2013 IEEE Security and Privacy Workshops (2013)
San Francisco, CA, USA USA
May 23, 2013 to May 24, 2013
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SPW.2013.38
Authentication using centralized methods is aprimary trust mechanism within most large-scale, enterprisecomputer networks. This paper proposes using graphs torepresent user authentication activity within the network. Usingthis mechanism over a real enterprise network dataset, we findthat non-privileged users and users with system administrationprivileges have distinguishable graph attributes in terms of sizeand complexity. In addition, we find that user authenticationgraphs provide intuitive insights into network user behavior.We believe that understanding these differences in even greaterdetail will lead to improved user behavior profiling and theelusive detection of authentication credential misuse.
A. D. Kent and L. M. Liebrock, "Differentiating User Authentication Graphs," 2013 IEEE Security and Privacy Workshops(SPW), San Francisco, CA, USA USA, 2013, pp. 72-75.