{"title":"Evalt:攻击前隐式认证","authors":"Lingyu Wang, Chen Li, Bibo Tu","doi":"10.1109/ICT52184.2021.9511466","DOIUrl":null,"url":null,"abstract":"Privileged credentials are one of the key targets of attackers. Password authentication is plagued by phishing scams and keyloggers for years. Using a second factor, such as user behavior, as a part of the authentication process offers higher assurance. A great deal of research has been proposed to authenticate based on the behavior of various entities. However, they often play effects after user logging on to the system. Even if the attacks are detected successfully, the malicious activities have been performed and the damage is done. In this paper, we present Evalt, an implicit approach that takes effect before user logging on to enhance authentication with an additional security layer. Evalt exploits the features extracted from authentication events to detect anomalies. Hence it could block the attackers before they cause damage to systems. We test Evalt on an open-source Windows security log dataset. The experiment shows that our method could identify threats with a good performance before the actual damage occurs based on the authentication events' features.","PeriodicalId":142681,"journal":{"name":"2021 28th International Conference on Telecommunications (ICT)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Evalt: Authenticate Implicitly Before Attacks\",\"authors\":\"Lingyu Wang, Chen Li, Bibo Tu\",\"doi\":\"10.1109/ICT52184.2021.9511466\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Privileged credentials are one of the key targets of attackers. Password authentication is plagued by phishing scams and keyloggers for years. Using a second factor, such as user behavior, as a part of the authentication process offers higher assurance. A great deal of research has been proposed to authenticate based on the behavior of various entities. However, they often play effects after user logging on to the system. Even if the attacks are detected successfully, the malicious activities have been performed and the damage is done. In this paper, we present Evalt, an implicit approach that takes effect before user logging on to enhance authentication with an additional security layer. Evalt exploits the features extracted from authentication events to detect anomalies. Hence it could block the attackers before they cause damage to systems. We test Evalt on an open-source Windows security log dataset. The experiment shows that our method could identify threats with a good performance before the actual damage occurs based on the authentication events' features.\",\"PeriodicalId\":142681,\"journal\":{\"name\":\"2021 28th International Conference on Telecommunications (ICT)\",\"volume\":\"30 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 28th International Conference on Telecommunications (ICT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICT52184.2021.9511466\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 28th International Conference on Telecommunications (ICT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICT52184.2021.9511466","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Privileged credentials are one of the key targets of attackers. Password authentication is plagued by phishing scams and keyloggers for years. Using a second factor, such as user behavior, as a part of the authentication process offers higher assurance. A great deal of research has been proposed to authenticate based on the behavior of various entities. However, they often play effects after user logging on to the system. Even if the attacks are detected successfully, the malicious activities have been performed and the damage is done. In this paper, we present Evalt, an implicit approach that takes effect before user logging on to enhance authentication with an additional security layer. Evalt exploits the features extracted from authentication events to detect anomalies. Hence it could block the attackers before they cause damage to systems. We test Evalt on an open-source Windows security log dataset. The experiment shows that our method could identify threats with a good performance before the actual damage occurs based on the authentication events' features.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
