Seth Hastings, Tyler Moore, Corey Bolger, Philip Schumway (University of Tulsa)

This paper presents a method for reduction and aggregation of raw authentication logs into user-experience focused "event logs". The event logs exclude non-interactive authentication data and capture critical aspects of the authentication experience to deliver a distilled representation of an authentication. This method is demonstrated using real data from a university, spanning three full semesters. Event construction is presented along with several examples to demonstrate the utility of event logs in the context of a Security Operations Center (SOC). Authentication success rates are shown to widely vary, with the bottom 5% of users failing more than one third of authentication events. A proactive SOC could utilize such data to assist struggling users. Event logs can also identify persistently locked out users. 2.5% of the population under study was locked out in a given week, indicating that interventions by SOC analysts to reinstate locked-out users could be manageable. A final application of event logs can identify problematic applications with above average authentication failure rates that spike periodically. It also identifies lapsed applications with no successful authentications, which account for over 50% of unique applications in our sample.

View More Papers

Proof of Backhaul: Trustfree Measurement of Broadband Bandwidth

Peiyao Sheng (Kaleidoscope Blockchain Inc.), Nikita Yadav (Indian Institute of Science), Vishal Sevani (Kaleidoscope Blockchain Inc.), Arun Babu (Kaleidoscope Blockchain Inc.), Anand Svr (Kaleidoscope Blockchain Inc.), Himanshu Tyagi (Indian Institute of Science), Pramod Viswanath (Kaleidoscope Blockchain Inc.)

Read More

Overconfidence is a Dangerous Thing: Mitigating Membership Inference Attacks...

Zitao Chen (University of British Columbia), Karthik Pattabiraman (University of British Columbia)

Read More

Group-based Robustness: A General Framework for Customized Robustness in...

Weiran Lin (Carnegie Mellon University), Keane Lucas (Carnegie Mellon University), Neo Eyal (Tel Aviv University), Lujo Bauer (Carnegie Mellon University), Michael K. Reiter (Duke University), Mahmood Sharif (Tel Aviv University)

Read More

On the Vulnerability of Traffic Light Recognition Systems to...

Sri Hrushikesh Varma Bhupathiraju (University of Florida), Takami Sato (University of California, Irvine), Michael Clifford (Toyota Info Labs), Takeshi Sugawara (The University of Electro-Communications), Qi Alfred Chen (University of California, Irvine), Sara Rampazzi (University of Florida)

Read More