Presentation is loading. Please wait.

Presentation is loading. Please wait.

 Using Touchloggers To Build User Profiles Through Machine Learning Craig Dezangle.

Published byRussell Hutchinson Modified over 8 years ago

Similar presentations

Presentation on theme: " Using Touchloggers To Build User Profiles Through Machine Learning Craig Dezangle."— Presentation transcript:

1  Using Touchloggers To Build User Profiles Through Machine Learning Craig Dezangle

2 Roadmap  Brief Introduction to Malware  Two approaches to Touchloggers  The Research Results  Random Forest Algorithm  Questions

3 Brief Introduction to Malware  Virus – attached to executable files  Worms – standalone program that spreads  Trojan Horses – facilitates unauthorized access to user’s system  Rootkits – changes OS to give intruder access  Keyloggers – keeps a log of keys struck

4 Found Two Research Articles  Article 1: “TouchLogger: Inferring Keystrokes On Touch Screen From Smartphone Motion” by Liang Cai and Hao Chen  Article 2: “From keyloggers to touchloggers: Take the rough with the smooth” by D. Damopoulos, G. Kambourakis, S. Gritzalis

5 TouchLogger: Inferring Keystrokes On Touch Screen From Smartphone Motion  They sought to determine whether keystrokes could be inferred through gyroscope and accelerometer readings.  The touchlogger was implemented in for the android operating system.  Initial results were 70% effective.

6 Motion of a smart phone  Authors determined that motion during typing depended on factors such as:  Striking force of hand  Resistance of supportive hand  Landing location of typing finger  Position of supportive hand  The researchers chose to use orientation events to capture motion.

7 Data collected  Through the touchlogger application there were able to store a record of orientation events consisting of:  α : When the device rotates along the Z-axis (pendicular to the screen plane), ( azimuth ) changes in [0,360).  β : When the device rotates along the X-axis (parallel to the shorter side of the screen), ( pitch ) changes in [ − 180,180).  γ : When the device rotates along the Y-axis (parallel to the longer side of the screen), ( roll ) changes in [ − 90,90).  t : Time of the orientation event  L i : Label of the key  t i s : Starting time of event  t i e : Ending time of event

8 Method 1. Discard α 2. Calculates motion caused by typing β i = β i ′−β ′, γ i = γ i ′−γ ′ 3. Calculate AUB (Angle of Upper Bisector) and ALB (Angle of Lower Bisector) 4. Calculates the mean ( μ k AUB, μ k ALB ) and standard deviation ( σ k AUB, σ k ALB ) for each key k.

9 Method Cont. 5. Used:

10 Method Cont. 6. Calculate AU and AL 7. Calculate μ k AU, μ k AL, σ i AU, σ k AL 8. Determine key probabilities:

11 Example

12 From keyloggers to touchloggers: Take the rough with the smooth  They sought to build a touchlogger that could build user profiles to prevent system intrusion.  The touchlogger was implemented in for the iOS.  Results varied per learning algorithm, but Random Forest in virtually all cases kept intruder out and let in authorized users 99% of the time.

13 What the iOS touchlogger had to do  Gain root permissions to be able to hook and override internal OS methods which are responsible for the detection and management of touch events. Accomplished by Jailbreaking  Run in the background of the OS and constantly track and collect user’s touch behavior. Required version 4 and above

14

15 Methodology  For the experiment they logged touch events of eighteen participants from age 22-36 years old in order to build user profiles.  Every 24 hours the application would send data to the server for profile building  The analysis was performed on a 2.53 GHz Intel Core 2 Duo T7200 CPU and 8 GB of RAM laptop operating with OS X Mountain Lion. The experiments was carried out using the Waikato Environment for Knowledge Analysis.  Applied four different Machine learning techniques  Random Forest, Bayesian Networks, KNN, RBF

16 Results

17 Random Forest Algorithm  Is used for classification and regression.  Relies upon the use of many decision trees.  Accuracy and variable importance are part of the results  Splits data into two categories:  Training set is used to estimate error (1/3 of data)  Test set is used to determine results (2/3 of data)

18 Random Forest Algorithm

19 Questions  What are the odds of being infected with a touchlogger?  Would you want a record of your touch events stored somewhere even if it was to fight intruders?  Would you install a touchlogger on your child’s phone to monitor activity?

20 Conclusion  Brief Introduction to Malware  Two approaches to Touchloggers  The Research Results  Random Forest Algorithm  Questions

21 Works Cited D. Damopoulos, G. Kambourakis, S. Gritzalis, From keyloggers to touchloggers: Take the rough with the smooth, Computers & Security, Volume 32, February 2013, Pages 102-114 Liang Cai and Hao Chen. 2011. TouchLogger: inferring keystrokes on touch screen from smartphone motion. In Proceedings of the 6th USENIX conference on Hot topics in security (HotSec'11). USENIX Association, Berkeley, CA, USA, 9-9.

22 Works Cited F. Livingston. Implementation of breiman's random forest machine learning algorithm. Machine Learning Journal Paper, Fall 2005. DC602028. Android Keylogger – Take Control of what is going on?. DEF-CON, 17 Feb. 2013. Web. 26 Feb 2013

Download ppt " Using Touchloggers To Build User Profiles Through Machine Learning Craig Dezangle."

Similar presentations

Parameter Tampering. Attacking the Ecommerce Shopping Cart In the above image we see that a user who wants to purchase a Television visits an online Store.

Parameter Tampering. Attacking the Ecommerce Shopping Cart In the above image we see that a user who wants to purchase a Television visits an online Store.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
1 Distributed Systems Meet Economics: Pricing in Cloud Computing Hadi Salimi Distributed Systems Lab, School of Computer Engineering, Iran University of.

1 Distributed Systems Meet Economics: Pricing in Cloud Computing Hadi Salimi Distributed Systems Lab, School of Computer Engineering, Iran University of.
Cryptography and Network Security Chapter 20 Intruders

Cryptography and Network Security Chapter 20 Intruders
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,

Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.

Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Mobile Sensor Application Group 4. Introduction Modern smartphones are often equipped with quite a large number of sensors. The sensors data can be used.

Mobile Sensor Application Group 4. Introduction Modern smartphones are often equipped with quite a large number of sensors. The sensors data can be used.
Ambulation : a tool for monitoring mobility over time using mobile phones Computational Science and Engineering, 2009. CSE '09. International Conference.

Ambulation : a tool for monitoring mobility over time using mobile phones Computational Science and Engineering, CSE '09. International Conference.
A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID.

A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID.
Mobile Operating System Security A PRESENTATION BY DANIEL ADAMS CSC 345 DR. BOX.

Mobile Operating System Security A PRESENTATION BY DANIEL ADAMS CSC 345 DR. BOX.
Data Security.

Data Security.
Protecting Your Computer & Your Information

Protecting Your Computer & Your Information
IIT Indore © Neminah Hubballi

IIT Indore © Neminah Hubballi
Improving Intrusion Detection System Taminee Shinasharkey CS689 11/2/00.

Improving Intrusion Detection System Taminee Shinasharkey CS689 11/2/00.
COMP 2903 A27 – Why Spyware Poses Multiple Threats to Security Danny Silver JSOCS, Acadia University.

COMP 2903 A27 – Why Spyware Poses Multiple Threats to Security Danny Silver JSOCS, Acadia University.
TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion Liang Cai and Hao Chen UC Davis.

TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion Liang Cai and Hao Chen UC Davis.
Case Study: Telecommuting Mark Nowakowski, Tom Coyne, Jhonatan Sanchez.

Case Study: Telecommuting Mark Nowakowski, Tom Coyne, Jhonatan Sanchez.

Similar presentations

Ads by Google