University of Twente Student Theses
An Explainable Machine Learning Approach to Risk-Adaptive Access Control
Houtsma, Ramon (2022) An Explainable Machine Learning Approach to Risk-Adaptive Access Control.
PDF
1MB |
Abstract: | Introduction. Existing Access Control Systems, such as Role-based and Attributebased Access Control, are rigid and complex in large-scale organizations. Risk-Adaptive Access Control provides a dynamic solution but is still in a conceptual stage. This research proposes an artificial neural network as a self-learning decision engine for RAdAC through a proof-of-concept with synthetic data. Methodology. Synthetic data of access requests with realistic attributes is generated and then labeled with policy-based permit/deny actions and risk-based risk scores. The risk scores are modeled using attack trees. Three neural networks are trained on the data: a binary classifier to predict actions, and a multi-class classifier and a regression model to predict risk scores. Results. Two large datasets of 30000 access requests, a trainingand test set, were generated with an ‘action’ class imbalance of 72/28%. Risk scores produced by the attack tree inversely correlate with the action labels, as expected. The binary classifier achieves a Matthew’s correlation coefficient of 0.90; the multilabel classifier achieves a categorical accuracy of 0.90; while the regression model achieves a root mean squared error of 0.10. Conclusion. The proof-of-concept shows promise though the model performances are hard to compare since they were achieved on synthetic data. Neural networks appear capable of tackling the risk-adaptive access control problem, demonstration on real-world data is the next step. A probabilistic attack tree shows potential as a risk quantification method, though it remains to be demonstrated in a real-world setting. A decision model prediction explorer using the XAI technique ‘LIME’ could provide a solution for the explainability of the decisions. This research is one step towards the real-world adoption of RAdAC. |
Item Type: | Essay (Master) |
Faculty: | EEMCS: Electrical Engineering, Mathematics and Computer Science |
Subject: | 54 computer science |
Programme: | Computer Science MSc (60300) |
Link to this item: | https://purl.utwente.nl/essays/89740 |
Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Repository Staff Only: item control page