Detecting Malicious Authentication Events Trustfully
| Title | Detecting Malicious Authentication Events Trustfully |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Authors | Kaiafas, G., Varisteas, G., Lagraa, S., State, R., Nguyen, C. D., Ries, T., Ourdane, M. |
| Conference Name | NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium |
| Date Published | apr |
| Keywords | anomaly detection, authentication, authentication event, Bipartite graph, Collaboration, Computational modeling, false attacks, false negative rate, false positive rate, false trust, feature extraction, Forestry, learning (artificial intelligence), legitimate user behavior, logistic regression model, Logistics, LogitBoost model, Los Alamos dataset, malicious authentication event detection, malicious class, pattern classification, policy-based governance, Predictive models, pubcrawl, random forest model, regression analysis, resilience, Resiliency, Scalability, security logs, supervised learning technique, Trusted Computing, trustful predictions, ultimately majority voting model |
| Abstract | Anomaly detection on security logs is receiving more and more attention. Authentication events are an important component of security logs, and being able to produce trustful and accurate predictions minimizes the effort of cyber-experts to stop false attacks. Observed events are classified into Normal, for legitimate user behavior, and Malicious, for malevolent actions. These classes are consistently excessively imbalanced which makes the classification problem harder; in the commonly used Los Alamos dataset, the malicious class comprises only 0.00033% of the total. This work proposes a novel method to extract advanced composite features, and a supervised learning technique for classifying authentication logs trustfully; the models are Random Forest, LogitBoost, Logistic Regression, and ultimately Majority Voting which leverages the predictions of the previous models and gives the final prediction for each authentication event. We measure the performance of our experiments by using the False Negative Rate and False Positive Rate. In overall we achieve 0 False Negative Rate (i.e. no attack was missed), and on average a False Positive Rate of 0.0019. |
| URL | https://ieeexplore.ieee.org/document/8406295 |
| DOI | 10.1109/NOMS.2018.8406295 |
| Citation Key | kaiafas_detecting_2018 |
- resilience
- malicious authentication event detection
- malicious class
- pattern classification
- policy-based governance
- Predictive models
- pubcrawl
- random forest model
- regression analysis
- Los Alamos dataset
- Resiliency
- Scalability
- security logs
- supervised learning technique
- Trusted Computing
- trustful predictions
- ultimately majority voting model
- false trust
- authentication
- authentication event
- Bipartite graph
- collaboration
- Computational modeling
- false attacks
- false negative rate
- false positive rate
- Anomaly Detection
- feature extraction
- Forestry
- learning (artificial intelligence)
- legitimate user behavior
- logistic regression model
- Logistics
- LogitBoost model