User Selection of Clusters and Classifiers in Behavior Based Access Control

1. User Selection of Clusters and Classifiers in Behavior Based Access Control BBAC uses statistical machine learning techniques (clustering and classification) to make predictions about the intent of actors establishing TCP connections and HTTP requests. We are currently trying to answer the following questions: How to group similar behaviors? How to detect suspicious behavior? How to correct false positives? How do administrators assign new actors to a behavioral group? How to alert the administrator of suspicious behavior? How do administrators select classifiers / set policy? This work was sponsored by the Air Force Research Laboratory (AFRL). DISTRIBUTION A: Approved for public release; distribution unlimited (Case Number 88ABW-2013-1041) New Training / Clustering Data Training Data Data Streams in Train Classifiers Cluster Roles User traffic Classification results Admin Alerts Suspicious clustering changes Assigning new machines to cluster Modifying classifier