Behavior-based Authentication Systems

Slides:

Advertisements

Similar presentations

Enhancing Security Using Mobile Based Anomaly Detection in Cellular Mobile Networks Bo Sun, Fei Yu, KuiWu, Yang Xiao, and Victor C. M. Leung. Presented.

Advertisements

QR Code Recognition Based On Image Processing

Reporter: Jing Chiu Advisor: Yuh-Jye Lee /7/181Data Mining & Machine Learning Lab.

Sensor-Based Abnormal Human-Activity Detection Authors: Jie Yin, Qiang Yang, and Jeffrey Junfeng Pan Presenter: Raghu Rangan.

Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.

BIOMETRICS AND NETWORK AUTHENTICATION Security Innovators.

Research Experiment Design Sprint: Keystroke Biometric Intrusion Detection Ned Bakelman Advisor: Dr. Charles Tappert.

 Firewalls and Application Level Gateways (ALGs)  Usually configured to protect from at least two types of attack ▪ Control sites which local users.

Experimental Evaluation in Computer Science: A Quantitative Study Paul Lukowicz, Ernst A. Heinz, Lutz Prechelt and Walter F. Tichy Journal of Systems and.

1 Abstract This paper presents a novel modification to the classical Competitive Learning (CL) by adding a dynamic branching mechanism to neural networks.

Keystroke Biometric Studies Security Research at Pace Keystroke Biometric Drs. Charles Tappert and Allen Stix Seidenberg School of CSIS.

Keystroke Biometric Studies Assignment 2 – Review of the Literature Case Study – Keystroke Biometric Describe problem investigated (intro + abstract) Developed.

Unsupervised Intrusion Detection Using Clustering Approach Muhammet Kabukçu Sefa Kılıç Ferhat Kutlu Teoman Toraman 1/29.

GUIDE TO BIOMETRICS CHAPTER I & II September 7 th 2005 Presentation by Tamer Uz.

Keystroke Biometric Studies Keystroke Biometric Identification and Authentication on Long-Text Input Book chapter in Behavioral Biometrics for Human Identification.

1 The Expected Performance Curve Samy Bengio, Johnny Mariéthoz, Mikaela Keller MI – 25. oktober 2007 Kresten Toftgaard Andersen.

Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.

Robert S. Zack, Charles C. Tappert, and Sung-Hyuk Cha Pace University, New York Performance of a Long-Text-Input Keystroke Biometric Authentication System.

Jacinto C. Nascimento, Member, IEEE, and Jorge S. Marques

Authors: Anastasis Kounoudes, Anixi Antonakoudi, Vasilis Kekatos

Battle of Botcraft: Fighting Bots in Online Games withHuman Observational Proofs Steven Gianvecchio, Zhenyu Wu, Mengjun Xie, and Haining Wang The College.

CHURN PREDICTION MODEL IN RETAIL BANKING USING FUZZY C- MEANS CLUSTERING Džulijana Popović Consumer Finance, Zagrebačka banka d.d. Consumer Finance, Zagrebačka.

KinWrite: Handwriting-Based Authentication Using Kinect Proceedings of the 20th Annual Network & Distributed System Security Symposium, NDSS 2013 Jing.

Chapter Seven Advanced Shell Programming. 2 Lesson A Developing a Fully Featured Program.

A Statistical Anomaly Detection Technique based on Three Different Network Features Yuji Waizumi Tohoku Univ.

Intrusion Detection Jie Lin. Outline Introduction A Frame for Intrusion Detection System Intrusion Detection Techniques Ideas for Improving Intrusion.

Intrusion Detection for Grid and Cloud Computing Author Kleber Vieira, Alexandre Schulter, Carlos Becker Westphall, and Carla Merkle Westphall Federal.

IIT Indore © Neminah Hubballi

CPSC 601 Lecture Week 5 Hand Geometry. Outline: 1.Hand Geometry as Biometrics 2.Methods Used for Recognition 3.Illustrations and Examples 4.Some Useful.

Presented by Tienwei Tsai July, 2005

Keystroke Dynamics Etem DENİZ, Buğra KOCATÜRK, Gülşah YILDIZOĞLU, Ömer UZUN Boğaziçi University, CMPE, May 2010.

nd Joint Workshop between Security Research Labs in JAPAN and KOREA Profile-based Web Application Security System Kyungtae Kim High Performance.

Keystroke Biometric System Client: Dr. Mary Villani Instructor: Dr. Charles Tappert Team 4 Members: Michael Wuench ; Mingfei Bi ; Evelin Urbaez ; Shaji.

UOS 1 Ontology Based Personalized Search Zhang Tao The University of Seoul.

User Authentication Using Keystroke Dynamics Jeff Hieb & Kunal Pharas ECE 614 Spring 2005 University of Louisville.

Selim Akyokus AIA /2/ AIA 2007 ENHANCED PASSWORD AUTENTICATION THROUGH KEYSTROKE TYPING CHARACTERISTICS Ozlem Guven(1), Selim Akyokus(1),

1 K-Means+ID3 A Novel Method for Supervised Anomaly Detection by Cascading K-Means Clustering and ID3 Decision Tree Learning Methods Author : Shekhar R.

Economics 173 Business Statistics Lecture 4 Fall, 2001 Professor J. Petry

Chapter 20 Testing Hypothesis about proportions

I can be You: Questioning the use of Keystroke Dynamics as Biometrics —Paper by Tey Chee Meng, Payas Gupta, Debin Gao Presented by: Kai Li Department of.

Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University July 21, 2008WODA.

Intrusion Detection System (IDS). What Is Intrusion Detection Intrusion Detection is the process of identifying and responding to malicious activity targeted.

Login session using mouse biometrics A static authentication proposal using mouse biometrics Christopher Johnsrud Fullu 2008.

Introduction to Biometrics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #5 Issues on Designing Biometric Systems September 7, 2005.

Slide 21-1 Copyright © 2004 Pearson Education, Inc.

Voice Activity Detection based on OptimallyWeighted Combination of Multiple Features Yusuke Kida and Tatsuya Kawahara School of Informatics, Kyoto University,

Biometric for Network Security. Finger Biometrics.

Chapter 20 Classification and Estimation Classification – Feature selection Good feature have four characteristics: –Discrimination. Features.

Secure Unlocking of Mobile Touch Screen Devices by Simple Gestures – You can see it but you can not do it Muhammad Shahzad, Alex X. Liu Michigan State.

Typing Pattern Authentication Techniques 3 rd Quarter Luke Knepper.

I can be You: Questioning the use of Keystroke Dynamics as Biometrics Tey Chee Meng, Payas Gupta, Debin Gao Ke Chen.

Identifying “Best Bet” Web Search Results by Mining Past User Behavior Author: Eugene Agichtein, Zijian Zheng (Microsoft Research) Source: KDD2006 Reporter:

Keystroke Dynamics By Hafez Barghouthi.

By Kyle Bickel. Road Map Biometric Authentication Biometric Factors User Authentication Factors Biometric Techniques Conclusion.

Shadow Detection in Remotely Sensed Images Based on Self-Adaptive Feature Selection Jiahang Liu, Tao Fang, and Deren Li IEEE TRANSACTIONS ON GEOSCIENCE.

Evaluation of Gender Classification Methods with Automatically Detected and Aligned Faces Speaker: Po-Kai Shen Advisor: Tsai-Rong Chang Date: 2010/6/14.

Tom Face Recognition Software in a border control environment: Non-zero-effort-attacks' effect on False Acceptance Rate.

TING-YI CHANG ( 張庭毅 ) Phone: EXT 7381 GRADUATE INSTITUTE OF E-LEARNING, NATIONAL CHANGHUA UNIVERSITY OF EDUCATION.

Signature Recognition Using Neural Networks and Rule Based Decision Systems CSC 8810 Computational Intelligence Instructor Dr. Yanqing Zhang Presented.

Introduction to Machine Learning, its potential usage in network area,

Experience Report: System Log Analysis for Anomaly Detection

Access control techniques

Chapter 21 More About Tests.

Authors Bo Sun, Fei Yu, Kui Wu, Yang Xiao, and Victor C. M. Leung.

Multi-Biometrics: Fusing At The Classification Output Level Using Keystroke and Mouse Motion Features Todd Breuer, Paola Garcia Cardenas, Anu George, Hung.

An Improved Neural Network Algorithm for Classifying the Transmission Line Faults Slavko Vasilic Dr Mladen Kezunovic Texas A&M University.

Jeyanthi Hall Ph.D. Candidate - Carleton University

Department of Electrical Engineering

Modeling IDS using hybrid intelligent systems

Presentation transcript:

Behavior-based Authentication Systems Multimedia Security

Part 1: Part 2: User Authentication Through Typing Biometrics Features User Re-Authentication via Mouse Movements

User Authentication Through Typing Biometrics Features Lívia C. F. Araújo, Luiz H. R. Sucupira Jr., Miguel G. Lizárrage, Lee L. Ling, and João B. T. Yabu-Uti, Correspondence, IEEE Transactions on Signal Processing, vol. 53, no. 2, Feb. 2005,

Introduction The login-password authentication is the most usual mechanism used to grant access. low-cost familiar to a lot of users however, fragile (careless user / weak password) The paper provides better approach to improve above one using biometric characteristics. unique cannot be stolen, lost, forgotten

Introduction (cont.) The technology used is typing biometric, keystroke dynamics. monitoring the keyboard inputs to identify users based on their habitual typing rhythm pattern The method's advantages low-cost (using keyboard) unintrusive (using a password) using a static approach (using the login session)

Some Keywords Target String The input string typed by the user and monitored by system String length is important issue. (at least ten characters) Number of Samples Samples collected during the enrollment process to compound the training set Its number varies a lot. Features key duration (the time interval that a key remains pressed) keystroke latency (the time interval between successive keystrokes)

Some Keywords (cont.) Timing Accuracy Trials of Authentication The precision of the key-up and key-down times have to be analyzed. It varies between 0.1ms ad 1000ms. Trials of Authentication The legitimate users usually fail in the first of authentication. If the user still fail in the second time, he will be considered an impostor. Adaptation Mechanism Biometric characteristics changes over time. The system need updated. Classifier k-means, Bayes, fuzzy logic, neural networks, etc.

The Approach Proposed Get target string with at least ten characters. Get ten samples. (more than ten samples may annoy the users) Analysis features: (The combination of these features is novel in this paper.) key code two keystrokes latencies key duration 1-ms time accuracy is used. An adaptation mechanism is used to update template.

Flowchart of the Methodology

Main Issue Timing Accuracy Keystroke Data Features Template Classifier Adaptation Mechanism

Timing Accuracy Since 98% of the samples' value are between 10 and 900ms, 1-ms precision is used.

Keystroke Data m characters, n keystrokes (m ≦ n) sample w, account a Each is composed of

Features key code down-down (DD) up-down (UD) (This feature may be pos. or neg.) down-up (DU) (key interval)

Features (cont.) The distance will be discussed later.

Template (constructed by ten samples)

Classifier If , the sample is considered false. Otherwise, for each time feature, calculate the distance between template and samples.

Classifier (cont.) The sample will be considered true if A user’s feature with a lower variance demands a higher threshold and vice versa.

Adaptation Mechanism If , add this sample into template and discard the oldest one. The standard deviation for each feature is modified and the threshold are modified.

Experiements 30 users (men and women between 20 and 60 years old) Three situation Legitimate user authentication Imposter user authentication Observer imposter user authentication Seven experiments 1) only DD; 2) only UD; 3) only DU; 4) DD and UD; 5) DD and DU; 6) UD and DU; 7) DD, UD, and DU

Result False Acceptance Rate (FAR) False Rejection Rate (FRR) Zero FAR Zero FRR Equal Error Rate (EER)

Only DD time; Only UD time; Only DU time; DD and UD times; DD and DU times; UD and DU times; DD, UD, and DU times.

Discussion A target string with capital letters increases the difficulty of authentication. The familiarity of the target string to the user has a significant impact. (FRR 17.26%) One-trial authentication significantly increase the FRR. (FRR 11.57%) The adaptation mechanism decreases both rate. (FAR 4.70% FRR 4.16%)

Discussion (cont.) If the adaptation mechanism is always activated, the FAR increase a lot. (FAR 9.4% FRR 3.8%) A higher timing accuracy decreases both rate. (FRR 1.63% FAR 3.97) FRR increases as the number of samples is reduced.

Conclusion The method applied uses just one target string and ten samples in enrollment. The best performance was achieved using a statistical classifier base on distance and the combination of four feature (key code, DD, UD, DU times) which is novel, obtaining a 1.45% FRR and 1.89% FAR. This paper shows the influence of some aspects, such as the familiarity of the target string, the two-trial authentication, the adaptation mechanism, the time accuracy, the number of samples in enrollment.

User Re-Authentication via Mouse Movements Maja Pusara and Caria E.Brodley, Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security

Outline Introduction User Re-Authentication via Mouse Movements An Empirical Evaluation Future work

Introduction(1/3) Why re-authentication? The purpose of a re-authentication system is to continually monitor the user’s behavior during the session to flag “anomalous” behavior Defend “insider attacks” Ex. Forget to logout, forget to lock… Ex. Employees, temporary workers, consultants.

Introduction(2/3) Traditional re-authentication Periodically ask the user to authentication via passwords, tokens, … . Behavioral re-authentication Direct: keystroke, mouse, … . Indirect: system call trace, program execution traces, … .

Introduction(3/3) This paper… Collect data form 18 users all working with Internet Explorer and browse the fixed webpages with fixed mouse device.

User Re-Authentication via Mouse Movements Roughly Data Collection and Feature Extraction Building a Model of Normal Behavior Anomaly Detection

The cursor movement Examine whether the mouse has moved every 100msec. User Re-Authentication via Mouse Movements Data Collection and Feature Extraction(1/4) The cursor movement Examine whether the mouse has moved every 100msec. Record distance, angle, and speed. Extract mean, standard deviation, and the third moment values over a window of N data points.

User Re-Authentication via Mouse Movements Data Collection and Feature Extraction(2/4) The mouse event NC area: the area of the menu and toolbar

The mouse event Record time of the event. User Re-Authentication via Mouse Movements Data Collection and Feature Extraction(3/4) The mouse event Record time of the event. Record distance, angle, and speed between pairs of data point A and B, where B occurs after A. Calculate the value every f (frequency) data points. Extract mean, standard deviation, and the third moment values over a window of N data points

Summary of feature extraction User Re-Authentication via Mouse Movements Data Collection and Feature Extraction(4/4) Summary of feature extraction The # of observed events in the window. (6) - events. The mean, standard deviation, and the third moment of the distance, angle, and speed between pairs of points. ( 3 * 3 * (6+1) ) - cursor & events. The mean, standard deviation, and the third moment of the X and Y coordinates. ( 3 * 2 * (6+1) ) - cursor & events.

Using supervised learning algorithm Specify the window size N User Re-Authentication via Mouse Movements Building a Model of Normal Behavior(1/1) Using supervised learning algorithm Specify the window size N Specify frequency for every categories

User Re-Authentication via Mouse Movements Anomaly Detection(1/1) Simple method Trigger an alarm each time a data point in the profile is classified as anomalous Smooth filter Require t alarms to occur in m observations of the current user’s behavior profile. If it is anomalous : asks the user to authenticate again or reports the anomaly to a system administrator.

An Empirical Evaluation(1/6) The goal of our experiments is to determine whether a user x when running an application (e.g., Internet Explorer) can be distinguished from the other n-1 users running the same application.

An Empirical Evaluation(2/6) 2/4 for training, 1/4 for parameter selection, 1/4 for testing. Data Sources 18 students 10000 unique cursor locations The same set of web pages Windows Internet Explorer Parameter selection Frequency: 1,5,10,15,20 Window size: 100,200,400,600,800,1000 Smoothing filter m: 1,3,5,7,9,11

An Empirical Evaluation(3/6) Decision Tree Classifier

An Empirical Evaluation(4/6) Pair-Wise Discrimination: Distinguish two people #6 and #18 with too few mouse movements

An Empirical Evaluation(5/6) Anomaly Detection: False positive rate: authorized user -> intruder False negative rate: intruder -> authorized user A high false positive rate means too few mouse events

An Empirical Evaluation(6/6) Smoothing Filter:

Future work Research the impact of replay attacks How best to apply unsupervised learning How to incorporate the results from different sources. (ex keystroke , mouse)