Behavior-Based Network Access Control: A Proof-of-Concept
نویسندگان
چکیده
Current NAC technologies implement a pre-connect phase where the status of a device is checked against a set of policies before being granted access to a network, and a post-connect phase that examines whether the device complies with the policies that correspond to its role in the network. In order to enhance current NAC technologies, we propose a new architecture based on behaviors rather than roles or identity, where the policies are automatically learned and updated over time by the members of the network in order to adapt to behavioral changes of the devices. Behavior profiles may be presented as identity cards that can change over time. By incorporating an Anomaly Detector (AD) to the NAC server or to each of the hosts, their behavior profile is modeled and used to determine the type of behaviors that should be accepted within the network. These models constitute behavior-based policies. In our enhanced NAC architecture, global decisions are made using a group voting process. Each host’s behavior profile is used to compute a partial decision for or against the acceptance of a new profile or traffic. The aggregation of these partial votes amounts to the model-group decision. This voting process makes the architecture more resilient to attacks. Even after accepting a certain percentage of malicious devices, the enhanced NAC is able to compute an adequate decision. We provide proof-of-concept experiments of our architecture using web traffic from our department network. Our results show that the model-group decision approach based on behavior profiles has a 99% detection rate of anomalous traffic with a false positive rate of only 0.005%. Furthermore, the architecture achieves short latencies for both the preand post-connect phases.
منابع مشابه
Behavior-Based Network Access Control: A Proof-of-Concept
Current NAC technologies implement a pre-connect phase where the status of a device is checked against a set of policies before being granted access to a network, and a post-connect phase that examines whether the device complies with the policies that correspond to its role in the network. In order to enhance current NAC technologies, we propose a new architecture based on behaviors rather tha...
متن کاملAuthorization models for secure information sharing: a survey and research agenda
This article presents a survey of authorization models and considers their 'fitness-for-purpose' in facilitating information sharing. Network-supported information sharing is an important technical capability that underpins collaboration in support of dynamic and unpredictable activities such as emergency response, national security, infrastructure protection, supply chain integration and emerg...
متن کاملAccess and Mobility Policy Control at the Network Edge
The fifth generation (5G) system architecture is defined as service-based and the core network functions are described as sets of services accessible through application programming interfaces (API). One of the components of 5G is Multi-access Edge Computing (MEC) which provides the open access to radio network functions through API. Using the mobile edge API third party analytics applications ...
متن کاملStudying Dynamic behavior of Distributed Parameter Processes Behavior Based on Dominant Gain Concept and it’s Use in Controlling these Processes
In this paper, distributed parameter process systems behavior is studied in frequency domain. Based on the dominant gain concept that is developed for such studies, a method is presented to control distributed parameter process systems. By using dominant gain concept, the location of open loop zeros, resulted from the time delay parameter in the process model, were changed from the right half p...
متن کاملOntology-based access control for social network systems
As the information flowing around in social network systems is mainly related or can be attributed to their users, controlling access to such information by individual users becomes a crucial requirement. The intricate semantic relations among data objects, different users, and between data objects and users further add to the complexity of access control needs. In this paper, we propose an acc...
متن کامل