Loading [MathJax]/extensions/MathMenu.js
Safeguarding academic accounts and resources with the University Credential Abuse Auditing System | IEEE Conference Publication | IEEE Xplore

Safeguarding academic accounts and resources with the University Credential Abuse Auditing System


Abstract:

Whether it happens through malware or through phishing, loss of one's online identity is a real and present danger. While many attackers seek credentials to realize finan...Show More

Abstract:

Whether it happens through malware or through phishing, loss of one's online identity is a real and present danger. While many attackers seek credentials to realize financial gain, an analysis of the compromised accounts at our own institutions reveals that perpetrators often steal university credentials to gain free and unfettered access to information. This nontraditional motivation for credential theft puts a special burden on the academic institutions that provide these accounts. In this paper, we describe the design, implementation, and evaluation of a system for safeguarding academic accounts and resources called the University Credential Abuse Auditing System (UCAAS). We evaluate UCAAS at two major research universities with tens of thousands of user accounts and millions of login events during a two-week period. We show the UCAAS to be useful in reducing this burden, having helped the university security teams identify a total of 125 compromised accounts with zero false positives during the trail.
Date of Conference: 25-28 June 2012
Date Added to IEEE Xplore: 09 August 2012
ISBN Information:

ISSN Information:

Conference Location: Boston, MA

References

References is not available for this document.