PassREfinder: Credential Stuffing Risk Prediction by Representing Password Reuse between Websites on a Graph
Jaehan Kim, Minkyoo Song, Minjae Seo, Youngjin Jin, Seungwon Shin
IEEE Symposium on Security and Privacy 2024 · Day 1 · Continental Ballroom 6
In the contemporary digital landscape, where individuals manage an ever-increasing number of online accounts, the convenience of reusing passwords across multiple services has unfortunately become a widespread practice. This behavior, known as **password reuse**, significantly amplifies the risk of **credential stuffing** attacks. This talk, presented by Jaehan Kim from NSS Lab at KIST, advised by Professor Seungwon Shin, introduces **PassREfinder**, a novel Graph Neural Network (GNN)-based framework designed to predict the risk of credential stuffing by modeling password reuse relationships between websites.
AI review
PassREfinder presents a novel GNN-based framework for proactive credential stuffing risk prediction by modeling password reuse on a graph. It leverages publicly available website data to ensure privacy and delivers impressive performance, particularly in inductive settings for unknown websites. This work provides actionable intelligence for targeted security measures, shifting defense from reactive to efficient, data-driven prevention.