An Adaptable and Distributed Access Control Approach Based on Machine Learning Techniques in a BYOD Environment

Abstract

Traditional access control systems, such as role-based access control (RBAC), attribute-based access control (ABAC), or relationship-based access control (ReBAC), may limit policy decision points due to the potential for status changes in response to minor changes in user and resource properties. Additionally, system administrators must rely on solutions that require complex rules with multiple conditions and permissions for decision control, which can lead to access control issues such as policy conflicts, decision-making bottlenecks, poor performance, and trust and privacy issues related to policy management. This thesis presents three security access control mechanisms to overcome these limitations. Firstly, it proposes a method of enforcing access decisions that is adaptable and dynamic, based on a multi-layer deep learning hybrid model (TabularDNN). The technique converts all input attributes from an access request into an allow or deny decision using multiple layers to ensure accurate and efficient access control. Furthermore, the proposed solution was evaluated using the Kaggle-Amazon access control policy dataset; the results indicated a 94\% accuracy rate, demonstrating enhanced access decision implementation by considering various resource and user attributes. Additionally, it ensures privacy through indirect communication with the Policy Administration Point (PAP). This mechanism improves flexibility and provides dynamic and adaptable access control, demonstrating the proposed method's efficiency and reliability. Secondly, this dissertation presents an access decision-making algorithm for access control-based supervised learning, enhancing policy decision points (PDPs) by converting the PDP problem into a binary classification for access requests. The research describes a vector decision classifier that uses machine learning methods, specifically implementing the random forest algorithm, to make accurate access decisions and enable dynamic, distributed PDPs. Performance was evaluated using the Kaggle-Amazon access control policy dataset, comparing the proposed mechanism to previous research benchmarks for performance, time, and flexibility. The method ensures privacy for access control policies by preventing direct communication between the PDP and PAP. The study showed that PDP-based machine learning could navigate multiple policies and large access requests with 95\% accuracy, a 0.15-second response time, and no policy conflicts. This method improves security by implementing a distributed access control system that is dynamic, adaptable, and flexible. Finally, it presents an adaptive policy adjustment based on anomaly detection methods using machine learning algorithms. This method conducts risk monitoring and anomaly detection and features an adaptive policy mechanism that dynamically adjusts policies based on detected anomalies. The UNSW-NB15 dataset was used to evaluate the solution's performance. The results highlighted a detection accuracy of 95\% with a response time of approximately 0.5 seconds. The adaptive policy adjustment achieves a 97\% accuracy rate. The mechanism improves insider threat detection and access control simultaneously while optimizing and simplifying the process of managing policies. This method effectively addresses the critical trust and privacy challenges associated with policy management in corporate environments.