Dissertation Talk: Detecting Credential Compromise in Enterprise Networks

Presentation | December 2 | 11 a.m.-12 p.m. | 380 Soda Hall

 Mobin Javed

 Electrical Engineering and Computer Sciences (EECS)

Secure remote access is vital to the workflow of many enterprises today, but can also open up a site to infiltration if attackers manage to steal user login credentials. This empowers attackers to operate clandestinely for months, furthering their access to other resources in the network---all the while remaining undetected under the guise of a legitimate user. Such threats can cause profound damage and lead up to costly data breaches. For example, stolen credentials enabled the massive Target breach in 2013 that resulted in the theft of 40 million credit card numbers.

My dissertation aims to advance the state of credential compromise detection in enterprise settings through novel detection schemes grounded in years of real-world network logs from Lawrence Berkeley National Lab (LBNL). In the first part of the talk, I will sketch a system for detecting stealthy, distributed brute-force attacks on password-based credentials. In the second part, I will present a framework to detect anomalous logins that flag potentially compromised credentials as the result of brute-force, phishing, or malware attacks.