In modern communication networks, security is a vital issue, and attacks on network security tend to be increasing in terms of both number and complexity. Authentication is a process of verifying a user in a communication network. It is a critical feature to support secure communications. However, attacks on authentication processes also tend to be increasing. Accordingly, appropriately responding to such security threats is paramount in modern communication networks.
For example, attackers pursuing to steal passwords from a memory may use Mimikatz, other tools or keylogging them from keyboard inputs. These are silent actions, meaning that there is no knowledge of when a password is being stolen or which passwords have been compromised. When an attacker has a password but no information exactly on which systems the password is valid for, then he is going to try it on multiple systems, possibly even on all systems he is able to see in a local network, for example. In addition to passwords, attackers could use only the password hash with pass-the-hash hacking techniques or use existing Kerberos authentication session of a user when trying to log into all systems he sees. When using Kerberos, for example, users do not have to enter passwords. Instead, the attacker will scan the network for services he is able to access with the user's Kerberos session.
Available systems for responding to such security threats suffer from various drawbacks, and it is thus desirable to improve security so as to overcome such drawbacks.