A Security Analysis Method for Access Control Graphs Based on DeepWalk Node Embedding

Abstract

In this article, we will discuss how large-scale dynamic information systems can detect access control anomalies. An automatic security analysis based on the DeepWalk node embedding framework is proposed for enterprise-level access control graphs. In the extraction of the graph structure, random walks map the relationships between explicit and implicit users, resources, and permissions into dense vectors. By using the aforementioned embeddings for unsupervised anomaly scoring and permission path risk assessment, the system can effectively identify configuration errors and suspicious access patterns. For the experiment, a large-scale dataset was obtained from multiple commercial cloud platforms in fields such as healthcare and banking, containing over 100,000 accounts and more than 1 million audit objects. Based on the above results, the three models for medical, financial, and cloud scenarios achieved AUC values of 0.96, 0.95, and 0.94, respectively. Compared to previous methods, the current detection time averages 2 hours, and the false positive rate has also been reduced by 60%. Ablation and cross-domain robustness studies indicate that the time module and embedding module are crucial for the accuracy and stability of system detection. It is an easy-to-understand real-time analysis method that can be used for enterprise security processes and SIEM platforms. In summary, the aforementioned framework enhances automated access governance and risk monitoring, providing an effective and intelligent foundation for large-scale permission management and policy compliance analysis in modern digital infrastructure.