nach oben

Erschienen in:

2019 | OriginalPaper | Buchkapitel

Risk-Based Static Authentication in Web Applications with Behavioral Biometrics and Session Context Analytics

verfasst von : Jesus Solano, Luis Camacho, Alejandro Correa, Claudio Deiro, Javier Vargas, Martín Ochoa

Erschienen in: Applied Cryptography and Network Security Workshops

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

In order to improve the security of password-based authentication in web applications, it is a common industry practice to profile users based on their sessions context, such as IP ranges and Browser type. On the other hand, behavioral dynamics such as mouse and keyword features have been proposed in order to improve authentication, but have been shown most effective only in continuous authentication scenarios. In this paper we propose to combine both fingerprinting and behavioral dynamics (for mouse and keyboard) in order to increase security of login mechanisms. We do this by using machine learning techniques that aim at high accuracy, and only occasionally raise alarms for manual inspection. Our combined approach achieves an AUC of 0.957. We discuss the practicality of our approach in industrial contexts.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nächstes Kapitel Using Honeypots in a Decentralized Framework to Defend Against Adversarial Machine-Learning Attacks

Nur mit Berechtigung zugänglich

Alaca, F., Van Oorschot, P.C.: Device fingerprinting for augmenting web authentication: classification and analysis of methods. In: Proceedings of the 32nd Annual Conference on Computer Security Applications. pp. 289–301. ACM (2016)

Bonneau, J., Herley, C., Stajano, F.M., et al.: Passwords and the evolution of imperfect authentication. Commun. ACM 58, 78–87 (2014)CrossRef

Nakibly, G., Shelef, G., Yudilevich, S.: Hardware fingerprinting using HTML5, pp. 1–13 (2015)

Harilal, A., et al.: The Wolf Of SUTD (TWOS): a dataset of malicious insider threat behavior based on a gamified competition. J. Wirel. Mob. Netw. 9, 54–85 (2018). https://doi.org/10.22667/JOWUA.2018.03.31.054CrossRef

Sanchez-Rola, I., Santos, I., Balzarotti, D.: Clock around the clock: time-based device fingerprinting, pp. 1–13 (2018)

Kaspersky: Zeus malware (2019). https://usa.kaspersky.com/resource-center/threats/zeus-virus

Bailey, K.O., Okolica, J.S., Peterson, G.L.: User identification and authentication using multi-modal behavioral biometrics. Comput. Secur. 43, 77–89 (2014)CrossRef

Misbahuddin, M., Bindhumadhava, B.S., Dheeptha, B.: Design of a risk based authentication system using machine learning techniques. In: 2017 IEEE SmartWorld, Ubiquitous Intelligence Computing, Advanced Trusted Computed, Scalable Computing Communications, Cloud Big Data Computing, Internet of People and Smart City Innovation, pp. 1–6 (2017)

Mondal, S., Bours, P.: Combining keystroke and mouse dynamics for continuous user authentication and identification. In: 2016 IEEE International Conference on Identity, Security and Behavior Analysis (ISBA), pp. 1–8. IEEE (2016)

10.

Newman, L.: Hacker lexicon: what is credential stuffing? Wired Magazine (2019). https://www.wired.com/story/what-is-credential-stuffing/

11.

Perrig, A.: Shortcomings of password-based authentication. In: 9th USENIX Security Symposium, vol. 130. ACM (2000)

12.

Salem, M.B., Hershkop, S., Stolfo, S.J.: A survey of insider attack detection research. In: Stolfo, S.J., Bellovin, S.M., Keromytis, A.D., Hershkop, S., Smith, S.W., Sinclair, S. (eds.) Insider Attack and Cyber Security. ADIS, vol. 39, pp. 69–90. Springer, Boston (2008). https://doi.org/10.1007/978-0-387-77322-3_5CrossRef

13.

Shen, C., Cai, Z., Guan, X., Wang, J.: On the effectiveness and applicability of mouse dynamics biometric for static authentication: a benchmark study. In: 2012 5th IAPR International Conference on Biometrics (ICB) (2012)

14.

Swati Gurav, R.G., Mhangore, S.: Combining keystroke and mouse dynamics for user authentication. Int. J. Emerg. Trends Technol. Comput. Sci. (IJETTCS) 6, 055–058 (2017)

15.

Kohno, T., Broido, A., Claffy, K.C.: Remote physical device fingerprinting, pp. 1–13 (2004)

16.

Traore, I., Woungang, I., Obaidat, M.S., Nakkabi, Y., Lai, I.: Combining mouse and keystroke dynamics biometrics for risk-based authentication in web environments. In: 2012 Fourth International Conference on Digital Home (2012)

17.

Yampolskiy, R.V., Govindaraju, V.: Behavioural biometrics: a survey and classification. Int. J. Biom. 1(1), 81–113 (2008)

18.

Cao, Y., Li, S., Wijmans, E.: (cross-)browser fingerprinting via os and hardware level features, pp. 1–15 (2017)

19.

Zheng, N., Paloski, A., Wang, H.: An efficient user verification system via mouse movements. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 139–150. ACM (2011)

Titel: Risk-Based Static Authentication in Web Applications with Behavioral Biometrics and Session Context Analytics
verfasst von: Jesus Solano
Luis Camacho
Alejandro Correa
Claudio Deiro
Javier Vargas
Martín Ochoa
Verlag: Springer International Publishing
Buch: Applied Cryptography and Network Security Workshops
Print ISBN: 978-3-030-29728-2

Electronic ISBN: 978-3-030-29729-9

Copyright-Jahr: 2019
DOI: https://doi.org/10.1007/978-3-030-29729-9_1

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"