F-RBA: A Federated Learning-based Framework for Risk-based Authentication
Hamidreza Fereidouni, Abdelhakim Senhaji Hafid, Dimitrios Makrakis, Yaser Baseri
TL;DR
F-RBA addresses privacy-preserving risk-based authentication by moving risk evaluation to on-device components within a federated learning framework. It combines horizontal FL (FedAvg/FedProx) with similarity-based feature engineering to harmonize heterogeneous client data and utilizes IPFS/DLT for cross-device profiling while keeping user data local. Empirical results on a real-world dataset show a high true-positive rate for detecting suspicious logins and demonstrate advantages over traditional unsupervised anomaly detectors, highlighting improved scalability and privacy. This framework offers a practical, cross-device security solution with potential for rapid adaptation to new users and contexts while maintaining robust privacy protections.
Abstract
The proliferation of Internet services has led to an increasing need to protect private data. User authentication serves as a crucial mechanism to ensure data security. Although robust authentication forms the cornerstone of remote service security, it can still leave users vulnerable to credential disclosure, device-theft attacks, session hijacking, and inadequate adaptive security measures. Risk-based Authentication (RBA) emerges as a potential solution, offering a multi-level authentication approach that enhances user experience without compromising security. In this paper, we propose a Federated Risk-based Authentication (F-RBA) framework that leverages Federated Learning to ensure privacy-centric training, keeping user data local while distributing learning across devices. Whereas traditional approaches rely on centralized storage, F-RBA introduces a distributed architecture where risk assessment occurs locally on users' devices. The framework's core innovation lies in its similarity-based feature engineering approach, which addresses the heterogeneous data challenges inherent in federated settings, a significant advancement for distributed authentication. By facilitating real-time risk evaluation across devices while maintaining unified user profiles, F-RBA achieves a balance between data protection, security, and scalability. Through its federated approach, F-RBA addresses the cold-start challenge in risk model creation, enabling swift adaptation to new users without compromising security. Empirical evaluation using a real-world multi-user dataset demonstrates the framework's effectiveness, achieving a superior true positive rate for detecting suspicious logins compared to conventional unsupervised anomaly detection models. This research introduces a new paradigm for privacy-focused RBA in distributed digital environments, facilitating advancements in federated security systems.