Network-based Classification of Authentication Attempts using Machine Learning

Curtis R. Taylor, Julian P. Lanson

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Network security operators are challenged with protecting an increasing number of clients from authentication-based attacks such as password guessing. Host-based defenses help in preventing such attacks but are difficult to manage and monitor at scale. These challenges open the door for network-based defenses. In this work, we introduce AuthML. AuthML performs protocol-agnostic authentication modeling to detect successful and unsuccessful authentication attempts at the network level. Using machine learning (ML), AuthML operates directly on network communication to determine the outcome of authentication attempts in real time. To show AuthML's efficacy, we validate our approach on multiple deployment scenarios. AuthML achieves an accuracy of 99.9% examining 29,015 new flows in this operational phase, demonstrating that we can achieve similar performance in real time to state-of-the-art techniques without manual protocol analysis.

Original languageEnglish
Title of host publication2019 International Conference on Computing, Networking and Communications, ICNC 2019
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages669-673
Number of pages5
ISBN (Electronic)9781538692233
DOIs
StatePublished - Apr 8 2019
Event2019 International Conference on Computing, Networking and Communications, ICNC 2019 - Honolulu, United States
Duration: Feb 18 2019Feb 21 2019

Publication series

Name2019 International Conference on Computing, Networking and Communications, ICNC 2019

Conference

Conference2019 International Conference on Computing, Networking and Communications, ICNC 2019
Country/TerritoryUnited States
CityHonolulu
Period02/18/1902/21/19

Funding

This manuscript has been authored by UT-Battelle, LLC under Contract No. DE-AC05-00OR22725 with the US DOE. The United States Government retains and the publisher, by accepting the article for publication, acknowledges that the United States Government retains a non-exclusive, paid-up, irrevocable, world-wide license to publish or reproduce the published form of this manuscript, or allow others to do so, for United States Government purposes. The DOE will provide public access to these results of federally sponsored research in accordance with the DOE Public Access Plan(https:// www.energy.gov/downloads/doe-public-access-plan).

Fingerprint

Dive into the research topics of 'Network-based Classification of Authentication Attempts using Machine Learning'. Together they form a unique fingerprint.

Cite this