ResearchSpace

Behavioural analytics: Beyond risk-based MFA

Show simple item record

dc.contributor.author Dlamini, Thandokuhle M
dc.contributor.author Eloff, JHP
dc.contributor.author Venter, HS
dc.contributor.author Eloff, MM
dc.contributor.author Henha Eyono, RPS
dc.contributor.author Mosola, NN
dc.date.accessioned 2017-10-25T12:43:52Z
dc.date.available 2017-10-25T12:43:52Z
dc.date.issued 2017-09
dc.identifier.citation Dlamini, T.M. et al. 2017. Behavioural analytics: Beyond risk-based MFA. SATNAC 2017, 3-10 September 2017, Freedom of the Seas Cruise Liner operated by Royal Caribbean International; Spain, France, Italy en_US
dc.identifier.uri http://www.satnac.org.za//proceedings/2017/SATNAC%202017%20Proceedings%20Final.pdf
dc.identifier.uri http://hdl.handle.net/10204/9689
dc.description Paper presented at SATNAC 2017, 3-10 September 2017, Freedom of the Seas Cruise Liner operated by Royal Caribbean International; Spain, France, Italy en_US
dc.description.abstract This paper investigates how to effectively stop an attacker from using compromised user credentials to gain authorized entry to systems that they are otherwise not authorised to access. The proposed solution extends previous work to move beyond a risk-based multi-factor authentication system. It adds a behavioural analytics component that uses keystroke dynamics to grant or deny users access. Given the increasing number of compromised user credential stores, we make the assumption that criminals already know the user credentials. Hence, to test our solution, users were given authentic user credentials and asked to login to our proof-of-concept. Despite the fact that all illegitimate users in our test cases were given the correct user credentials for legitimate users, none of these were granted access by the system. This demonstrates zero-tolerance to false positives. The results demonstrate the uniqueness of keystroke dynamics and its use to prevent users with stolen credentials from accessing systems they are not authorized to access. en_US
dc.language.iso en en_US
dc.relation.ispartofseries Worklist;19530
dc.relation.ispartofseries Worklist;19527
dc.subject Behavioural analytics en_US
dc.subject Risk-based MFA en_US
dc.subject Cybersecurity en_US
dc.title Behavioural analytics: Beyond risk-based MFA en_US
dc.type Conference Presentation en_US
dc.identifier.apacitation Dlamini, T. M., Eloff, J., Venter, H., Eloff, M., Henha Eyono, R., & Mosola, N. (2017). Behavioural analytics: Beyond risk-based MFA. http://hdl.handle.net/10204/9689 en_ZA
dc.identifier.chicagocitation Dlamini, Thandokuhle M, JHP Eloff, HS Venter, MM Eloff, RPS Henha Eyono, and NN Mosola. "Behavioural analytics: Beyond risk-based MFA." (2017): http://hdl.handle.net/10204/9689 en_ZA
dc.identifier.vancouvercitation Dlamini TM, Eloff J, Venter H, Eloff M, Henha Eyono R, Mosola N, Behavioural analytics: Beyond risk-based MFA; 2017. http://hdl.handle.net/10204/9689 . en_ZA
dc.identifier.ris TY - Conference Presentation AU - Dlamini, Thandokuhle M AU - Eloff, JHP AU - Venter, HS AU - Eloff, MM AU - Henha Eyono, RPS AU - Mosola, NN AB - This paper investigates how to effectively stop an attacker from using compromised user credentials to gain authorized entry to systems that they are otherwise not authorised to access. The proposed solution extends previous work to move beyond a risk-based multi-factor authentication system. It adds a behavioural analytics component that uses keystroke dynamics to grant or deny users access. Given the increasing number of compromised user credential stores, we make the assumption that criminals already know the user credentials. Hence, to test our solution, users were given authentic user credentials and asked to login to our proof-of-concept. Despite the fact that all illegitimate users in our test cases were given the correct user credentials for legitimate users, none of these were granted access by the system. This demonstrates zero-tolerance to false positives. The results demonstrate the uniqueness of keystroke dynamics and its use to prevent users with stolen credentials from accessing systems they are not authorized to access. DA - 2017-09 DB - ResearchSpace DP - CSIR KW - Behavioural analytics KW - Risk-based MFA KW - Cybersecurity LK - https://researchspace.csir.co.za PY - 2017 T1 - Behavioural analytics: Beyond risk-based MFA TI - Behavioural analytics: Beyond risk-based MFA UR - http://hdl.handle.net/10204/9689 ER - en_ZA


Files in this item

This item appears in the following Collection(s)

Show simple item record