Enhanced User Authentication Algorithm Based on Behavioral Analytics in Web-Based Cyberphysical Systems

Abstract

Detection of anomalies in user behavior to improve authentication procedures (including on the web platforms) is still a relevant task in information security. These anomalies may be presented as data outliers in the standard logs with records with users’ actions on the web resources. To solve this problem, an algorithm for detecting anomalies in the behavior of users of web platforms based on machine learning is proposed. Standard audit logs and user browser fingerprints were used as a set of features to identify a user and/or his device. The algorithm detects anomalies (data outliers) in user behavior based on three classifiers: OneClassSVM, IsolationForest, and EllipticEnvelope. If anomalies are detected, one or more authentication factors are used for additional verification of the user. The proposed algorithm is aimed at increasing the security of the target web system based on the risk assessment of the threat of users’ abnormal behavior in near real time. The experiment showed that it is generally possible to use both IsolationForest and EllipticEnvelope as the main classifier. In particular, EllipticEnvelope has a higher average accuracy on large datasets of user activity (up to 1600 records per user). However, the use of IsolationForest gives the best value of maximum average accuracy, especially for small logs (up to 100 records per user).