Comparative Analysis of Isolation Forest and LSTM-Based Anomaly Detection in Attribute-Based Access Control (ABAC) Policies
摘要
In the ever-evolving landscape of information security, Attribute Based Access Control (ABAC) policies play a pivotal role in regulating fine-grained access to sensitive information and resources. However, anomalies within these policies pose significant risks, potentially leading to unauthorized access or operational disruptions. Using machine learning for anomaly detection in ABAC policies effectively identifies unusual access requests, potential security threats, and unauthorized access. However, existing schemes could not perform better in high-dimensional, sparse ABAC policy data. Therefore, other machine learning models are essential in ABAC for anomaly detection, helping identify normal access patterns and detect unusual behaviors in complex, high-dimensional environments. In this paper, we implement two machine learning-based techniques for anomaly detection in ABAC control policy: Isolation Forest and Long Short-Term Memory (LSTM) networks—specifically designed to detect anomalies in ABAC policies. Isolation forest is an unsupervised learning algorithm specifically designed to identify anomalies within a high dimensional and scalable dataset. LSTM-based anomaly detection enhance ABAC policies by adding layers of detection that operate statically (based on attribute combinations) and dynamically (based on temporal patterns), making the system more resilient to unauthorized access attempts. Also, by systematically evaluating the strengths and limitations of these approaches, we aim to guide practitioners in selecting the most effective anomaly detection method tailored to the complexities of ABAC systems.