SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsBy measuring a user's increasingly familiarity with a web application over time, outliers in use may indicate account takeover fraud. Credential stuffing attacks are increasing in frequency, allowing threat actors to use data breaches from one source to perpetuate another. While multi-factor authentication remains a crucial preventative measure to protect against credential stuffing, the availability of credential data sets with contact information and the correlation with demographic data can allow threat actors to overcome it through interactive social engineering. Concurrently, alternative defense mechanisms such as network source profiling and device fingerprinting lose effectiveness as privacy-protecting technologies reduce the observable variability between legitimate and fraudulent user sessions. This paper explores the potential of clickstream data containing logs of users' navigation through a web application as an alternative defense to detecting account takeover activity for digital banking platforms. By identifying when users are exhibiting learning behaviors, the detection of such behaviors for established users may provide an indicator of compromise.