Development and evaluation of different approaches for the application of anomaly detection on login data collected by the Hypergate SSO app.
Anomaly detection, conditional access, market basket analysis, clustering, Python
Different anomaly detection approaches and methods should be researched, developed and objectively evaluated. These approaches must return a score between 0 and 1, which defines how unusual an authentication request is.
Hypergate is a single sign-on application used in the enterprise environment. With the addition of conditional access rules, its security possibilities should be improved and extended. Precisely, an anomaly score for each login should be computed which can be used as a trigger for further additional security actions.
We created three different models applicable as anomaly detection systems in the Hypergate context. Model 1 assesses the single attributes of a login separately based on frequency and a membership-test. Model 2 is based on association rule mining used in Market Basket algorithms. Model 3 uses the K-Prototypes clustering algorithm. The models were evaluated using a custom developed evaluation concept including four different test cases. The best results were achieved by Model 2.
Lukas Schönbächler, Papers AG / Hypergate
https://hypergate.com/
Tobias Bossert, tobias.bossert@students.fhnw.ch
My-Nhien Nguyen, mynhien.nguyen@students.fhnw.ch
Prof. Dr. Michael Graber michael.graber@fhnw.ch