Service specific anomaly detection for network intrusion detection
Proceedings of the 2002 ACM symposium on Applied computing
Towards a User-Centric Identity-Usage Monitoring System
ICIMP '08 Proceedings of the 2008 The Third International Conference on Internet Monitoring and Protection
Taxonomy of nominal type histogram distance measures
MATH'08 Proceedings of the American Conference on Applied Mathematics
A multi-model approach to the detection of web-based attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
User-centric handling of identity agent compromise
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Effective and efficient malware detection at the end host
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Anomalous payload-based worm detection and signature generation
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Towards an artificial immune system for online fraud detection
ICARIS'11 Proceedings of the 10th international conference on Artificial immune systems
| Hi-index | 0.00 |
For e-commerce companies providing online services, fraudulent access resulting from theft of identity credentials is a serious concern. Such online service providers deploy a variety of defenses and invest significant time and effort to the analysis of a large amount of log data to detect malicious activities and their impact. To reduce this burden, we explore the effectiveness of an anomaly detection based approach that relies on identity credential usage log records. More specifically, we use an anomaly-based metric to score the risk of each identity credential usage, e.g., a login request. Scores are determined based on categorical attribute values extracted from log records, such as timestamps. We utilize actual log data of login attempts to a university portal to evaluate the effectiveness of this approach. Our approach can work in conjunction with intrusion or fraud detection systems. It is also possible that stronger authentication can be required only when the risk score is high, which can help balance security and usability demands.