Machine Learning Based Risk-Adaptive Access Control System to Identify Genuineness of the Requester

Data access can be controlled in a static manner using role based or policy based access control. These access control systems can easily handle situations in structured databases. In today’s era of big data where lot of research work is done in storing huge and unstructured data, there is still a big gap in providing data access security. There are many real world applications where static access control systems are not effective, such as defense, airport surveillance and hospital management system. There is a need for a system which learns and adapts according to the genuineness of the requester. Existing role based access control methodology easily attracts intruders. The main drawback of policy based access control is lack of adaptability as the policy decided initially cannot be changed dynamically. Proposed risk adaptive access control is a framework which, understands the genuineness of the requester, calculates the risk and then acts accordingly. This framework considers many real world attributes in its design, such as time of access, location of access, previous history of the requester (how many times the same request is been asked by the requester) and sensitivity of information which is requested. The system will sense the situation (emergency or normal) and learns from the past history. It calculates a risk score and based on the risk score access is provided. We have tested accuracy of the system as well as false negative which ensures that the framework is adaptable.

[1]  Massimiliano Albanese,et al.  A quantitative risk assessment framework for adaptive Intrusion Detection in the cloud , 2016, 2016 IEEE Conference on Communications and Network Security (CNS).

[2]  Paula Andrea Rodríguez Marín,et al.  Rules based system to educative personalized strategy recommendation according to the CHAEA test , 2016 .

[3]  Myrsini Athinaiou Cyber security risk management for health-based critical infrastructures , 2017, 2017 11th International Conference on Research Challenges in Information Science (RCIS).

[4]  Yu-Xuan Wang,et al.  Particle swarm optimizer with adaptive tabu and mutation: A unified framework for efficient mutation operators , 2010, TAAS.

[5]  Zhenjiang Hu,et al.  Towards Attribute-Based Authorisation for Bidirectional Programming , 2015, SACMAT.

[6]  Geoffrey E. Hinton,et al.  Deep Learning , 2015, Nature.

[7]  Fahimeh Farahnakian,et al.  A deep auto-encoder based approach for intrusion detection system , 2018, 2018 20th International Conference on Advanced Communication Technology (ICACT).

[8]  Qi Shi,et al.  A Deep Learning Approach to Network Intrusion Detection , 2018, IEEE Transactions on Emerging Topics in Computational Intelligence.

[9]  Annamária R. Várkonyi-Kóczy,et al.  Personal-Statistics-Based Heart Rate Evaluation in Anytime Risk Calculation Model , 2015, IEEE Transactions on Instrumentation and Measurement.

[10]  Shie-Jue Lee,et al.  Machine learning based network intrusion detection , 2017, 2017 2nd IEEE International Conference on Computational Intelligence and Applications (ICCIA).

[11]  Elena Ferrari,et al.  Fine-Grained Access Control Within NoSQL Document-Oriented Datastores , 2016, Data Science and Engineering.

[12]  Ravi S. Sandhu,et al.  A framework for risk-aware role based access control , 2013, 2013 IEEE Conference on Communications and Network Security (CNS).

[13]  B. Farroha,et al.  Challenges of “operationalizing” dynamic system access control: Transitioning from ABAC to RAdAC , 2012, 2012 IEEE International Systems Conference SysCon 2012.

[14]  Yacine Rezgui,et al.  An ANN-GA Semantic Rule-Based System to Reduce the Gap Between Predicted and Actual Energy Consumption in Buildings , 2017, IEEE Transactions on Automation Science and Engineering.

[15]  Yang Yu,et al.  An Effective Two-Step Intrusion Detection Approach Based on Binary Classification and $k$ -NN , 2018, IEEE Access.

[16]  Jiang Jiang,et al.  Sleep monitoring approach based on belief rule-based systems with pulse oxygen saturation and heart rate , 2017, 2017 29th Chinese Control And Decision Conference (CCDC).

[17]  Peter Beling,et al.  Horse race analysis in credit card fraud—deep learning, logistic regression, and Gradient Boosted Tree , 2017, 2017 Systems and Information Engineering Design Symposium (SIEDS).

[18]  Gugulothu Narsimha,et al.  Evolutionary approach for intrusion detection , 2017, 2017 International Conference on Engineering & MIS (ICEMIS).

[19]  Shuai Liu,et al.  Research on the quantification method of the operational need based on access purpose and exponential smoothing , 2014, 2014 IEEE 7th Joint International Information Technology and Artificial Intelligence Conference.

[20]  Munindar P. Singh,et al.  Evidence-based trust: A mathematical model geared for multiagent systems , 2010, TAAS.

[21]  Amar A. Rasheed A trusted computing architecture for health care , 2017, 2017 International Conference on Information Networking (ICOIN).

[22]  Rommel N. Carvalho,et al.  Deep Learning Anomaly Detection as Support Fraud Investigation in Brazilian Exports and Anti-Money Laundering , 2016, 2016 15th IEEE International Conference on Machine Learning and Applications (ICMLA).

[23]  Motahera Shermin,et al.  An Access Control Model for NoSQL Databases , 2013 .

[24]  Maria Grazia Fugini,et al.  Dynamic Security Modeling in Risk Management Using Environmental Knowledge , 2014, 2014 IEEE 23rd International WETICE Conference.

[25]  Adnan Shaout,et al.  Multilevel Fuzzy Inference System for Risk Adaptive Hybrid RFID Access Control System , 2016, 2016 Cybersecurity and Cyberforensics Conference (CCC).

[26]  Hongxia Jin,et al.  Quantified risk-adaptive access control for patient privacy protection in health information systems , 2011, ASIACCS '11.

[27]  Yalin E. Sagduyu,et al.  Risk assessment based access control with text and behavior analysis for document management , 2016, MILCOM 2016 - 2016 IEEE Military Communications Conference.

[28]  K. L. Shunmuganathan,et al.  Multi-Agent System for data classification from data mining using SVM , 2013, 2013 International Conference on Green Computing, Communication and Conservation of Energy (ICGCE).

[29]  Bart Baesens,et al.  Recursive Neural Network Rule Extraction for Data With Mixed Attributes , 2008, IEEE Transactions on Neural Networks.

[30]  Jiang Li,et al.  A few-shot deep learning approach for improved intrusion detection , 2017, 2017 IEEE 8th Annual Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON).