Cormorant

Hintze, Daniel; Füller, Matthias; Scholz, Sebastian; Findling, Rainhard Dieter; Muaaz, Muhammad; Kapfer, Philipp; Koch, Eckhard; Mayrhofer, René

doi:10.1145/3351243

Cited by 15 publications

(4 citation statements)

References 51 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…"progressive authentication" [47], "risk-based authentication" [56] and "risk-aware authentication" [20] are used in the literature appropriately to express the adaptation capability. Publications contributing to CM4AA need to use at least one of these terms.…”

Section: Logical Search Clausementioning

confidence: 99%

See 1 more Smart Citation

On Understanding Context Modelling for Adaptive Authentication Systems

Bumiller

Challita

Combemale

et al. 2023

ACM Trans. Auton. Adapt. Syst.

View full text Add to dashboard Cite

In many situations, it is of interest for authentication systems to adapt to context ( e.g., when the user’s behavior differs from the previous behavior). Hence, representing the context with appropriate and well-designed models is crucial. We provide a comprehensive overview and analysis of research work on Context Modelling for Adaptive Authentication systems (CM4AA) . To this end, we pursue three goals based on the Systematic Mapping Study (SMS) and Systematic Literature Review (SLR) research methodologies. We first present a SMS to structure the research area of CM4AA ( goal 1 ). We complement the SMS with a SLR to gather and synthesise evidence about context information and its modelling for adaptive authentication systems ( goal 2 ). From the knowledge gained from goal 2, we determine the desired properties of the context information model and its use for adaptive authentication systems ( goal 3 ). Motivated to find out how to model context information for adaptive authentication, we provide a structured survey of the literature to date on CM4AA and a classification of existing proposals according to several analysis metrics. We demonstrate the ability of capturing a common set of contextual features that are relevant for adaptive authentication systems independent from the application domain. We emphasise that despite the possibility of a unified framework, no standard for CM4AA exists.

show abstract

Section: Logical Search Clausementioning

confidence: 99%

“…The keywords biometrics (25) (palmprint ( 16)), behaviour (17) and patterns (17) show the trend of using these features (20) for adaptive authentication [34,35]. Databases (12) from which the information can be extracted (13) seem to be important.…”

Section: Main Abstractmentioning

confidence: 99%

On Understanding Context Modelling for Adaptive Authentication Systems

Bumiller

Challita

Combemale

et al. 2023

ACM Trans. Auton. Adapt. Syst.

View full text Add to dashboard Cite

show abstract

“…Progressive Auth [1] was designed to secure mobile applications by using information collected from multiple devices to determine the level of confidence in the identity of the user. CORMORANT [24] is similar to Progressive Auth, but it offers more complex features. It dynamically determines the available behavioral biometrics and trusted devices.…”

Section: Related Work a Risk-based Authentication Systemsmentioning

confidence: 99%

“…However, risk-based authentication systems proposed in the literature face applicability problems. Indeed, some works do not take into consideration the sensitivity of the protected service or asset which directly informs on the potential risk occurring [3], [24]. Other works rely on static components like reauthentication methods or methods based on static contextual values [8], [18], [28].…”

Section: Introductionmentioning

confidence: 99%

RLAuth: A Risk-Based Authentication System Using Reinforcement Learning

Picard¹,

Pierre²

2023

IEEE Access

View full text Add to dashboard Cite

Conventional authentication systems, that are used to protect most modern mobile applications, are faced with usability and security problems related to their static and one-shot nature. Indeed, one-shot authentication mechanisms challenge the user at the beginning of a session leaving them vulnerable to attacks on lost/stolen devices or session hijacking. In addition, static authentication mechanisms always use the same challenges to authenticate the user without considering the dynamic nature of the risk related to the authentication context. To mitigate these challenges, we propose RLAuth, a risk-based authentication system that can automatically adapt the level of challenge presented to the user on each authentication request based on the current context. RLAuth is based on binary anomaly detection, which is solved using a deep reinforcement learning agent that acts as the classifier. To cope with the high class imbalance in the anomaly detection problem, we propose to use a balanced sampling technique during experience replay and an imbalanced correction factor during reward computation. We evaluate RLAuth on a public dataset using the G-mean metric which is the square root of the product of sensitivity with specificity. This metric is efficient to measure the classification performance of a model under class imbalance since it does not overfit to the majority class. Finally, RLAuth obtained a G-Mean of 92.62%. In addition, the reinforcement learning agent can be trained offline for acceptable results in about 130 s and can then be periodically retrained to improve its performance over time.

show abstract