Cham. https://doi.org/10.1007/978-3-030-73689-7_79
Download citation
DOI: https://doi.org/10.1007/978-3-030-73689-7_79
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-73688-0
Online ISBN: 978-3-030-73689-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)