Machine Learning-Based Security Policy Analysis
Krish Jain, Joann Sum, Pranav Kapoor, Amir Eaman
TL;DR
This paper presents an automated approach for analyzing SELinux security policies by combining graph-based modeling with machine learning, significantly improving anomaly detection accuracy over traditional manual methods.
Contribution
It introduces a novel method integrating graph analysis with machine learning to automate SELinux policy analysis and anomaly detection.
Findings
MLP neural network achieved 95% accuracy in detecting policy violations.
Graph-based representations improved anomaly detection effectiveness.
MLP outperformed Random Forest and SVM models in this task.
Abstract
Security-Enhanced Linux (SELinux) is a robust security mechanism that enforces mandatory access controls (MAC), but its policy language's complexity creates challenges for policy analysis and management. This research investigates the automation of SELinux policy analysis using graph-based techniques combined with machine learning approaches to detect policy anomalies. The study addresses two key questions: Can SELinux policy analysis be automated through graph analysis, and how do different anomaly detection models compare in analyzing SELinux policies? We will be comparing different machine learning models by evaluating their effectiveness in detecting policy violations and anomalies. Our approach utilizes Neo4j for graph representation of policies, with Node2vec transforming these graph structures into meaningful vector embeddings that can be processed by our machine learning models.…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Security and Intrusion Detection · Information and Cyber Security
Methodsnode2vec · Support Vector Machine