Security-Enhanced Linux (SELinux) is a robust security mechanism that enforces mandatory access controls (MAC), but its policy language's complexity creates challenges for policy analysis and management. This research investigates the automation of SELinux policy analysis using graph-based techniques combined with machine learning approaches to detect policy anomalies. The study addresses two key questions: Can SELinux policy analysis be automated through graph analysis, and how do different anomaly detection models compare in analyzing SELinux policies? We will be comparing different machine learning models by evaluating their effectiveness in detecting policy violations and anomalies. Our approach utilizes Neo4j for graph representation of policies, with Node2vec transforming these graph structures into meaningful vector embeddings that can be processed by our machine learning models. In our results, the MLP Neural Network consistently demonstrated superior performance across different dataset sizes, achieving 95% accuracy with balanced precision and recall metrics, while both Random Forest and SVM models showed competitive but slightly lower performance in detecting policy violations. This combination of graph-based modeling and machine learning provides a more sophisticated and automated approach to understanding and analyzing complex SELinux policies compared to traditional manual analysis methods.

翻译：安全增强型Linux（SELinux）是一种强制执行强制访问控制（MAC）的健壮安全机制，但其策略语言的复杂性给策略分析与管理带来了挑战。本研究探讨了如何结合基于图的技术与机器学习方法来自动化SELinux策略分析，以检测策略异常。该研究解决了两个关键问题：SELinux策略分析能否通过图分析实现自动化？以及不同的异常检测模型在分析SELinux策略时表现如何？我们将通过评估不同机器学习模型在检测策略违规与异常方面的有效性来进行比较。我们的方法利用Neo4j进行策略的图表示，并通过Node2vec将这些图结构转化为可由机器学习模型处理的有意义的向量嵌入。在我们的结果中，MLP神经网络在不同数据集规模下均表现出卓越的性能，达到了95%的准确率，同时保持了精确率与召回率的平衡；而随机森林与SVM模型在检测策略违规方面也表现出竞争力，但性能略低。与传统的、基于人工的分析方法相比，这种基于图的建模与机器学习的结合，为理解和分析复杂的SELinux策略提供了一种更精细、更自动化的途径。