Risk-based Authentication Based on Network Latency Profiling

Abstract

Impersonation attacks against web authentication servers have been increasing in complexity over the last decade. Tunnelling services, such as VPNs or proxies, can be for instance used to faithfully impersonate victims in foreign countries. In this paper we study the detection of user authentication attacks involving network tunnelling geolocation deception. For that purpose we explore different models to profile a user based on network latencies. We design a classical machine learning model and a deep learning model to profile web resource loading times collected on client-side. In order to test our approach we profiled network latencies for 86 real users located around the globe. We show that our proposed novel network profiling is able to detect up to 88.3% of attacks using VPN tunneling schemes