Abstract

Preventing unauthorized and illegitimate access to sensitive resources is the primary duty of access control models. However, the malicious activities by authorized users cause significant damages to their underlying systems. In many cases, existing access control models are incomplete in their ability to detect insider abuse, and rather than detecting and preventing insider attack, it seems to still operate by forensic analysis after an attack. Attribute-Based Access Control is a new access control model that can be used instead of other traditional types of access control models, and makes decisions according to the access requests by utilizing users' as well as resources' attributes. However, it still endures a quandary of how to permit the real eligible users to access the resources while blocking abnormal access by authorized users of a system. In this paper, an Attribute/Behavior-Based Access Control is proposed by understanding and deriving users' behaviors from log files. Not only our model uses the user/resource attributes, but it also utilizes their behaviors to detect the abnormal users even with valid attributes. This model principally uses the behaviors of a given user to grant or deny access requests. The concept of a user's behavior will be introduced, and we present a feature construction method to model users' access behaviors. As the proof of concept, machine learning algorithms are trained and tested using a database from UCI Machine Learning Repository. Experimental results illustrate that our model is efficient, accurate, and promising in detecting authorized users with abnormal behaviors.