Development of a Web Access Control Technique Based User Access Behavior

The development and the wide spread use of the World Wide Web allow for convenient electronic data storage and distribution all over the world. This convenience has forced organizations in both private and public sectors to make their data available on the web with restricted or limited use. These data includes sensitive data that can be released only to specific requesters. This situation calls for the need of a access control techniques capable of capturing and enforcing the different requirements that the data producer (publisher) may need to control access their data. In fact, there is a need for fine-grained access control techniques which limit access of specific individuals to resources. Previous studies have not yet designed such a system that is reliable enough for such critical applications. This thesis discusses about designs and develops techniques and algorithms for performing web access control. The major objective of the proposed technique referred to as a Secure Web Access Control (SWAC) is to provide mechanisms for control web access based on user access behavior. The SWAC controls access to the web pages depending on user password, date of last request, page visited (URL) and status action. In SWAC technique active user's access transaction pattern is matched with user access transaction pattern discovered from user access history based on mining techniques. A set of algorithms is used for mining user access behavior, preprocessing tasks for data preparation, association rules for defining the rules that describe the correlation between web user access transaction entries patterns, and sequential pattern discovery for finding the sequences of the web user access transaction entries pattern using Prefixspan (Pattern growth via frequent sequence lattice) algorithms. The output is filtered using the query database system (SQL structure query language) to produce the interested web user access transaction entries pattern. Finally the rules induction is applied to the output pattern to make the access control decision (page access is permitted or denied). The necessary steps for the proposed technique are identified, and algorithms of these steps are developed and implemented using Active Server Page (ASP) and then tested on two web pages. The results show that proper preprocessing of the web user access transaction data is required to obtain meaningful user access transaction patterns that could be used to design web access control based on user access behavior. In SWAC the evidence combination technique is developed to provide an access control technique that allows only the authorized users to access to the web data and controls their access authorization. The technique determines which users can access web page resources and ensures that access is restricted to authorized users who have been successlly authenticated. The results of testing the SWAC show good results. The study concludes that limited access to web page resources based on knowledge discovery from a user access behavior gives practical and desirable web access control, and thus is an interesting research direction for future work.

Text FK_2004_44 IR.pdf Download (1MB)

Actions (login required)

View Item