Evalt: Authenticate Implicitly Before Attacks
暂无分享,去创建一个
Privileged credentials are one of the key targets of attackers. Password authentication is plagued by phishing scams and keyloggers for years. Using a second factor, such as user behavior, as a part of the authentication process offers higher assurance. A great deal of research has been proposed to authenticate based on the behavior of various entities. However, they often play effects after user logging on to the system. Even if the attacks are detected successfully, the malicious activities have been performed and the damage is done. In this paper, we present Evalt, an implicit approach that takes effect before user logging on to enhance authentication with an additional security layer. Evalt exploits the features extracted from authentication events to detect anomalies. Hence it could block the attackers before they cause damage to systems. We test Evalt on an open-source Windows security log dataset. The experiment shows that our method could identify threats with a good performance before the actual damage occurs based on the authentication events' features.