ShibBlue

Our team built a risk-based authentication system for Shibboleth IdP that enhances account security through behavioral analysis and machine learning. When users log in, behavioral biometrics are collected and analyzed by a neural network to assess the risk level of each authentication attempt. What makes this approach unique is that the neural network adapts to each individual user’s behavior rather than comparing them against average login patterns. The system learns what’s normal for each specific user and flags deviations that could indicate account compromise.

The behavioral data is ensembled with additional security heuristics including IP reputation analysis and impossible travel detection, creating a comprehensive risk assessment that makes account takeovers significantly more difficult. All of this data is stored on a sharded Citus (PostgreSQL) database that can efficiently handle hundreds of millions of rows with excellent performance.

We engineered all features from scratch and built our own data collection infrastructure. To support the training process, we created a heuristic generator to backfill known legitimate logins with appropriate scores. We also developed a synthetic data generator that produces realistic malicious login patterns, which allows universities to deploy the system even if they haven’t experienced prior account takeovers.

The integration with Shibboleth IdP is handled through a custom Java plugin that intercepts the login flow and communicates with our Flask backend server. The backend runs a PyTorch neural network optimized for training on both NVIDIA CUDA and Apple MPS hardware, ensuring efficient model training and inference at scale.