Authors
Khairul Azmi Abu Bakar, Nor Izyani Daud and Mohd Shafeq Md Hasan, MIMOS Berhad, Malaysia
Abstract
Adaptive authentication is a risk-based authentication that identifies high-risk and suspicious illegitimate login attempts. User past login records which implicitly contains attribute factors context information are used to establish user behavior profile. Later if the user logins under different environmental context from that established profile, the identity of the user may be questioned. The system may challenge the user to present additional authentication method to get authenticated. We implemented such adaptive authentication system in our production server and collected user login records for more than six months. In this paper, we presents the analysis of the user login profile with regards to attribute factors such as geographical location and time of login. We also developed testbed system that uses the collected real data to evaluate the system for different ratio threshold values.
Keywords
Adaptive Authentication, Web Application, Testbed Analysis