Litcius/Paper detail

An approach to detect user behaviour anomalies within identity federations

Alejandro G. Martín, Marta Beltrán, Alberto Fernández-Isabel, Isaac Martín de Diego

2021Computers & Security30 citationsDOIOpen Access PDF

Abstract

User and Entity Behaviour Analytics (UEBA) mechanisms rely on statistical techniques and Machine Learning to determine when a significant deviation from patterns or trends established as a standard for users and entities is occurring. These mechanisms are beneficial within cybersecurity contexts because they allow managers and administrators to have early alerts warning about potential security incidents. This paper proposes the utilisation of UEBA to improve the security of Federated Identity Management (FIM) solutions. The proposed UEBA workflow allows Relying Parties within identity federations to build a session fingerprint characterising each user’s behaviour from available information. Furthermore, it enables anomaly detection based on this fingerprint, integrating raised alerts within current identity management specifications. The proposed workflow is validated and evaluated in a real use case based on a web chat application using OpenID Connect for identity management.

Topics & Concepts

Computer scienceIdentity (music)Computer securityInternet privacyAestheticsPhilosophyAdvanced Malware Detection TechniquesUser Authentication and Security SystemsNetwork Security and Intrusion Detection