使用Honeywords进行恶意用户检测

2023 International Conference on Communication System, Computing and IT Applications (CSCITA) Pub Date : 2023-03-31 DOI:10.1109/CSCITA55725.2023.10104807

S. Thakur, S. Chaudhari, Bharti Joshi

{"title":"使用Honeywords进行恶意用户检测","authors":"S. Thakur, S. Chaudhari, Bharti Joshi","doi":"10.1109/CSCITA55725.2023.10104807","DOIUrl":null,"url":null,"abstract":"Malicious users can steal user credentials by launching various attacks. In most of such scenarios, honeywords are proven to be the best way to detect failure and unauthorized access. However, there are some flaws in honeyword based malicious user detection systems such as lack of integrity handling and robust confidentiality mechanism. We have proposed hybrid approach for honeyword generation using chaffing by tweaking digit and take a tail method. We also proposed modified BLAST algorithm to detect malicious users. If a fraudulent user is detected, an email is sent to the administrator. Additionally, QR Code is being used to strengthen overall security of login process. The proposed approach reduces risk of data theft from users. The hybrid model is performing better compared with all other honeyword generation techniques. In addition, user password hashes are stored in the database, reducing the risk of password cracking.","PeriodicalId":224479,"journal":{"name":"2023 International Conference on Communication System, Computing and IT Applications (CSCITA)","volume":"34 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-03-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Malicious User Detection using Honeywords\",\"authors\":\"S. Thakur, S. Chaudhari, Bharti Joshi\",\"doi\":\"10.1109/CSCITA55725.2023.10104807\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Malicious users can steal user credentials by launching various attacks. In most of such scenarios, honeywords are proven to be the best way to detect failure and unauthorized access. However, there are some flaws in honeyword based malicious user detection systems such as lack of integrity handling and robust confidentiality mechanism. We have proposed hybrid approach for honeyword generation using chaffing by tweaking digit and take a tail method. We also proposed modified BLAST algorithm to detect malicious users. If a fraudulent user is detected, an email is sent to the administrator. Additionally, QR Code is being used to strengthen overall security of login process. The proposed approach reduces risk of data theft from users. The hybrid model is performing better compared with all other honeyword generation techniques. In addition, user password hashes are stored in the database, reducing the risk of password cracking.\",\"PeriodicalId\":224479,\"journal\":{\"name\":\"2023 International Conference on Communication System, Computing and IT Applications (CSCITA)\",\"volume\":\"34 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-03-31\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2023 International Conference on Communication System, Computing and IT Applications (CSCITA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSCITA55725.2023.10104807\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 International Conference on Communication System, Computing and IT Applications (CSCITA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSCITA55725.2023.10104807","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

恶意用户可以通过发起各种攻击来窃取用户凭证。在大多数这样的场景中，甜言蜜语被证明是检测故障和未授权访问的最佳方法。然而，基于蜜词的恶意用户检测系统存在一些缺陷，如缺乏完整性处理和可靠的保密机制。我们提出了一种混合方法，通过调整数字和取尾的方法来产生新词。我们还提出了改进的BLAST算法来检测恶意用户。如果检测到欺诈用户，系统将发送邮件给管理员。此外，QR码被用于加强登录过程的整体安全性。所提出的方法降低了用户数据被盗的风险。混合模型的性能优于其他的蜜词生成技术。此外，用户密码散列存储在数据库中，降低了密码被破解的风险。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Malicious User Detection using Honeywords

Malicious users can steal user credentials by launching various attacks. In most of such scenarios, honeywords are proven to be the best way to detect failure and unauthorized access. However, there are some flaws in honeyword based malicious user detection systems such as lack of integrity handling and robust confidentiality mechanism. We have proposed hybrid approach for honeyword generation using chaffing by tweaking digit and take a tail method. We also proposed modified BLAST algorithm to detect malicious users. If a fraudulent user is detected, an email is sent to the administrator. Additionally, QR Code is being used to strengthen overall security of login process. The proposed approach reduces risk of data theft from users. The hybrid model is performing better compared with all other honeyword generation techniques. In addition, user password hashes are stored in the database, reducing the risk of password cracking.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2023 International Conference on Communication System, Computing and IT Applications (CSCITA)

自引率

0.00%

发文量