<  Retour au portail Polytechnique Montréal

RLAuth: A risk-based authentication system using reinforcement learning

Claudy Picard et Samuel Pierre

Article de revue (2023)

Document en libre accès dans PolyPublie et chez l'éditeur officiel
[img]
Affichage préliminaire
Libre accès au plein texte de ce document
Version officielle de l'éditeur
Conditions d'utilisation: Creative Commons: Attribution (CC BY)
Télécharger (1MB)
Afficher le résumé
Cacher le résumé

Abstract

Conventional authentication systems, that are used to protect most modern mobile applications, are faced with usability and security problems related to their static and one-shot nature. Indeed, one-shot authentication mechanisms challenge the user at the beginning of a session leaving them vulnerable to attacks on lost/stolen devices or session hijacking. In addition, static authentication mechanisms always use the same challenges to authenticate the user without considering the dynamic nature of the risk related to the authentication context. To mitigate these challenges, we propose RLAuth, a risk-based authentication system that can automatically adapt the level of challenge presented to the user on each authentication request based on the current context. RLAuth is based on binary anomaly detection, which is solved using a deep reinforcement learning agent that acts as the classifier. To cope with the high class imbalance in the anomaly detection problem, we propose to use a balanced sampling technique during experience replay and an imbalanced correction factor during reward computation. We evaluate RLAuth on a public dataset using the G-mean metric which is the square root of the product of sensitivity with specificity. This metric is efficient to measure the classification performance of a model under class imbalance since it does not overfit to the majority class. Finally, RLAuth obtained a G-Mean of 92.62%. In addition, the reinforcement learning agent can be trained offline for acceptable results in about 130 s and can then be periodically retrained to improve its performance over time.

Sujet(s): 2800 Intelligence artificielle > 2800 Intelligence artificielle (Vision artificielle, voir 2603)
Département: Département de génie informatique et génie logiciel
Centre de recherche: LARIM - Laboratoire de recherche en réseautique et informatique mobile
URL de PolyPublie: https://publications.polymtl.ca/54142/
Titre de la revue: IEEE Access (vol. 11)
Maison d'édition: Institute of Electrical and Electronics Engineers
DOI: 10.1109/access.2023.3286376
URL officielle: https://doi.org/10.1109/access.2023.3286376
Date du dépôt: 24 juil. 2023 13:47
Dernière modification: 30 sept. 2024 14:52
Citer en APA 7: Picard, C., & Pierre, S. (2023). RLAuth: A risk-based authentication system using reinforcement learning. IEEE Access, 11, 61129-61143. https://doi.org/10.1109/access.2023.3286376

Statistiques

Total des téléchargements à partir de PolyPublie

Téléchargements par année

Provenance des téléchargements

Dimensions

Actions réservées au personnel

Afficher document Afficher document