Top

Published in:

2019 | OriginalPaper | Chapter

Efficient Security Policy Management Using Suspicious Rules Through Access Log Analysis

Authors : Maryem Ait El Hadj, Ahmed Khoumsi, Yahya Benkaouz, Mohammed Erradi

Published in: Networked Systems

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Logs record the events and actions performed within an organization’s systems and networks. Usually, log data should conform with the security policy in use. However, access logs may show the occurrence of unauthorized accesses which may be due to security breaches, such as intrusions or conflicting rules in security policies. Due to the huge amount of log data generated every day and presumed to grow over time, analyzing access logs becomes a hard task that requires enormous computational resources. In this paper, we suggest a method that analyses an access log, and uses the obtained results to determine whether an Attribute-Based Access Control (ABAC) security policy contains conflicting rules. This access log-based approach allows to obtain an efficient conflict detection method, since conflicts are searched among suspicious rules, instead of all the rules of the policy. Those suspicious rules are identified by analyzing the access log. To improve efficiency even more, the access log is decomposed into clusters which are analyzed separately. Furthermore, cluster representatives make the proposed approach scalable for continuous access log case. The scalability is confirmed by experiment results, and our approach effectively identifies conflicts with an average recall of 95.65%.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter An Efficient Network IDS for Cloud Environments Based on a Combination of Deep Learning and an Optimized Self-adaptive Heuristic Search Algorithm

next chapter A Vaccination Game for Mitigation Active Worms Propagation in P2P Networks

https://www.linuxjournal.com/content/creating-centralized-syslog-server.

https://www.cisco.com/c/en_ca/products/security/asa-5500-series-next-generation-firewalls/index.html.

Ayache, M., Erradi, M., Khoumsi, A., Freisleben, B.: Analysis and verification of XACML policies in a medical cloud environment. Scalable Comput. Pract. Experience 17(3), 189–206 (2016)

Breier, J., Branišová, J.: A dynamic rule creation based anomaly detection method for identifying security breaches in log records. Wireless Pers. Commun. 94(3), 497–511 (2017). https://doi.org/10.1007/s11277-015-3128-1CrossRef

Celebi, M.E., Kingravi, H.A., Vela, P.A.: A comparative study of efficient initialization methods for the k-means clustering algorithm. Expert Syst. Appl. 40(1), 200–210 (2013)CrossRef

Du, M., Li, F., Zheng, G., Srikumar, V.: DeepLog: anomaly detection and diagnosis from system logs through deep learning. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 1285–1298 (2017)

Dunlop, N., Indulska, J., Raymond, K.: Dynamic conflict detection in policy-based management systems. In: Proceedings Sixth International Enterprise Distributed Object Computing Conference, 2002, EDOC 2002, IEEE, pp. 15–26 (2002)

Gu, Z., Pei, K., Wang, Q., Si, L., Zhang, X., Xu, D.: LEAPS: detecting camouflaged attacks with statistical learning guided by program analysis. In: 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), IEEE, pp. 57–68 (2015)

Guo, S.: Analysis and Evaluation of Similarity Metrics in Collaborative Filtering Recommender System. Master’s thesis, Lapland University of Applied Sciences (2014)

He, P., Zhu, J., Zheng, Z., Lyu, M.R.: Drain: an online log parsing approach with fixed depth tree. In: 2017 IEEE International Conference on Web Services (ICWS), IEEE, pp. 33–40 (2017)

Hong, J., Liu, C.C., Govindarasu, M.: Integrated anomaly detection for cyber security of the substations. IEEE Trans. Smart Grid 5(4), 1643–1653 (2014)CrossRef

10.

Hu, H., Ahn, G.J., Kulkarni, K.: Discovery and resolution of anomalies in web access control policies. IEEE Trans. Dependable Secure Comput. 10(6), 341–354 (2013)CrossRef

11.

Kent, K., Souppaya, M.: Guide to computer security log management. NIST special publication 92 (2006)

12.

Khoumsi, A., Erradi, M., Krombi, W.: A formal basis for the design and analysis of firewall security policies. J. King Saud Univ. Comput. Inf. Sci. 30(1), 51–66 (2016)

13.

Kriegel, H.P., Kröger, P., Sander, J., Zimek, A.: Density-based clustering. Wiley Interdisc. Rev. Data Min. Knowl. Discov. 1(3), 231–240 (2011)CrossRef

14.

Lin, Q., Zhang, H., Lou, J.G., Zhang, Y., Chen, X.: Log clustering based problem identification for online service systems. In: Proceedings of the 38th International Conference on Software Engineering Companion, ACM, pp. 102–111 (2016)

15.

Lou, J.G., Fu, Q., Yang, S., Xu, Y., Li, J.: Mining invariants from console logs for system problem detection. In: USENIX Annual Technical Conference (2010)

16.

Nagaraj, K., Killian, C., Neville, J.: Structured comparative analysis of systems logs to diagnose performance problems. In: Proceedings of the 9th USENIX Conference on Networked Systems Design and Implementation, USENIX Association, p. 26 (2012)

17.

Sapegin, A., Jaeger, D., Azodi, A., Gawron, M., Cheng, F., Meinel, C.: Hierarchical object log format for normalisation of security events. In: 9th International Conference on Information Assurance and Security, IEEE, pp. 25–30 (2013)

18.

Shang, W., Nagappan, M., Hassan, A.E., Jiang, Z.M.: Understanding log lines using development knowledge. In: 2014 IEEE International Conference on Software Maintenance and Evolution (ICSME), IEEE, pp. 21–30 (2014)

19.

St-Martin, M., Felty, A.P.: A verified algorithm for detecting conflicts in XACML access control rules. In: Proceedings of the 5th ACM SIGPLAN Conference on Certified Programs and Proofs, ACM, pp. 166–175 (2016)

20.

Studiawan, H., Payne, C., Sohel, F.: Graph clustering and anomaly detection of access control log for forensic purposes. Digit. Invest. 21, 76–87 (2017)CrossRef

21.

Xu, Z., Stoller, S.D.: Mining attribute-based access control policies. IEEE Trans. Dependable Secure Comput. 12(5), 533–545 (2015)CrossRef

22.

Yagoub, I., Khan, M.A., Jiyun, L.: IT equipment monitoring and analyzing system for forecasting and detecting anomalies in log files utilizing machine learning techniques. In: 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems (icABCD), IEEE, pp. 1–6 (2018)

23.

Yuan, D., et al.: Be conservative: enhancing failure diagnosis with proactive logging. OSDI 12, 293–306 (2012)

24.

Yuan, E., Tong, J.: Attributed based access control (ABAC) for web services. In: IEEE International Conference on Web Services (ICWS 2005), IEEE (2005)

25.

Zhu, J., He, P., Fu, Q., Zhang, H., Lyu, M.R., Zhang, D.: Learning to log: helping developers make informed logging decisions. In: Proceedings of the 37th International Conference on Software Engineering, IEEE Press, vol. 1, pp. 415–425 (2015)

Title: Efficient Security Policy Management Using Suspicious Rules Through Access Log Analysis
Authors: Maryem Ait El Hadj
Ahmed Khoumsi
Yahya Benkaouz
Mohammed Erradi
Publisher: Springer International Publishing
Book: Networked Systems
Print ISBN: 978-3-030-31276-3

Electronic ISBN: 978-3-030-31277-0

Copyright Year: 2019
DOI: https://doi.org/10.1007/978-3-030-31277-0_16

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner