MLE-RBA: A Machine Learning-Empowered Risk-Based Authentication Algorithm
摘要
Risk-Based Authentication (RBA) is a dynamic authentication approach that assesses login attempts based on contextual risk factors. Traditional RBA implementations, such as Freeman et al.’s Naïve Bayes method, provide adaptive security but have limitations in precision and adaptability. In this study, we propose an enhanced RBA method leveraging machine learning to improve risk assessment accuracy. We design and implement MLE-RBA, an ML-empowered RBA system using a LightGBM classifier trained on a user login dataset, incorporating feature engineering, anomaly detection, and data balancing techniques. Our approach is evaluated against Freeman’s method and the SIMPLE heuristic, with performance measured in terms of Equal Error Rate (EER) and other key metrics. Experimental results show that our ML-based approach achieves a lower EER, demonstrating improved authentication accuracy while maintaining usability. Despite its effectiveness, we emphasize that RBA, even when enhanced with ML, should not replace primary authentication mechanisms but rather serve as a supplementary layer to improve security. Our findings contribute to the ongoing development of adaptive authentication strategies, highlighting ML’s potential in optimizing RBA systems.