Download
1 / 1
10 likes | 150 Vues
This work explores the application of statistical machine learning techniques, specifically clustering and classification, in Behavior-Based Access Control (BBAC) to predict actor intent during TCP connections and HTTP requests. We seek to address critical questions around grouping similar behaviors, detecting suspicious actions, mitigating false positives, and effectively managing administrative alerts. Sponsored by the Air Force Research Laboratory (AFRL), our research aims to improve how new actors are assigned to behavioral groups and how administrators can select classifiers and set policy effectively.
E N D
User Selection of Clusters and Classifiers in Behavior Based Access Control BBAC uses statistical machine learning techniques (clustering and classification) to make predictions about the intent of actors establishing TCP connections and HTTP requests. We are currently trying to answer the following questions: How to group similar behaviors? How to detect suspicious behavior? How to correct false positives? How do administrators assign new actors to a behavioral group? How to alert the administrator of suspicious behavior? How do administrators select classifiers / set policy? This work was sponsored by the Air Force Research Laboratory (AFRL). DISTRIBUTION A: Approved for public release; distribution unlimited (Case Number 88ABW-2013-1041) New Training / Clustering Data Training Data Data Streams in Train Classifiers Cluster Roles User traffic Classification results Admin Alerts Suspicious clustering changes Assigning new machines to cluster Modifying classifier
