F-RBA: A Federated Learning-based Framework for Risk-based Authentication

Fereidouni, Hamidreza, Hafid, Abdelhakim Senhaji, Makrakis, Dimitrios, Baseri, Yaser

Dec-16-2024–arXiv.org Artificial Intelligence

The proliferation of Internet services has led to an increasing need to protect private data. User authentication serves as a crucial mechanism to ensure data security. Although robust authentication forms the cornerstone of remote service security, it can still leave users vulnerable to credential disclosure, device-theft attacks, session hijacking, and inadequate adaptive security measures. Risk-based Authentication (RBA) emerges as a potential solution, offering a multi-level authentication approach that enhances user experience without compromising security. In this paper, we propose a Federated Risk-based Authentication (F-RBA) framework that leverages Federated Learning to ensure privacy-centric training, keeping user data local while distributing learning across devices. Whereas traditional approaches rely on centralized storage, F-RBA introduces a distributed architecture where risk assessment occurs locally on users' devices. The framework's core innovation lies in its similarity-based feature engineering approach, which addresses the heterogeneous data challenges inherent in federated settings, a significant advancement for distributed authentication. By facilitating real-time risk evaluation across devices while maintaining unified user profiles, F-RBA achieves a balance between data protection, security, and scalability. Through its federated approach, F-RBA addresses the cold-start challenge in risk model creation, enabling swift adaptation to new users without compromising security. Empirical evaluation using a real-world multi-user dataset demonstrates the framework's effectiveness, achieving a superior true positive rate for detecting suspicious logins compared to conventional unsupervised anomaly detection models. This research introduces a new paradigm for privacy-focused RBA in distributed digital environments, facilitating advancements in federated security systems.

artificial intelligence, data mining, machine learning, (15 more...)

arXiv.org Artificial Intelligence

Dec-16-2024

arXiv.org PDF

Add feedback

Country:
- South America > Colombia
  - Bogotá D.C. > Bogotá (0.04)
- North America
  - United States (0.14)
  - Canada
    - Quebec > Montreal (0.04)
    - Ontario > National Capital Region
      - Ottawa (0.04)
- Europe > Portugal
  - Lisbon > Lisbon (0.04)
- Asia > Japan
  - Honshū > Kantō > Tokyo Metropolis Prefecture > Tokyo (0.04)

Genre:
- Overview (1.00)
- Research Report > Promising Solution (0.48)

Industry:
- Information Technology > Security & Privacy (1.00)

Technology:
- Information Technology
  - Security & Privacy (1.00)
  - Data Science > Data Mining
    - Anomaly Detection (1.00)
  - Artificial Intelligence > Machine Learning
    - Statistical Learning (1.00)
    - Neural Networks (0.94)
    - Performance Analysis > Accuracy (0.88)