Paper presented at the SecDef workshop @GECCO 2014, by Enforcing Corporate Security Policies via Computational Intelligence Techniques
Antonio Moral is the main author of the presentation
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Enforcing Corporate Security Policies via Computational Intelligence Techniques
1. SECDEF
Workshop on Genetic and Evolutionary
Computation in Defense, Security and Risk
Management
Antonio Mora, Paloma de las Cuevas, J.J. Merelo
Sergio Zamarripa, Anna I. Esparcia
@MUSESproject
Vancouver (Canada) - 13 July 2014
Enforcing Corporate Security Policies via
Computational Intelligence Techniques
2. Why? - Motivation
• Perception of the user as “the enemy” in corporate security.
• Users’ perception of security as a annoyance.
• Need to engage users in security issues:
–in a friendly way,
–respecting their privacy and
–increasing their trust.
• New challenges: multiple devices, mobility, BYOD policies,
vanishing borders between personal & work environments…
SECDEF 2014 – Enhancing Corporate Security Policies via CI Techniques 2
3. What? - Solution
● A corporate security system that is:
✔ device independent,
✔ user-centric,
✔ self-adaptive,
✔ able to analyse risk and trust in real time,
✔ multiplatform and
✔ open source.
● And takes into account the corporate, technical, legal, social and
economic contexts.
SECDEF 2014 – Enhancing Corporate Security Policies via CI Techniques 3
8. Main feature of the system
SECDEF 2014 – Enhancing Corporate Security Policies via CI Techniques 8
9. Rule refinement example
• Application: Corporate application that takes pictures and it uploads
them to a server.
• Policy: Any employee of the company is allowed to take and upload
pictures to corporate servers only using corporate applications.
• Long term observation: If the application is used outside of the
building, some security risks are observed.
→ Proposed refined rules would require stronger authentication
depending on location, to allow uploading pictures.
SECDEF 2014 – Enhancing Corporate Security Policies via CI Techniques 9
11. Step 1: Initial rules and Data Mining
• Initial Rules: defined by the Chief Security Officer in the company,
according to the Corporate Security Policies.
• Data Mining: Performed on the gathered data in the system, stored
as events (user behaviour).
– Classification → assign classes to new patterns. [GP-based approach]
Example: a classifier for ALLOW/DENY accesses to URLs could go beyond Black and
White lists (it could consider additional variables in addition to the URL).
– Clustering → group similar patterns.
Example: outliers could be considered as anomalous or suspicious patterns.
– Feature Selection → remove less significant variables.
– Data Visualization → show data information for a controller (CSO).
SECDEF 2014 – Enhancing Corporate Security Policies via CI Techniques 11
12. Step 2: Rule Refinement and Adjustment
• Refinement: The set of security rules will be improved in order to better deal
with the detected anomalous patterns or situations (in the Data Mining step).
– Adapt existing rules adjust them to improve the pattern covering (Genetic
Programming trying different antecedents and/or consequents).
– Infer/create new rules for dealing with new detected situations (Genetic
Programming combining sets of terms and values in order to compose new
conditions and actions, i.e. new security rules).
• Adjustment: The rules could be fine-tuned by means of Evolutionary
Algorithms that could try different values for the variables (in the
conditions/antecedents) of the final set of rules.
SECDEF 2014 – Enhancing Corporate Security Policies via CI Techniques 12
13. Step 3: Evaluation
• Manual: The refined (modified or inferred) set of rules will be stored in the
system as DRAFT rules. Then, a human controller (normally the CSO) will
check and, eventually, approve them to be FINAL.
• Automatic: The system will be able to automatically evaluate every potential
rule (it is mandatory during the evolutionary process).
To do it, a LOG of the whole decision process of the system will be stored.
Lately, every potential rule will be evaluated by 'simulating' past security
incidents, and considering how the system would have worked if the rule
being evaluated would have been included in the loop.
SECDEF 2014 – Enhancing Corporate Security Policies via CI Techniques 13
14. How are we doing now?
• Sources released in GitHub
https://github.com/MusesProject/
• Beta available
https://github.com/MusesProject/MusesClient/releases and
for the common infraestructure
https://github.com/MusesProject/Muses/releases
• Still 1 year to go in the project.
SECDEF 2014 – Enhancing Corporate Security Policies via CI Techniques 14
15. THANK YOU
SECDEF 2014 – Enhancing Corporate Security Policies via CI Techniques 15
https://www.musesproject.eu/