Anomaly Detection for Hypergate authentication requests


Development and evaluation of different approaches for the application of anomaly detection on login data collected by the Hypergate SSO app.

Key words

Anomaly detection, conditional access, market basket analysis, clustering, Python


Different anomaly detection approaches and methods should be researched, developed and objectively evaluated. These approaches must return a score between 0 and 1, which defines how unusual an authentication request is.

Starting point

Hypergate is a single sign-on application used in the enterprise environment. With the addition of conditional access rules, its security possibilities should be improved and extended. Precisely, an anomaly score for each login should be computed which can be used as a trigger for further additional security actions.


We created three different models applicable as anomaly detection systems in the Hypergate context. Model 1 assesses the single attributes of a login separately based on frequency and a membership-test. Model 2 is based on association rule mining used in Market Basket algorithms. Model 3 uses the K-Prototypes clustering algorithm. The models were evaluated using a custom developed evaluation concept including four different test cases. The best results were achieved by Model 2.

Project information
Industry partner

Lukas Schönbächler, Papers AG / Hypergate

Project team

Tobias Bossert, tobias.bossert@students.fhnw.ch

My-Nhien Nguyen, mynhien.nguyen@students.fhnw.ch


Prof. Dr. Michael Graber michael.graber@fhnw.ch

<< zurück