使用自适应身份认证防御身份威胁

Lalitha Sravanti Dasu, Mannav Dhamija, Gurram Dishitha, Ajith Vivekanandan, Sarasvathi V
{"title":"使用自适应身份认证防御身份威胁","authors":"Lalitha Sravanti Dasu, Mannav Dhamija, Gurram Dishitha, Ajith Vivekanandan, Sarasvathi V","doi":"10.1109/I2CT57861.2023.10126295","DOIUrl":null,"url":null,"abstract":"Defending against identity-based threats and attacks which have tremendously grown in number in the age of remote working and access, requires intelligent, strategic, nonconventional, and dynamic ways of authentication and authorization. This paper aims to make identity security risk-based and hence adaptive by devising risk-scoring algorithms for five real-time use cases in detail. Zero-trust security principles are incorporated by continually collecting sign-in logs and analyzing them to check for any suspicious activities or anomalies to make it a dynamic approach. Based on the risk scores calculated users are segregated as risky and non-risky. While many adaptive authentication approaches have been proposed, the identities are confined just to users. Moreover, they lack emphasis on practical risk evaluation techniques. This work considers devices as an identity too and categorizes them as registered and unregistered devices. Further, results are made available to security administrators by displaying them on a dashboard for them to analyze and make necessary decisions like mitigation, multi-level authentication, or any other access control policies as such.","PeriodicalId":150346,"journal":{"name":"2023 IEEE 8th International Conference for Convergence in Technology (I2CT)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2023-04-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Defending Against Identity Threats using Adaptive Authentication\",\"authors\":\"Lalitha Sravanti Dasu, Mannav Dhamija, Gurram Dishitha, Ajith Vivekanandan, Sarasvathi V\",\"doi\":\"10.1109/I2CT57861.2023.10126295\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Defending against identity-based threats and attacks which have tremendously grown in number in the age of remote working and access, requires intelligent, strategic, nonconventional, and dynamic ways of authentication and authorization. This paper aims to make identity security risk-based and hence adaptive by devising risk-scoring algorithms for five real-time use cases in detail. Zero-trust security principles are incorporated by continually collecting sign-in logs and analyzing them to check for any suspicious activities or anomalies to make it a dynamic approach. Based on the risk scores calculated users are segregated as risky and non-risky. While many adaptive authentication approaches have been proposed, the identities are confined just to users. Moreover, they lack emphasis on practical risk evaluation techniques. This work considers devices as an identity too and categorizes them as registered and unregistered devices. Further, results are made available to security administrators by displaying them on a dashboard for them to analyze and make necessary decisions like mitigation, multi-level authentication, or any other access control policies as such.\",\"PeriodicalId\":150346,\"journal\":{\"name\":\"2023 IEEE 8th International Conference for Convergence in Technology (I2CT)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-04-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2023 IEEE 8th International Conference for Convergence in Technology (I2CT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/I2CT57861.2023.10126295\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE 8th International Conference for Convergence in Technology (I2CT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/I2CT57861.2023.10126295","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

摘要

在远程工作和访问时代,基于身份的威胁和攻击数量急剧增长,因此需要智能、战略性、非常规和动态的身份验证和授权方式。本文旨在通过详细设计五种实时用例的风险评分算法,使身份安全基于风险并因此具有自适应性。零信任安全原则通过不断收集登录日志并对其进行分析以检查任何可疑活动或异常,从而使其成为一种动态方法。根据计算出的风险评分,将用户划分为风险用户和非风险用户。虽然已经提出了许多自适应身份验证方法,但这些身份仅限于用户。此外,它们缺乏对实用风险评估技术的重视。这项工作也将设备视为一种身份,并将其分类为注册和未注册设备。此外,通过将结果显示在仪表板上,安全管理员可以使用结果,以便他们分析并做出必要的决策,如缓解、多级身份验证或任何其他访问控制策略。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Defending Against Identity Threats using Adaptive Authentication
Defending against identity-based threats and attacks which have tremendously grown in number in the age of remote working and access, requires intelligent, strategic, nonconventional, and dynamic ways of authentication and authorization. This paper aims to make identity security risk-based and hence adaptive by devising risk-scoring algorithms for five real-time use cases in detail. Zero-trust security principles are incorporated by continually collecting sign-in logs and analyzing them to check for any suspicious activities or anomalies to make it a dynamic approach. Based on the risk scores calculated users are segregated as risky and non-risky. While many adaptive authentication approaches have been proposed, the identities are confined just to users. Moreover, they lack emphasis on practical risk evaluation techniques. This work considers devices as an identity too and categorizes them as registered and unregistered devices. Further, results are made available to security administrators by displaying them on a dashboard for them to analyze and make necessary decisions like mitigation, multi-level authentication, or any other access control policies as such.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信