Go to HCI 2021 homepageSecurity Rules Identification and Validation: The Role of Explainable Clustering and Information Visualisation
Abstract: In the context of data access and export control from enterprise information systems, one of the issue is the generation of the rules. Currently, this time consuming and difficult task is highly based on experience. Expert security analysts merge their experience of Enterprise Resource Planning (ERP) systems with the random exploration of the logs generated by the system to try to envision the most relevant attack paths. This project allowed to explore different approaches for creating support for human experts in security rule identification and validation, while preserving interpretability of the results and inspectability of the approach used. This resulted in a tool that complements the security engine by supporting experts in defining uncommon patterns as security-related events to be monitored and vetted by the event classification engine. The result is a promising instrument allowing the human inspection of candidate security-related relevant events/patterns. Main focus being the definition of security rules to be enforced by the specific security engine at run-time. An initial evaluation round shows a positive trend into the users’ perception, even tough a miss of contextual information still hinders its usage by more business-oriented profiles.
0 Replies
Loading