Malicious User Detection using Honeywords

Abstract

Malicious users can steal user credentials by launching various attacks. In most of such scenarios, honeywords are proven to be the best way to detect failure and unauthorized access. However, there are some flaws in honeyword based malicious user detection systems such as lack of integrity handling and robust confidentiality mechanism. We have proposed hybrid approach for honeyword generation using chaffing by tweaking digit and take a tail method. We also proposed modified BLAST algorithm to detect malicious users. If a fraudulent user is detected, an email is sent to the administrator. Additionally, QR Code is being used to strengthen overall security of login process. The proposed approach reduces risk of data theft from users. The hybrid model is performing better compared with all other honeyword generation techniques. In addition, user password hashes are stored in the database, reducing the risk of password cracking.