{"title":"使用自适应身份认证防御身份威胁","authors":"Lalitha Sravanti Dasu, Mannav Dhamija, Gurram Dishitha, Ajith Vivekanandan, Sarasvathi V","doi":"10.1109/I2CT57861.2023.10126295","DOIUrl":null,"url":null,"abstract":"Defending against identity-based threats and attacks which have tremendously grown in number in the age of remote working and access, requires intelligent, strategic, nonconventional, and dynamic ways of authentication and authorization. This paper aims to make identity security risk-based and hence adaptive by devising risk-scoring algorithms for five real-time use cases in detail. Zero-trust security principles are incorporated by continually collecting sign-in logs and analyzing them to check for any suspicious activities or anomalies to make it a dynamic approach. Based on the risk scores calculated users are segregated as risky and non-risky. While many adaptive authentication approaches have been proposed, the identities are confined just to users. Moreover, they lack emphasis on practical risk evaluation techniques. This work considers devices as an identity too and categorizes them as registered and unregistered devices. Further, results are made available to security administrators by displaying them on a dashboard for them to analyze and make necessary decisions like mitigation, multi-level authentication, or any other access control policies as such.","PeriodicalId":150346,"journal":{"name":"2023 IEEE 8th International Conference for Convergence in Technology (I2CT)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2023-04-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Defending Against Identity Threats using Adaptive Authentication\",\"authors\":\"Lalitha Sravanti Dasu, Mannav Dhamija, Gurram Dishitha, Ajith Vivekanandan, Sarasvathi V\",\"doi\":\"10.1109/I2CT57861.2023.10126295\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Defending against identity-based threats and attacks which have tremendously grown in number in the age of remote working and access, requires intelligent, strategic, nonconventional, and dynamic ways of authentication and authorization. This paper aims to make identity security risk-based and hence adaptive by devising risk-scoring algorithms for five real-time use cases in detail. Zero-trust security principles are incorporated by continually collecting sign-in logs and analyzing them to check for any suspicious activities or anomalies to make it a dynamic approach. Based on the risk scores calculated users are segregated as risky and non-risky. While many adaptive authentication approaches have been proposed, the identities are confined just to users. Moreover, they lack emphasis on practical risk evaluation techniques. This work considers devices as an identity too and categorizes them as registered and unregistered devices. Further, results are made available to security administrators by displaying them on a dashboard for them to analyze and make necessary decisions like mitigation, multi-level authentication, or any other access control policies as such.\",\"PeriodicalId\":150346,\"journal\":{\"name\":\"2023 IEEE 8th International Conference for Convergence in Technology (I2CT)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-04-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2023 IEEE 8th International Conference for Convergence in Technology (I2CT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/I2CT57861.2023.10126295\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE 8th International Conference for Convergence in Technology (I2CT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/I2CT57861.2023.10126295","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Defending Against Identity Threats using Adaptive Authentication
Defending against identity-based threats and attacks which have tremendously grown in number in the age of remote working and access, requires intelligent, strategic, nonconventional, and dynamic ways of authentication and authorization. This paper aims to make identity security risk-based and hence adaptive by devising risk-scoring algorithms for five real-time use cases in detail. Zero-trust security principles are incorporated by continually collecting sign-in logs and analyzing them to check for any suspicious activities or anomalies to make it a dynamic approach. Based on the risk scores calculated users are segregated as risky and non-risky. While many adaptive authentication approaches have been proposed, the identities are confined just to users. Moreover, they lack emphasis on practical risk evaluation techniques. This work considers devices as an identity too and categorizes them as registered and unregistered devices. Further, results are made available to security administrators by displaying them on a dashboard for them to analyze and make necessary decisions like mitigation, multi-level authentication, or any other access control policies as such.