fighting identity theft
play

Fighting Identity Theft Big Data Analytics to the Rescue Seshika - PowerPoint PPT Presentation

Dec 23, 2023 •176 likes •441 views

Fighting Identity Theft Big Data Analytics to the Rescue Seshika Fernando WSO2 Me - Seshika Computer Science & Finance Streaming Analytics 100% Open Source Middleware Company Apache Way http://wso2.com/

  1. Fighting Identity Theft Big Data Analytics to the Rescue Seshika Fernando WSO2

  2. Me - Seshika ● Computer Science & Finance ● Streaming Analytics ● 100% Open Source Middleware Company ● Apache Way ● http://wso2.com/

  3. Quantified ● $2.5m per Enterprise ● #1 Consumer Complaint ● Every 2 seconds ● 51% Enterprises use Big Data Analytics Sources: Javelin Strategy & Research, PwC 2016 GSISS, FTC 2015 Report

  4. Service Provider Identity Providers User

  6. Authentication Analytics ● Blacklisted IP address Single IP, multiple users ● ● Single user, multiple IPs ● Login from new IP address ● Abnormal frequency of logins Abnormal login times ● ● Multiple login failures ● Multifactor authentication failures

  7. Authorization Analytics ● User/Role accessing a new resource Abnormal resource access frequency ● ● Access denied for multiple resources, for the same user ● Abnormal usage frequency of high privilege accounts ● High risk privilege escalation

  8. Complex Event Processing * Notify if there is a 10% increase in overall trading activity AND the average price of commodities has fallen 2% in the last 4 hours

  9. Blacklists define table BlacklistedIPTable (ipAddress string); from loginStream[ (ip == BlacklistedIPTable.ip) in BlacklistedIPTable ] select * insert into alertStream; Whitelists define table IPTable (ipAddress string); from loginStream[ not(ip == IPTable.ip) in IPTable ] select * insert into alertStream;

  10. Counting from loginFailureStream#window.time(1 hour) select username, count(timestamp) as loginFailCount group by username having loginFailCount > 30 insert into alertStream; 1 to many relationships from e1 = loginStream -> e2 = loginStream[(e1.ip == e2.ip) and (e1.username != e2.username)] <2:> within 1 day select e1.ip, e1.username, e2[0].username, e2[1].username insert into alertStream;

  11. Adaptive Analytics User Profiling (UEBA) ○ Time ○ IP/Geo-location ○ Frequency Typing Patterns ○ ○ Service Provider(s) ○ Identity Provider(s) Wonka usually logs in between 8am - 10am , from an IP address in Chicago , and logs into Redmine and Concur , using his Google Credentials

  12. Behavioural Rules Based on ● ○ Time Login Frequency ○ ○ Geo Location List of Service Providers ○ ○ List of IDPs from loginStream#window.time(1 hour) as str join loginCountTable as tbl on str.username == tbl.username select str.username, count(str.timestamp) as curLoginCount, tbl.maxLoginCount group by str.username having curLoginCount > maxLoginCount insert into alertStream;

  13. Scoring ● Use combination of rules ● Give weights to each rule Single number to represent suspicion through multiple indicators ● ● Use a threshold to identify anomalies Score = w1 * time + w2 * frequency + w3 * location + w4 * SPs + w5 * IDPs

  14. Clustering Features ● Time ● Geo Location ● IdP SP Type ●

  15. Markov Models Compare Update Classify Events Incoming Alerts Events Probability Matrix Sequences Probability Matrix

  16. Audit Trail Analytics

  17. Investigate Access historical data using Expressive Querying ● ● Easy Filtering ● Useful Visualizations to isolate incidents and unearth relationships

  18. Deployment Dashboard Events Alerts IAM Events Service Providers Persisted Storage

  19. Challenges

  20. Unusual behaviour?

  21. Big Data Challenge ● Millions of Events Highly Dimensional ● EventID Timestamp Auth Success Username Roles Service Provider IDP IP 1 1420092114000 True Norman Dev; Admin Expedia Google 100.3.2.88 2 1420092114200 True John Dev Concur Facebook 10.13.2.15 3 1420092115500 False Mary QA Ebay Facebook 20.3.2.132 ● Real-time Dashboards

  22. Fight against Time CEP 1s 1s 1s 1s 1s 1s 1s 1s 1m 1m 1m 1m 1h 1h 1d Spark

  23. Siddhi & Spark from AuthEventStream#window.TimeBatch(1 sec) Siddhi select sum(AuthCount), year, month, date, hour, min, sec insert into PerSecAuthCountStream from PerSecAuthCountStream#window.TimeBatch(1 min) select sum(AuthCount), year, month, date, hour, min insert into PerMinAuthCountTable insert into PerHourAuthCountTable select sum(AuthCount), year, month, date, hour from PerMinAuthCountTable group by year, month, date, hour insert into PerDayAuthCountTable select sum(AuthCount), year, month, date from PerHourAuthCountTable Spark group by year, month, date

  24. Battling Dimensionality By Identity Provider By Service Provider By User 1h 1h 1h 1h 1h 1h 1d 1d 1d

  25. Contact us !

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Identity Theft Identity Theft Identity theft occurs when your personal information is stolen

Identity Theft Identity Theft Identity theft occurs when your personal information is stolen

Identity Theft Identity Theft Identity theft occurs when your personal information is stolen and used without your knowledge to commit fraud or other crimes Identity theft can cost you time and money. Tips for Preventing Identity Theft

322 views • 10 slides
Identity Theft By: Brian Paulsen How common is identity theft? According to the US Department of

Identity Theft By: Brian Paulsen How common is identity theft? According to the US Department of

Identity Theft By: Brian Paulsen How common is identity theft? According to the US Department of Justice, 10% of people over the age of 16 reported being victims of identity theft in 2016 (Harrell). Who is most susceptible? Multiple reports

233 views • 21 slides
Training to Prevent Identity Theft Identity Theft is the fastest growing crime in America.

Training to Prevent Identity Theft Identity Theft is the fastest growing crime in America.

Training to Prevent Identity Theft Identity Theft is the fastest growing crime in America. The Social Security number is a major privacy concern for most people, because it links to information that is typically kept private. Exposing

326 views • 17 slides
What is Identity Theft? &quot;Someone obtaining your personal identifying information without

What is Identity Theft? &quot;Someone obtaining your personal identifying information without

Identity Fraud: Protecting Your Identity Between Work and Play Ryan Sothan, Outreach Coordinator Nebraska Department of Justice, Office of the Attorney General Consumer Protection and Anti-Trust Division What is Identity Theft?

314 views • 18 slides
Child Identity Theft: What to Know, What to Do Colleen Tressler FTC Division of Consumer &amp;

Child Identity Theft: What to Know, What to Do Colleen Tressler FTC Division of Consumer &amp;

Child Identity Theft: What to Know, What to Do Colleen Tressler FTC Division of Consumer &amp; Business Education ctressler@ftc.gov consumer.ftc.gov IdentityTheft.gov Definition of Identity Theft Identity theft is the misuse of

459 views • 20 slides
IDENTITY THEFT FINANCIAL EDUCATION SERIES Equal Housing Lender. Member FDIC and Associated

IDENTITY THEFT FINANCIAL EDUCATION SERIES Equal Housing Lender. Member FDIC and Associated

4/2/2018 IDENTITY THEFT FINANCIAL EDUCATION SERIES Equal Housing Lender. Member FDIC and Associated Banc-Corp AGENDA Tips to avoid identity theft What you should do if you become a victim of identity theft How to obtain free

381 views • 4 slides
Identity Theft 101 Wanda Downs, AAP Director, CU Development &amp; Marketing Identity Theft 101

Identity Theft 101 Wanda Downs, AAP Director, CU Development &amp; Marketing Identity Theft 101

Identity Theft 101 Wanda Downs, AAP Director, CU Development &amp; Marketing Identity Theft 101 Identity Theft 101 Wanda Downs First Carolina Corporate Credit Union, 2004 to present &gt; Director of CU Development &amp; Marketing AAP

440 views • 16 slides
What will you learn? During this presentation you will learn: How ID theft and account fraud

What will you learn? During this presentation you will learn: How ID theft and account fraud

What will you learn? During this presentation you will learn: How ID theft and account fraud happen The effects of ID theft and fraud How to avoid becoming a victim Identity Protection Identity Theft is Rampant Number of victims rose

764 views • 30 slides
Identity Theft Wiam Younes Training and Awareness Coordinator Information Security Office(ISO)

Identity Theft Wiam Younes Training and Awareness Coordinator Information Security Office(ISO)

Identity Theft Wiam Younes Training and Awareness Coordinator Information Security Office(ISO) www.cmu.edu/iso Computing Services www.cmu.edu/computing What is Identity Theft? Identity Theft is a crime in which an impostor obtains key

409 views • 24 slides
(1 in 4) Fraud (43%) (12.6 M) 2013 Identity Theft Report Javelin Strategy &amp; Research FTC

(1 in 4) Fraud (43%) (12.6 M) 2013 Identity Theft Report Javelin Strategy &amp; Research FTC

THE THE NEW NORM NEW NORM IDENTIT IDENTITY Y THE THEFT FT AND AND GO GOVERNMENT VERNMENT FRA FRAUD UD Identity Fraud Data Breach Government (1 in 4) Fraud (43%) (12.6 M) 2013 Identity Theft Report Javelin Strategy &amp;

527 views • 17 slides
IRS Criminal Investigation Detroit Field Office Identity Theft The FTC estimates that as many

IRS Criminal Investigation Detroit Field Office Identity Theft The FTC estimates that as many

IRS Criminal Investigation Detroit Field Office Identity Theft The FTC estimates that as many as 9 million Americans have their identities stolen each year. How Do They Get Your Information? Theft of valuables purses, wallets, cell

344 views • 15 slides
the bottom line your data protects protecting to remedy the harm caused by identity theft. ties

the bottom line your data protects protecting to remedy the harm caused by identity theft. ties

24 and lost sales. 7 to the indictment, the thieves security breach. 8 According tion with the T.J. Maxx data of 11 individuals in connec- announced the indictment D e p a r t m e n t r e c e n t l y identity theft, the Justice catch the

561 views • 6 slides
Fighting against theft, cloning and counterfeiting of integrated circuits Lilian Bossuet Associate

Fighting against theft, cloning and counterfeiting of integrated circuits Lilian Bossuet Associate

Fighting against theft, cloning and counterfeiting of integrated circuits Lilian Bossuet Associate Professor, head of the secure embedded system group University of Lyon, Jean Monnet University, Saint-Etienne Laboratoire Hubert Curien CNRS

878 views • 64 slides
Identity Theft Victim Shawn Savage IRS Sr. Stakeholder Liaison Seminar Objectives Increase

Identity Theft Victim Shawn Savage IRS Sr. Stakeholder Liaison Seminar Objectives Increase

Helping the Identity Theft Victim Shawn Savage IRS Sr. Stakeholder Liaison Seminar Objectives Increase awareness of how to help IDT victims Improve understanding of Taxpayer Protection Program, Identity Protection Specialized Unit and

799 views • 16 slides
Trends in Malware Enabled Identity Theft Matthew McGlashan - matthew@auscert.org.au Computer

Trends in Malware Enabled Identity Theft Matthew McGlashan - matthew@auscert.org.au Computer

Trends in Malware Enabled Identity Theft Matthew McGlashan - matthew@auscert.org.au Computer Security Analyst, AusCERT Outline About AusCERT What AusCERT is doing to combat ID theft The Threat: Trojan Horse software

535 views • 27 slides
Results from Help Us Protect the Carnegie Mellon Community from Identity Theft study A

Results from Help Us Protect the Carnegie Mellon Community from Identity Theft study A

Results from Help Us Protect the Carnegie Mellon Community from Identity Theft study A Real-Word Evaluation of Anti-Phishing Training Mary Ann Blair Lorrie Faith Cranor Ponnurangam Kumaraguru (PK) Joint work with Justin Cranshaw,

964 views • 74 slides
How to publish for maximum impact? Research in the Big Data era SEE Diu Seng, PhD Research

How to publish for maximum impact? Research in the Big Data era SEE Diu Seng, PhD Research

How to publish for maximum impact? Research in the Big Data era SEE Diu Seng, PhD Research &amp; Innovation Advisor (Southeast Asia) diuseng.see@clarivate.com http://www.researcherid.com/rid/I-6412-2015 http://orcid.org/0000-0002-1435-1608 2

681 views • 38 slides
Grammar-based Specification and Parsing for Binary File Formats William Underwood Georgia Tech

Grammar-based Specification and Parsing for Binary File Formats William Underwood Georgia Tech

Grammar-based Specification and Parsing for Binary File Formats William Underwood Georgia Tech Research Institute Atlanta, Georgia, USA 7 th International Digital Curation Conference 2011 Bristol, UK December 5-7, 2011 GTRI_B-#

400 views • 26 slides
Trusted Components Reuse, Contracts and Patterns Prof. Dr. Bertrand Meyer Till G. Bay Chair of

Trusted Components Reuse, Contracts and Patterns Prof. Dr. Bertrand Meyer Till G. Bay Chair of

1 Trusted Components Reuse, Contracts and Patterns Prof. Dr. Bertrand Meyer Till G. Bay Chair of Softw are Engineering Trusted Components: Reuse, Contracts and Patterns - Lecture 21 2 Lecture 21: Eiffel AST Chair of Softw are Engineering

355 views • 16 slides
A Rewriting Semantics for Maude Strategies N. Mart -Oliet, J. Meseguer, and A. Verdejo

A Rewriting Semantics for Maude Strategies N. Mart -Oliet, J. Meseguer, and A. Verdejo

A Rewriting Semantics for Maude Strategies N. Mart -Oliet, J. Meseguer, and A. Verdejo Universidad Complutense de Madrid University of Illinois at Urbana-Champaign IFIP WG 1.3 Urbana, August 1, 2008 N. Mart -Oliet (UCM) A Rewriting

360 views • 32 slides
New in ML A personal perspective from Academia 5yr PhD Startup in Applied experience between

New in ML A personal perspective from Academia 5yr PhD Startup in Applied experience between

Joan Bruna Courant Institute and Center for Data Science New in ML A personal perspective from Academia 5yr PhD Startup in Applied experience between Mathematics MsC and PhD One Slide about 5yr Visiting myself experience as positions

653 views • 50 slides
Quantum Transport and Thermodynamics Giuliano Benenti Center for Nonlinear and Complex Systems,

Quantum Transport and Thermodynamics Giuliano Benenti Center for Nonlinear and Complex Systems,

Quantum Transport and Thermodynamics Giuliano Benenti Center for Nonlinear and Complex Systems, Univ. Insubria, Como, Italy INFN, Milano, Italy Outline 1) Basic thermodynamics of nonequilibrium states (linear response, Onsager relations,

1.66k views • 148 slides
Holographic interaction effects on transport in Dirac semimetals Vivian Jacobs, Stefan Vandoren,

Holographic interaction effects on transport in Dirac semimetals Vivian Jacobs, Stefan Vandoren,

Holographic interaction effects on transport in Dirac semimetals Vivian Jacobs, Stefan Vandoren, Henk Stoof (UU) arXiv: 1403.3608 Semimetals Semimetal = gapless semiconductor Well-known example in 2+1 dim: graphene Dirac points

495 views • 25 slides
A Data Warehouse/OLAP Framework for Web Usage Mining and Business Intelligence Reporting Xiaohua

A Data Warehouse/OLAP Framework for Web Usage Mining and Business Intelligence Reporting Xiaohua

A Data Warehouse/OLAP Framework for Web Usage Mining and Business Intelligence Reporting Xiaohua Hu Nick Cercone College of Information Science Faculty of Computer Science Drexel University, Philadelphia Dalhousie University PA, USA 19104

482 views • 21 slides

More recommend