Use case 1 “Account Misuse”

The use case focuses on misuse detection of digital identities in business processes. “Abuse” is defined as the illegitimate adoption of an identity (impersonation) or the illegitimate use of an identity in business processes (e.g. according to terms and conditions). Federated methods are used both for training of and for inference with ML detectors. “Federation” can initially be defined “technically” as the division/distribution of the (evaluation of) domain entities among different organizations. It is assumed that a user claims an identity and is authenticated for a session that consists of a set of requests with the associated metadata. Both for the identity itself and for each request, a decision should then be made as to whether these are legitimate or abusive. To this end, access to the requested processes and resources can be restricted accordingly. The course of a session is considered in the authenticated context and explicitly not the protection of access data or attacks on the authentication process (see use case 5).

Use case 2 “Network Attacks”

The use case „Network Attacks“ investigates the use of federated machine learning techniques for the detection and mitigation of attacks on the network infrastructure of web-based identity management systems. In the context of this use case (distributed) denial-of-service attacks (DDoS) are considered aiming at limiting the availability of network-bound services. Typical attacks to (illegitimately) collect information about the network infrastructure and connected services, e.g., port scans, are also considered.

Use case 3 “Fraud Detection”

The use case deals with the detection of fraudulent activities. The focus is particularly on credit card fraud. The fraud consists in stealing the cardholder’s credit card information and using the information in unlawful transactions. Every payment service provider has to deal with the detection of fraud. In this use case, a federated approach is sought in which various payment service providers jointly train a fraud detection model without having to exchange training data with another company. This jointly trained model is expected to work better than a model that is trained only with data from a single company.

Use case 4 “Infiltration/Manipulation of Components in Industrial Networks”

The use case deals with the detection of attacks in industrial networks. The goal is to identify the manipulation of engineering workstations and industrial espionage by newly introduced components by analyzing the network communication and process data of the OT components. Although federation between different industrial plants would be conceivable, the focus in this use case is on the federation of data from the domains of network data and process data.

Use case 5 “Exploitation of Faulty Protocol Implementations”

The use case is located in the area of ​​the authentication of users in web apps. In particular, the OAuth 2.0 and OIDC protocols, which are integrated by NetID, are examined. The aim is to detect possible attacks that were made possible due to incorrect configuration or incorrect application of the so-called “protocol flows” used. For this purpose, data from all protocol endpoints involved should be collated on the basis of horizontal federation. A monitor should, if possible, observe the current flow during runtime and make a statement about its level of trust. This information should be passed on to the next party, e.g., the website operator, on the basis of vertical federation. In the case of a low level of trust, this information could be used in use case 3, for example, to make a statement about possible credit card fraud and, if necessary, to prevent it.