Differentiating User Authentication
Graphs
Abstract Authentication
using centralized methods is a primary trust mechanism within most
large-scale, enterprise computer networks. Representing user authentication
activity as a set of user-specific graphs over an enterprise network, we find
that certain types of user behavior have distinguishable graph attributes.
More specifically, we demonstrate significant distinction between system
administrators and non-privileged users. We also explore the differentiation
of other functional organization-based user categories. In addition, due to
the operational value user authentication graphs have in reflecting user
behavior, we discuss the development of a system for visually presenting the
graphs. This system will enable exploration and validation of both
appropriate and anomalous user behavior relevant to both intrusion and
insider threat detection. Keywords: Insider threat, network authentication, graph
analysis +: Corresponding author: Alexander D. Kent PO Box 1663 MS B264,
Los Alamos, New Mexico 87545, USA, Tel: +1-505-216-6191 Journal of
Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications
(JoWUA), Vol. 5, No. 2,
pp. 24-38, June 2014 [pdf] |