Using Identity Credential Usage Logs to Detect Anomalous Service Accesses

Date Added: Nov 2009
Format: PDF

For e-commerce companies providing online services, fraudulent access resulting from theft of identity credentials is a serious concern. Such online service providers deploy a variety of defenses and invest significant time and effort to the analysis of a large amount of log data to detect malicious activities and their impact. To reduce this burden, one explores the effectiveness of an anomaly detection based approach that relies on identity credential usage log records. More specifically, one uses an anomaly-based metric to score the risk of each identity credential usage, e.g., a login request. Scores are determined based on categorical attribute values extracted from log records, such as timestamps. The paper utilizes actual log data of login attempts to a university portal to evaluate the effectiveness of this approach.