TY - GEN
T1 - Using machine learning for behavior-based access control
T2 - 2013 IEEE Military Communications Conference, MILCOM 2013
AU - Adler, Aaron
AU - Mayhew, Michael J.
AU - Cleveland, Jeffrey
AU - Atighetchi, Michael
AU - Greenstadt, Rachel
PY - 2013
Y1 - 2013
N2 - Today's business processes are more connected than ever before, driven by the ability to share the right information with the right partners at the right time. While this interconnectedness and situational awareness is crucial to success, it also opens the possibility for misuse of the same capabilities by sophisticated adversaries to spread attacks and exfiltrate or corrupt critical sensitive information. We have been investigating means to analyze behaviors of actors and assess trustworthiness of information to support real-time cyber security decision making through a concept called Behavior-Based Access Control (BBAC). The work described in this paper focuses on the statistical machine learning techniques used in BBAC to make predictions about the intent of actors establishing TCP connections and issuing HTTP requests. We discuss pragmatic challenges and solutions we encountered in implementing and evaluating BBAC, discussing (a) the general concepts underlying BBAC, (b) challenges we have encountered in identifying suitable datasets, (c) mitigation strategies to cope with shortcomings in available data, (d) the combination of clustering and support vector machines for performing classification at scale, and (e) results from a number of scientific experiments. We also include expert commentary from Air Force stakeholders and describe current plans for transitioning BBAC capabilities into the Department of Defense together with lessons learned for the machine learning community.
AB - Today's business processes are more connected than ever before, driven by the ability to share the right information with the right partners at the right time. While this interconnectedness and situational awareness is crucial to success, it also opens the possibility for misuse of the same capabilities by sophisticated adversaries to spread attacks and exfiltrate or corrupt critical sensitive information. We have been investigating means to analyze behaviors of actors and assess trustworthiness of information to support real-time cyber security decision making through a concept called Behavior-Based Access Control (BBAC). The work described in this paper focuses on the statistical machine learning techniques used in BBAC to make predictions about the intent of actors establishing TCP connections and issuing HTTP requests. We discuss pragmatic challenges and solutions we encountered in implementing and evaluating BBAC, discussing (a) the general concepts underlying BBAC, (b) challenges we have encountered in identifying suitable datasets, (c) mitigation strategies to cope with shortcomings in available data, (d) the combination of clustering and support vector machines for performing classification at scale, and (e) results from a number of scientific experiments. We also include expert commentary from Air Force stakeholders and describe current plans for transitioning BBAC capabilities into the Department of Defense together with lessons learned for the machine learning community.
UR - http://www.scopus.com/inward/record.url?scp=84897723119&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84897723119&partnerID=8YFLogxK
U2 - 10.1109/MILCOM.2013.317
DO - 10.1109/MILCOM.2013.317
M3 - Conference contribution
AN - SCOPUS:84897723119
SN - 9780769551241
T3 - Proceedings - IEEE Military Communications Conference MILCOM
SP - 1880
EP - 1887
BT - Proceedings - 2013 IEEE Military Communications Conference, MILCOM 2013
Y2 - 18 November 2013 through 20 November 2013
ER -