Physical Access Log Analysis: An Unsupervised Clustering Approach for Anomaly Detection

Physical Access Log Analysis: An Unsupervised Clustering Approach for Anomaly Detection

연구 분야: Infrastructure

학회: DSIT 2020: Proceedings of the 3rd International Conference on Data Science and Information Technology

There are ample of research work on the detection of anomalies in the area of cyber security. However, only a few of them focus on physical access security. Physical access control, including employee and guest access and management system, supervised doors or location, surveillance camera, are critical checkpoints of a premise in terms of security monitoring. Breaches of these checkpoints can cause serious damage, where an insider or an outsider (e.g. through social engineering) may gain access to sensitive areas of the premise and may further result in data leakage or disruptions of services. In this paper, we characterise users based on their physical movement behavior and job profile in order to identify users with anomalous physical access behaviour using an unsupervised machine learning algorithm known as the Two Step clustering method. We further evaluate the type of risk posed by these users by comparing the user's behaviour with its peer group and observing a set of rule-based metrics. The framework is then being compared with other recent approaches for anomaly detection of physical access logs. Lastly, this framework is deployed in a real-world environment and successfully assisted in the detection of anomalous physical access behaviour.