Attribute Based Access Control Scheme With Efficient Policy Validation Techniques And Rule Specific Cluster Merging Algorithm

Abstract

newline vi newlineABSTRACT newlineIDS (Intrusion Detection System) is the first phase of the cyber security system. The newlinerole of IDS is to detect an intrusion or abnormal activities and report to the security system. newlineAccess control model (ACM) is one of the detection techniques used in IDS. ACM newlineestablishes security rules or policies to detect and prevent intrusion. As many ACMs (such newlineas DAC, MAC, and RBAC) have been proposed, the research on ABAC is getting more newlineattention due to its flexibility and efficiency. newlineAlthough ABAC fulfills the security requirements of today s computing technologies, newlinepolicy errors affect the overall system and cause dangerous security issues. Policy newlinevalidation is performed at every cluster of security rules instead of every rule to reduce the newlinecomplexity and increase the performance. The existing clustering approaches generate newlinemore clusters, large-sized clusters, and compare every non-clustered rule with all the newlineexisting clusters for merging. Hence, they require high computation time and increase the newlinecomplexity of the clustering process. And also, in previous approaches, the policy error newlinerule-redundancy is resolved after clustering security rules. This methodology increases the newlinecluster size and computation time. The previous approaches skipped or missed some newlineserious issues or have not resolved all the considerable errors such as rule inadequacy and newlinerule discrepancy. It causes dangerous security issues like the intrusion of fraud people or newlinesevere attacks like data loss and denial of service. newlineIn the proposed research work, the ABAC scheme is proposed with efficient policy newlinevalidation techniques. The clustering algorithm RSCM (Rule Specific Cluster Merging) is newlineproposed to reduce the complexity and computation time. In this approach, every nonclustered newlinerule is compared with the clusters where similarity is possible. The proposed newlineABAC scheme finds and addresses the policy errors rules-redundancy, rules-discrepancy, newlinerules-inadequacy, and conflict-demand anomaly. The approach RRR (Resolving Rule newlineRedundanc