Skip to main content
SpringerLink
Log in

Adaptive Authentication System Based on Unsupervised Learning for Web-Oriented Platforms

  • Conference paper
  • First Online:
Mobile Computing and Sustainable Informatics

Part of the book series: Lecture Notes on Data Engineering and Communications Technologies ((LNDECT,volume 166))

Abstract

This paper considers the problem of internal threats caused by the actions that are performed by the employees who have legal access to the company’s data or by the intruders who compromise the employees’ accounts. Account compromise is considered a serious threat to information security, and it may lead to data theft or system disruption. The presented study contributes to the better understanding of detecting suspicious user behavior based on the data collected from the standard audit logs. A possible solution to this problem is a system for detecting the outliers in standard audit logs and extended user data, which may be a sign of abnormal (suspicious) user behavior. Data outlier detection is based on the log analysis with manually labeled data using the IsolationForest classifier with the adjusted parameters. The machine learning methods support heterogeneous data with different behavioral patterns for each user. Moreover, the increase of feature space using FingerPrintJS library provides higher accuracy of detecting abnormal user behavior.

The research was funded by the Russian Science Foundation (project No. 21-71-00125).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 219.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 279.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Number of internet users worldwide from 2005 to 2021 (in millions). https://www.statista.com/statistics/273018/number-of-internet-users-worldwide/. Last accessed 1 Dec 2022

  2. Number of internet and social media users worldwide as of July 2022 (in billions). https://www.statista.com/statistics/617136/digital-population-worldwide/. Last accessed 1 Dec 2022

  3. Number of data records exposed worldwide from 1st quarter 2020 to 3rd quarter 2022 (in millions). https://www.statista.com/statistics/1307426/number-of-data-breaches-worldwide. Last accessed 1 Dec 2022

  4. Endicott S (2022) Microsoft: 99.9% of hacked people are compromised for one (ridiculous) reason. https://www.windowscentral.com/microsoft-999-people-get-hacked-one-ridiculous-reason. Last accessed 1 Dec 2022

  5. Zoppi T, Gharib M, Atif M, Bondavalli A (2021) Meta-learning to improve unsupervised intrusion detection in cyber-physical systems. ACM Trans Cyber Phys Syst 5(4):42:1–42:27 (2021). https://doi.org/10.1145/3467470

  6. Zhong M, Zhou Y, Chen G (2021) A security log analysis scheme using deep learning algorithm for IDSs in social network. Secur Commun Netw 2021(5542543):1–13. https://doi.org/10.1155/2021/5542543

    Article  Google Scholar 

  7. Le DC, Zincir-Heywood N (2021) Anomaly detection for insider threats using unsupervised ensembles. IEEE Trans Netw Serv Manage 18(2):1152–1164. https://doi.org/10.1109/TNSM.2021.3071928

    Article  Google Scholar 

  8. Mezina A, Burget R, Travieso-González CM (2021) Network anomaly detection with temporal convolutional network and U-net model. IEEE Access 9:143608–143622 (2021). https://doi.org/10.1109/ACCESS.2021.3121998

  9. Olanrewaju RF, Khan BUI, Morshidi MA, Anwar F, Kiah MLBM (2021) A frictionless and secure user authentication in web-based premium applications. IEEE Access 9:129240–129255. https://doi.org/10.1109/ACCESS.2021.3110310

    Article  Google Scholar 

  10. Rahman MS, Halder S, Uddin MA, Acharjee UK (2021) An efficient hybrid system for anomaly detection in social networks. Cybersecurity 4(10):1–11. https://doi.org/10.1186/s42400-021-00074-w

    Article  Google Scholar 

  11. Roy A, Razia S, Parveen N, Rao AS, Nayak SR, Poonia RC (2020) Fuzzy rule based intelligent system for user authentication based on user behaviour. J Discrete Math Sci Cryptogr 23(2):409–417. https://doi.org/10.1080/09720529.2020.1728894

    Article  Google Scholar 

  12. Dia D, Kahn G, Labernia F, Loiseau Y, Raynaud O (2020) A closed sets based learning classifier for implicit authentication in web browsing. Discrete Appl Math 273:65–80. https://doi.org/10.1016/j.dam.2018.11.016

    Article  MathSciNet  MATH  Google Scholar 

  13. Class description sklearn.preprocessing.LabelEncoder. https://scikit-learn.org/stable/modules/generated/sklearn.preprocessing.LabelEncoder.html. Last accessed 1 Dec 2022

  14. Yadav D (2022) Categorical encoding using label-encoding and one-hot-encoder. Towards Data Sci. https://towardsdatascience.com/categorical-encoding-using-label-encoding-and-one-hot-encoder-911ef77fb5bd. Last accessed 1 Dec 2022

  15. Description of a datetime module. https://docs.python.org/3/library/datetime.html. Last accessed 1 Dec 2022

  16. Patil P (2022) What is exploratory data analysis? Towards Data Sci. https://towardsdatascience.com/exploratory-data-analysis-8fc1cb20fd15. Last accessed 1 Dec 2022

  17. Data Preprocessing, Loginom. https://wiki.loginom.ru/articles/data-preprocessing.html. Last accessed 1 Dec 2022

  18. Luangmaneerote S (2018) Defences against browser fingerprinting techniques. Doctoral thesis. University of Southampton, Southampton, England

    Google Scholar 

  19. Jiang W, Wang X, Song X, Liu Q, Liu X (2020) Tracking your browser with high-performance browser fingerprint recognition model. China Commun 17(3):168–175. https://doi.org/10.23919/JCC.2020.03.014

  20. Daud NI, Haron GR, Othman SSS (2017) Adaptive authentication: implementing random canvas fingerprinting as user attributes factor. In: 2017 IEEE symposium on computer applications & industrial electronics (ISCAIE). IEEE, Piscataway, pp 152–156. https://doi.org/10.1109/ISCAIE.2017.8074968

  21. ElBanna A, Abdelbaki N (2018) Browsers fingerprinting motives, methods, and countermeasures. In: 2018 international conference on computer, information and telecommunication systems (CITS). IEEE, Piscataway, pp 1–5. https://doi.org/10.1109/CITS.2018.8440163

  22. Zou F, Zhai H (2021) Browser fingerprinting identification using incremental clustering algorithm based on autoencoder. In: 2021 IEEE 23rd international conference on high performance computing & communications; 7th international conference on data science & systems; 19th International conference on smart city; 7th international conference on dependability in sensor, cloud & big data systems & application (HPCC/DSS/SmartCity/DependSys). IEEE, Piscataway, pp 525–532. https://doi.org/10.1109/HPCC-DSS-SmartCity-DependSys53884.2021.00093

  23. Wu T, Song Y, Zhang F, Gao S, Chen B (2021) My site knows where you are: a novel browser fingerprint to track user position. In: ICC 2021—IEEE international conference on communications. IEEE, Piscataway, pp 1–6. https://doi.org/10.1109/ICC42927.2021.9500556

  24. Tuncer T, Ertam F, Dogan S (2021) Automated malware identification method using image descriptors and singular value decomposition. Multimed Tools Appl 80:10881–10900. https://doi.org/10.1007/s11042-020-10317-6

    Article  Google Scholar 

  25. Goix N (2016) How to evaluate the quality of unsupervised anomaly detection algorithms? In: ICML2016 anomaly detection workshop. ICML2016 anomaly detection workshop, New York, NY, USA, pp 1–13. https://doi.org/10.48550/arXiv.1607.01152

  26. Smyth P (2022) Creating web APIs with python and flask. Program Hist. https://programminghistorian.org/en/lessons/creating-apis-with-python-and-flask. Last accessed 1 Dec 2022

  27. Iordache A (2022) Containerized python development—Part 1, Docker blog. https://www.docker.com/blog/containerized-python-development-part-1/. Accessed 1 Dec 2022

  28. Hiwarale U (2022) Anatomy of docker. itnext. https://itnext.io/getting-started-with-docker-1-b4dc83e64389. Accessed 1 Dec 2022

  29. Bansal A, Singhrova A (2021) Performance analysis of supervised machine learning algorithms for diabetes and breast cancer dataset. In: 2021 international conference on artificial intelligence and smart systems (ICAIS). IEEE, Piscataway, pp 137–143. https://doi.org/10.1109/ICAIS50930.2021.9396043

  30. Iskhakov AYu, Mamchenko MV (2021) Vulnerabilities, points of failure and adaptive protection methods in the context of group control of unmanned vehicles. J Phys Conf Ser 1864(012044):1–11. https://doi.org/10.1088/1742-6596/1864/1/012044

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. V.A. Trapeznikov Institute of Control Sciences of Russian Academy of Sciences, Moscow, 117997, Russia

    Andrey Y. Iskhakov, Mark V. Mamchenko, Roman V. Meshcheryakov & Anastasia O. Iskhakova

  2. HSE University, Moscow, Russia

    Yana Y. Khazanova

  3. Scientific Council on Robotics and Mechatronics of Russian Academy of Sciences, Moscow, 119526, Russia

    Sergey P. Khripunov

Authors
  1. Andrey Y. Iskhakov
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yana Y. Khazanova
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mark V. Mamchenko
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Roman V. Meshcheryakov
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Anastasia O. Iskhakova
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Sergey P. Khripunov
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mark V. Mamchenko .

Editor information

Editors and Affiliations

  1. Pulchowk Campus, Tribhuvan University, Kathmandu, Nepal

    Subarna Shakya

  2. Department of Computer Science, International Hellenic University, Kavala, Greece

    George Papakostas

  3. Computer Science Department, Texas Southern University, Houston, TX, USA

    Khaled A. Kamel

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Iskhakov, A.Y., Khazanova, Y.Y., Mamchenko, M.V., Meshcheryakov, R.V., Iskhakova, A.O., Khripunov, S.P. (2023). Adaptive Authentication System Based on Unsupervised Learning for Web-Oriented Platforms. In: Shakya, S., Papakostas, G., Kamel, K.A. (eds) Mobile Computing and Sustainable Informatics. Lecture Notes on Data Engineering and Communications Technologies, vol 166. Springer, Singapore. https://doi.org/10.1007/978-981-99-0835-6_36

Download citation

Publish with us

Policies and ethics

Search

Navigation