BigSnarf blog
Infosec FTW
Why don’t we look at password logins with machine learning?
Posted by on December 19, 2012
Passwords and machine learning
“Large providers already use many other input signals including the source IP address, browser information and user agent string, cookies cached on the browser, the time of the login and the number of incorrect password guesses. More factors can be added over time: more complex behavioral profiles of users, cryptographic means to identify browsers like origin-bound certificates, one-time codes sent by SMS or generated by a mobile device, or perhaps lightweight biometrics like typing dynamics.”
We use passwords for everything, logging into our workstations, hopefully on your iDevices. We log into Facebook, LinkedIn, Google, gmail, Hotmail, Yahoo etc. You either use just one password for everything or have a bunch of passwords. Its all based on secrets that you have to remember.
I’m more concerned about trying to catch the “badguys” walking among the endless authentication stream of logs and login credentials identities and stolen passwords. We have created baselines, anomaly detection and tuned sensitive on these technologies, but the “badguys” seem to still be winning. How do we tackle the deluge of data from authentication systems? Just watching for the spikes in traffic is not enough.
Machine learning and classifiers have been deployed to detect malicious behavior ranging from spam to terrorism. “Badguys” are getting better at flying under the radar. Why don’t we look at password logins with machine learning? Why don’t we start authenticating the human?
Read more
http://www.lightbluetouchpaper.org/2012/12/14/authentication-is-machine-learning/
http://blaine-nelson.com/research/pubs/Huang-Joseph-AISec-2011
