| dc.contributor.author | G. Martín, Alejandro | |
| dc.contributor.author | Martín de Diego, Isaac | |
| dc.contributor.author | Fernández-Isabel, Alberto | |
| dc.contributor.author | Beltrán, Marta | |
| dc.contributor.author | R. Fernández, Rubén | |
| dc.date.accessioned | 2023-09-20T10:54:46Z | |
| dc.date.available | 2023-09-20T10:54:46Z | |
| dc.date.issued | 2022 | |
| dc.identifier.citation | Alejandro G. Martín, Isaac Martín de Diego, Alberto Fernández-Isabel, Marta Beltrán, Rubén R. Fernández, Combining user behavioural information at the feature level to enhance continuous authentication systems, Knowledge-Based Systems, Volume 244, 2022, 108544, ISSN 0950-7051, https://doi.org/10.1016/j.knosys.2022.108544 | es |
| dc.identifier.issn | 0950-7051 | |
| dc.identifier.uri | https://hdl.handle.net/10115/24413 | |
| dc.description | Research supported by grants from Madrid Autonomous Community, Spain (ref: IND2019/TIC-17169); and from the Spanish Ministry of Economy and Competitiveness, Spain under the Retos-Investigación program: MODAS-IN (ref: RTI-2018-094269-B-I00); and donation of the Titan V GPU by NVIDIA Corporation, Spain; and by grants from Rey Juan Carlos University, Spain (Ref: C1PREDOC2020) | es |
| dc.description.abstract | The scientific and business communities are proposing new authentication methods more robust
than traditional solutions relying on a single security point such as passwords (i.e. ‘‘something you
know’’). User and Entity Behavior Analysis (UEBA) has postulated as an excellent solution to improve
authentication systems by performing continuous authentication to extend the authentication process
over time. UEBA is based on detecting anomalies in the intrinsic behaviour of each user or entity
(i.e. it is based on ‘‘something you are/do’’). This paper presents a method for performing continuous
authentication using UEBA techniques that allows combining information from multiple sources at
the feature level. This combination is achieved through a novel Symbolic Aggregate approximation
(SAX) using Random Trees Embeddings for each information source, producing a sequence of symbols.
Then, these sequences of symbols are combined into a single sequence using temporal information.
The resulting sequence of symbols feeds a density-based clustering model that uses a distance
based on DNA sequence alignment techniques to extract behavioural cores. Finally, new samples are
compared against these cores to detect anomalies using a risk model that evaluates if a behaviour
is anomalous (suspected user impersonation). The model has been extensively tested and evaluated
against well-known state-of-the-art datasets. | es |
| dc.language.iso | eng | es |
| dc.publisher | Elsevier | es |
| dc.rights | Attribution-NonCommercial-NoDerivatives 4.0 Internacional | * |
| dc.rights.uri | http://creativecommons.org/licenses/by-nc-nd/4.0/ | * |
| dc.subject | Anomaly detection | es |
| dc.subject | Behavioural information combination | es |
| dc.subject | Continuous authentication | es |
| dc.subject | User and Entity Behaviour Analytics | es |
| dc.title | Combining user behavioural information at the feature level to enhance continuous authentication systems | es |
| dc.type | info:eu-repo/semantics/article | es |
| dc.identifier.doi | 10.1016/j.knosys.2022.108544 | es |
| dc.rights.accessRights | info:eu-repo/semantics/openAccess | es |
Except where otherwise noted, this item's license is described as Attribution-NonCommercial-NoDerivatives 4.0 Internacional