Automatic Rule Extraction from Access Rules Using Genetic Programming

摘要

The security policy rules in companies are generally proposed by the Chief Security Officer (CSO), who must, for instance, select by hand which access events are allowed and which ones should be forbidden. In this work we propose a way to automatically obtain rules that generalise these single-event based rules using Genetic Programming (GP), which, besides, should be able to present them in an understandable way. Our GP-based system obtains good dataset coverage and small ratios of false positives and negatives in the simulation results over real data, after testing different fitness functions and configurations in the way of coding the individuals.