2023 Theses Doctoral
Toward A Secure Account Recovery: Machine Learning Based User Modeling for protection of Account Recovery in a Managed Environment
As a result of our heavy reliance on internet usage and running online transactions, authentication has become a routine part of our daily lives. So, what happens when we lose or cannot use our digital credentials? Can we securely recover our accounts? How do we ensure it is the genuine user that is attempting a recovery while at the same time not introducing too much friction for the user? In this dissertation, we present research results demonstrating that account recovery is a growing need for users as they increase their online activity and use different authentication factors.
We highlight that the account recovery process is the weakest link in the authentication domain because it is vulnerable to account takeover attacks because of the less secure fallback authentication mechanisms usually used. To close this gap, we study user behavior-based machine learning (ML) modeling as a critical part of the account recovery process. The primary threat model for ML implementation in the context of authentication is poisoning and evasion attacks.
Towards that end, we research randomized modeling techniques and present the most effective randomization strategy in the context of user behavioral biometrics modeling for account recovery authentication. We found that a randomization strategy that exclusively relied on the user’s data, such as stochastically varying the features used to generate an ensemble of models, outperformed a design that incorporated external data, such as adding gaussian noise to outputs.
This dissertation asserts that account recovery process security posture can be vastly improved by incorporating user behavior modeling to add resiliency against account takeover attacks and nudging users towards voluntary adoption of more robust authentication factors.
- Alubala_columbia_0054D_17684.pdf application/pdf 1.47 MB Download File
More About This Work
- Academic Units
- Computer Science
- Thesis Advisors
- Stolfo, Salvatore
- Bellovin, Steven Michael
- D.E.S., Columbia University
- Published Here
- April 5, 2023