University of Twente Student Theses


An Explainable Machine Learning Approach to Risk-Adaptive Access Control

Houtsma, Ramon (2022) An Explainable Machine Learning Approach to Risk-Adaptive Access Control.

[img] PDF
Abstract:Introduction. Existing Access Control Systems, such as Role-based and Attributebased Access Control, are rigid and complex in large-scale organizations. Risk-Adaptive Access Control provides a dynamic solution but is still in a conceptual stage. This research proposes an artificial neural network as a self-learning decision engine for RAdAC through a proof-of-concept with synthetic data. Methodology. Synthetic data of access requests with realistic attributes is generated and then labeled with policy-based permit/deny actions and risk-based risk scores. The risk scores are modeled using attack trees. Three neural networks are trained on the data: a binary classifier to predict actions, and a multi-class classifier and a regression model to predict risk scores. Results. Two large datasets of 30000 access requests, a trainingand test set, were generated with an ‘action’ class imbalance of 72/28%. Risk scores produced by the attack tree inversely correlate with the action labels, as expected. The binary classifier achieves a Matthew’s correlation coefficient of 0.90; the multilabel classifier achieves a categorical accuracy of 0.90; while the regression model achieves a root mean squared error of 0.10. Conclusion. The proof-of-concept shows promise though the model performances are hard to compare since they were achieved on synthetic data. Neural networks appear capable of tackling the risk-adaptive access control problem, demonstration on real-world data is the next step. A probabilistic attack tree shows potential as a risk quantification method, though it remains to be demonstrated in a real-world setting. A decision model prediction explorer using the XAI technique ‘LIME’ could provide a solution for the explainability of the decisions. This research is one step towards the real-world adoption of RAdAC.
Item Type:Essay (Master)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science MSc (60300)
Link to this item:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page