Abstract:Affected by the COVID-19 pandemic, teleworking is becoming more popular, with the exposed attack surface of the internal network expanding. Once outsiders personate accounts or insiders conduct illegal operations, the data security in teleworking with traditional border protection will be broken. Therefore, it is necessary to implement fine-grained and dynamic access control to protect data from malicious access. Attribute-based access control (ABAC) is ideal, where authorization is performed through attributes and rules. On this basis, risk assessment, context awareness, and machine learning are supplemented for dynamic access control. However, these methods have their limitations due to the requirement of sufficient prior knowledge and massive label-classified data. Moreover, it is challenging to obtain the samples of attack behaviors, and the attack behaviors may change frequently to evade detection. In contrast, the normal behaviors are relatively stable except for the update of network services. We propose a dynamic access control model, ABAC-IntroVAE, to address the above issues. ABAC-IntroVAE judges users' requests through rule matching and behavior analysis based on the attributes of the requests. It first filters out requests against the rules by rule matching. Then, the introspective variational autoencoder (IntroVAE) is used for behavior analysis to realize dynamic access decisions. Requests classified as normal can be authorized for access. ABAC-IntroVAE only needs samples of normal requests for training, avoiding the difficult task of collecting massive and frequently changing samples of attack requests. Meanwhile, the IntroVAE model is updated through continual learning to adapt to new-style normal behaviors due to the update of network services. Our experiment study suggests that our proposed ABAC-IntroVAE can effectively perform dynamic access control. It achieves an accuracy of 97.2% in abnormal detection and maintains an accuracy of over 97% through continual learning, despite the addition of new-style user behavior patterns.

A Dynamic Access Control Model Based on Attributes and Intro VAE.

Dynamic Authentication with Sensory Information for the Access Control Systems.

Adaptive ABAC Policy Learning: A Reinforcement Learning Approach

A cloud-user behavior assessment based dynamic access control model

Context-Aware Risk Attribute Access Control

An efficient privacy‐enhanced attribute‐based access control mechanism

FABAC: A Flexible Fuzzy Attribute-Based Access Control Mechanism.

VCAT: Vulnerability-aware and Curiosity-driven Adversarial Training for Enhancing Autonomous Vehicle Robustness

A Feasible Fuzzy-Extended Attribute-Based Access Control Technique

Resource and Attribute Based Access Control Model for System with Huge Amounts of Resources.

A Privacy-Preserving Attribute-Based Access Control Scheme.

AB-TCAD: an Access Behavior-Based Two-Stage Compromised Account Detection Framework

Dynamic fine-grained access control scheme for vehicular ad hoc networks

Improving the Classification Effectiveness of Intrusion Detection by Using Improved Conditional Variational AutoEncoder and Deep Neural Network

Secure Cloud Assisted Smart Cars Using Dynamic Groups and Attribute Based Access Control

Resource-centric Dynamic Access Control in Cloud

A-CAVE: Network abnormal traffic detection algorithm based on variational autoencoder

TDACS: an ABAC and Trust-based Dynamic Access Control Scheme in Hadoop

Toward Effective Intrusion Detection Using Log-Cosh Conditional Variational Autoencoder

Research on Adaptive Dynamic Access Control Model Based on Blockchain and Token

Toward Achieving Fine-Grained Access Control of Data in Connected and Autonomous Vehicles