Visible to the public LOG-OFF: A Novel Behavior Based Authentication Compromise Detection Approach

Submitted by grigby1 on Fri, 07/21/2023 - 2:16pm
TitleLOG-OFF: A Novel Behavior Based Authentication Compromise Detection Approach
Publication TypeConference Paper
Year of Publication2022
AuthorsLiu, Mingchang, Sachidananda, Vinay, Peng, Hongyi, Patil, Rajendra, Muneeswaran, Sivaanandh, Gurusamy, Mohan
Conference Name2022 19th Annual International Conference on Privacy, Security & Trust (PST)
Date Publishedaug
Keywordsauthentication, Bayes methods, Behavioral sciences, Collaboration, false trust, policy-based governance, Probabilistic logic, pubcrawl, resilience, Resiliency, Scalability, security, Training, user experience
AbstractPassword-based authentication system has been praised for its user-friendly, cost-effective, and easily deployable features. It is arguably the most commonly used security mechanism for various resources, services, and applications. On the other hand, it has well-known security flaws, including vulnerability to guessing attacks. Present state-of-the-art approaches have high overheads, as well as difficulties and unreliability during training, resulting in a poor user experience and a high false positive rate. As a result, a lightweight authentication compromise detection model that can make accurate detection with a low false positive rate is required.In this paper we propose - LOG-OFF - a behavior-based authentication compromise detection model. LOG-OFF is a lightweight model that can be deployed efficiently in practice because it does not include a labeled dataset. Based on the assumption that the behavioral pattern of a specific user does not suddenly change, we study the real-world authentication traffic data. The dataset contains more than 4 million records. We use two features to model the user behaviors, i.e., consecutive failures and login time, and develop a novel approach. LOG-OFF learns from the historical user behaviors to construct user profiles and makes probabilistic predictions of future login attempts for authentication compromise detection. LOG-OFF has a low false positive rate and latency, making it suitable for real-world deployment. In addition, it can also evolve with time and make more accurate detection as more data is being collected.
DOI10.1109/PST55820.2022.9851969
Citation Keyliu_log-off_2022
Groups: