Abstract
This paper considers the problem of internal threats caused by the actions that are performed by the employees who have legal access to the company’s data or by the intruders who compromise the employees’ accounts. Account compromise is considered a serious threat to information security, and it may lead to data theft or system disruption. The presented study contributes to the better understanding of detecting suspicious user behavior based on the data collected from the standard audit logs. A possible solution to this problem is a system for detecting the outliers in standard audit logs and extended user data, which may be a sign of abnormal (suspicious) user behavior. Data outlier detection is based on the log analysis with manually labeled data using the IsolationForest classifier with the adjusted parameters. The machine learning methods support heterogeneous data with different behavioral patterns for each user. Moreover, the increase of feature space using FingerPrintJS library provides higher accuracy of detecting abnormal user behavior.
The research was funded by the Russian Science Foundation (project No. 21-71-00125).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Number of internet users worldwide from 2005 to 2021 (in millions). https://www.statista.com/statistics/273018/number-of-internet-users-worldwide/. Last accessed 1 Dec 2022
Number of internet and social media users worldwide as of July 2022 (in billions). https://www.statista.com/statistics/617136/digital-population-worldwide/. Last accessed 1 Dec 2022
Number of data records exposed worldwide from 1st quarter 2020 to 3rd quarter 2022 (in millions). https://www.statista.com/statistics/1307426/number-of-data-breaches-worldwide. Last accessed 1 Dec 2022
Endicott S (2022) Microsoft: 99.9% of hacked people are compromised for one (ridiculous) reason. https://www.windowscentral.com/microsoft-999-people-get-hacked-one-ridiculous-reason. Last accessed 1 Dec 2022
Zoppi T, Gharib M, Atif M, Bondavalli A (2021) Meta-learning to improve unsupervised intrusion detection in cyber-physical systems. ACM Trans Cyber Phys Syst 5(4):42:1–42:27 (2021). https://doi.org/10.1145/3467470
Zhong M, Zhou Y, Chen G (2021) A security log analysis scheme using deep learning algorithm for IDSs in social network. Secur Commun Netw 2021(5542543):1–13. https://doi.org/10.1155/2021/5542543
Le DC, Zincir-Heywood N (2021) Anomaly detection for insider threats using unsupervised ensembles. IEEE Trans Netw Serv Manage 18(2):1152–1164. https://doi.org/10.1109/TNSM.2021.3071928
Mezina A, Burget R, Travieso-González CM (2021) Network anomaly detection with temporal convolutional network and U-net model. IEEE Access 9:143608–143622 (2021). https://doi.org/10.1109/ACCESS.2021.3121998
Olanrewaju RF, Khan BUI, Morshidi MA, Anwar F, Kiah MLBM (2021) A frictionless and secure user authentication in web-based premium applications. IEEE Access 9:129240–129255. https://doi.org/10.1109/ACCESS.2021.3110310
Rahman MS, Halder S, Uddin MA, Acharjee UK (2021) An efficient hybrid system for anomaly detection in social networks. Cybersecurity 4(10):1–11. https://doi.org/10.1186/s42400-021-00074-w
Roy A, Razia S, Parveen N, Rao AS, Nayak SR, Poonia RC (2020) Fuzzy rule based intelligent system for user authentication based on user behaviour. J Discrete Math Sci Cryptogr 23(2):409–417. https://doi.org/10.1080/09720529.2020.1728894
Dia D, Kahn G, Labernia F, Loiseau Y, Raynaud O (2020) A closed sets based learning classifier for implicit authentication in web browsing. Discrete Appl Math 273:65–80. https://doi.org/10.1016/j.dam.2018.11.016
Class description sklearn.preprocessing.LabelEncoder. https://scikit-learn.org/stable/modules/generated/sklearn.preprocessing.LabelEncoder.html. Last accessed 1 Dec 2022
Yadav D (2022) Categorical encoding using label-encoding and one-hot-encoder. Towards Data Sci. https://towardsdatascience.com/categorical-encoding-using-label-encoding-and-one-hot-encoder-911ef77fb5bd. Last accessed 1 Dec 2022
Description of a datetime module. https://docs.python.org/3/library/datetime.html. Last accessed 1 Dec 2022
Patil P (2022) What is exploratory data analysis? Towards Data Sci. https://towardsdatascience.com/exploratory-data-analysis-8fc1cb20fd15. Last accessed 1 Dec 2022
Data Preprocessing, Loginom. https://wiki.loginom.ru/articles/data-preprocessing.html. Last accessed 1 Dec 2022
Luangmaneerote S (2018) Defences against browser fingerprinting techniques. Doctoral thesis. University of Southampton, Southampton, England
Jiang W, Wang X, Song X, Liu Q, Liu X (2020) Tracking your browser with high-performance browser fingerprint recognition model. China Commun 17(3):168–175. https://doi.org/10.23919/JCC.2020.03.014
Daud NI, Haron GR, Othman SSS (2017) Adaptive authentication: implementing random canvas fingerprinting as user attributes factor. In: 2017 IEEE symposium on computer applications & industrial electronics (ISCAIE). IEEE, Piscataway, pp 152–156. https://doi.org/10.1109/ISCAIE.2017.8074968
ElBanna A, Abdelbaki N (2018) Browsers fingerprinting motives, methods, and countermeasures. In: 2018 international conference on computer, information and telecommunication systems (CITS). IEEE, Piscataway, pp 1–5. https://doi.org/10.1109/CITS.2018.8440163
Zou F, Zhai H (2021) Browser fingerprinting identification using incremental clustering algorithm based on autoencoder. In: 2021 IEEE 23rd international conference on high performance computing & communications; 7th international conference on data science & systems; 19th International conference on smart city; 7th international conference on dependability in sensor, cloud & big data systems & application (HPCC/DSS/SmartCity/DependSys). IEEE, Piscataway, pp 525–532. https://doi.org/10.1109/HPCC-DSS-SmartCity-DependSys53884.2021.00093
Wu T, Song Y, Zhang F, Gao S, Chen B (2021) My site knows where you are: a novel browser fingerprint to track user position. In: ICC 2021—IEEE international conference on communications. IEEE, Piscataway, pp 1–6. https://doi.org/10.1109/ICC42927.2021.9500556
Tuncer T, Ertam F, Dogan S (2021) Automated malware identification method using image descriptors and singular value decomposition. Multimed Tools Appl 80:10881–10900. https://doi.org/10.1007/s11042-020-10317-6
Goix N (2016) How to evaluate the quality of unsupervised anomaly detection algorithms? In: ICML2016 anomaly detection workshop. ICML2016 anomaly detection workshop, New York, NY, USA, pp 1–13. https://doi.org/10.48550/arXiv.1607.01152
Smyth P (2022) Creating web APIs with python and flask. Program Hist. https://programminghistorian.org/en/lessons/creating-apis-with-python-and-flask. Last accessed 1 Dec 2022
Iordache A (2022) Containerized python development—Part 1, Docker blog. https://www.docker.com/blog/containerized-python-development-part-1/. Accessed 1 Dec 2022
Hiwarale U (2022) Anatomy of docker. itnext. https://itnext.io/getting-started-with-docker-1-b4dc83e64389. Accessed 1 Dec 2022
Bansal A, Singhrova A (2021) Performance analysis of supervised machine learning algorithms for diabetes and breast cancer dataset. In: 2021 international conference on artificial intelligence and smart systems (ICAIS). IEEE, Piscataway, pp 137–143. https://doi.org/10.1109/ICAIS50930.2021.9396043
Iskhakov AYu, Mamchenko MV (2021) Vulnerabilities, points of failure and adaptive protection methods in the context of group control of unmanned vehicles. J Phys Conf Ser 1864(012044):1–11. https://doi.org/10.1088/1742-6596/1864/1/012044
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Iskhakov, A.Y., Khazanova, Y.Y., Mamchenko, M.V., Meshcheryakov, R.V., Iskhakova, A.O., Khripunov, S.P. (2023). Adaptive Authentication System Based on Unsupervised Learning for Web-Oriented Platforms. In: Shakya, S., Papakostas, G., Kamel, K.A. (eds) Mobile Computing and Sustainable Informatics. Lecture Notes on Data Engineering and Communications Technologies, vol 166. Springer, Singapore. https://doi.org/10.1007/978-981-99-0835-6_36
Download citation
DOI: https://doi.org/10.1007/978-981-99-0835-6_36
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-0834-9
Online ISBN: 978-981-99-0835-6
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)