Formal approach to thwart against insider attacks: A bio-inspired auto-resilient policy regulation framework

摘要

The ever-growing number of cyber crimes and incidents (i.e., data breaches, privilege escalation, and masquerade attacks) indicates that traditional cyber defense mechanisms designed to manage access control and understand human behavioral intent are unable to protect large organizations against organized malicious attacks. The existing state-of-the-art solutions, extensively rely on human decision making and correlation-based analysis, to understand the anomalous intent of an insider. This consequently leads to data breaches, hence making insider threats one of the biggest challenges faced by the cybersecurity community today. To deal with these issues, new access control architectures and models must focus on the integration of threat analytics, auto-resiliency, and fast response time to mitigate an ongoing threat in a timely manner. In this article, to address these issues and limitations, we propose an integrated access control policy regulation framework, designed on biological principles. The proposed framework provides the ground to efficiently integrate Threat Analytics with Policy Regulation Mechanism against insider threats. Another major contribution of this article is to model access control policy regulation mechanism as an auto-regulatory state transition system, which could autonomously change its state (policy configuration) in real-time against an emergent insider threat. As the last step, with the help of formal methods, we rigorously verify, evaluate, and test the performance of our proposed systems on a real-life threat test dataset.