Our work titled Going a Step Beyond the Black and White Lists for URL Accesses in the Enterprise by means of Categorical Classifiers, as part of the researh under the MUSES project, has been presented today at the ECTA 2014 conference.
Corporate systems can be secured using an enormous quantity of methods, and the implementation of Black or White lists is among them.
With these lists it is possible to restrict (or to allow) the users the execution of applications or the access to certain URLs, among others. This paper is focused on the latter option. It describes the whole processing of a set of data composed by URL sessions performed by the employees of a company; from the preprocessing stage, including labelling and data balancing processes, to the application of several classification algorithms. The aim is to define a method for automatically make a decision of allowing or denying future URL requests, considering a set of corporate security policies.
Thus, this work goes a step beyond the usual black and white lists, since they can only control those URLs that are specifically included in them, but not by making decisions based in similarity (through classification techniques), or even in other variables of the session, as it is proposed here.
The results show a set of classification methods which get very good classification percentages (95-97%), and which infer some useful rules based in additional features (rather that just the URL string) related to the user’s access. This led us to consider that this kind of tool would be very useful tool for an enterprise.
You can check the presentation at: .