Presentation is loading. Please wait.

Presentation is loading. Please wait.

Using Touchloggers To Build User Profiles Through Machine Learning

Published byLester Sutton Modified over 6 years ago

Similar presentations

Presentation on theme: "Using Touchloggers To Build User Profiles Through Machine Learning"— Presentation transcript:

1 Using Touchloggers To Build User Profiles Through Machine Learning

2 Roadmap Brief Introduction to Malware Two approaches to Touchloggers
The Research Results Random Forest Algorithm Questions

3 Brief Introduction to Malware
Virus – attached to executable files Worms – standalone program that spreads Trojan Horses – facilitates unauthorized access to user’s system Rootkits – changes OS to give intruder access Keyloggers – keeps a log of keys struck

4 Found Two Research Articles
Article 1: “TouchLogger: Inferring Keystrokes On Touch Screen From Smartphone Motion” by Liang Cai and Hao Chen Article 2: “From keyloggers to touchloggers: Take the rough with the smooth” by D. Damopoulos, G. Kambourakis, S. Gritzalis

5 TouchLogger: Inferring Keystrokes On Touch Screen From Smartphone Motion
They sought to determine whether keystrokes could be inferred through gyroscope and accelerometer readings. The touchlogger was implemented in for the android operating system. Initial results were 70% effective.

6 Motion of a smart phone Authors determined that motion during typing depended on factors such as: Striking force of hand Resistance of supportive hand Landing location of typing finger Position of supportive hand The researchers chose to use orientation events to capture motion.

7 Data collected Through the touchlogger application there were able to store a record of orientation events consisting of: α: When the device rotates along the Z-axis (pendicular to the screen plane), (azimuth) changes in [0,360). β: When the device rotates along the X-axis (parallel to the shorter side of the screen), (pitch) changes in [−180,180). γ: When the device rotates along the Y-axis (parallel to the longer side of the screen), (roll) changes in [−90,90). t : Time of the orientation event Li: Label of the key tis: Starting time of event tie: Ending time of event

8 Method Discardα Calculates motion caused by typing
βi=βi′−β ′,γi=γi′−γ ′ Calculate AUB (Angle of Upper Bisector) and ALB (Angle of Lower Bisector) Calculates the mean (μkAUB, μkALB) and standard deviation (σkAUB, σkALB) for each key k.

9 Method Cont. Used:

10 Method Cont. Calculate AU and AL Calculate μkAU , μkAL , σiAU , σkAL
Determine key probabilities:

11 Example

12 From keyloggers to touchloggers: Take the rough with the smooth
They sought to build a touchlogger that could build user profiles to prevent system intrusion. The touchlogger was implemented in for the iOS. Results varied per learning algorithm, but Random Forest in virtually all cases kept intruder out and let in authorized users 99% of the time.

13 What the iOS touchlogger had to do
Gain root permissions to be able to hook and override internal OS methods which are responsible for the detection and management of touch events. Accomplished by Jailbreaking Run in the background of the OS and constantly track and collect user’s touch behavior. Required version 4 and above

14 Recall, that a touchlogger can be used both defensively and offensively. So, iTL has been designed in line with this goal. It consists of two modules namely iGestureLogger (iGL) and iKeylogger (iKL). The first one is responsible to track every touch event or gesture happening on the device’s display in an effort to collect enough data to build the user’s profile for use by, say, an IDS. The other, tries to identify touch events that occur inside the area of a pre-defined soft keyboard. Then, it attempts to translate every touch to the corresponding (actual) key. If not, the corresponding touch event is dis- carded. These two modules are depicted in Fig. 1 (as (d) and (e) respectively) and as we can observe, they trigger different methods but one. Also note that these modules can operate either in tandem or independently.

15 Methodology For the experiment they logged touch events of eighteen participants from age years old in order to build user profiles. Every 24 hours the application would send data to the server for profile building The analysis was performed on a 2.53 GHz Intel Core 2 Duo T7200 CPU and 8 GB of RAM laptop operating with OS X Mountain Lion. The experiments was carried out using the Waikato Environment for Knowledge Analysis. Applied four different Machine learning techniques Random Forest, Bayesian Networks, KNN, RBF

16 Results

17 Random Forest Algorithm
Is used for classification and regression. Relies upon the use of many decision trees. Accuracy and variable importance are part of the results Splits data into two categories: Training set is used to estimate error (1/3 of data) Test set is used to determine results (2/3 of data)

18 Random Forest Algorithm

19 Questions What are the odds of being infected with a touchlogger?
Would you want a record of your touch events stored somewhere even if it was to fight intruders? Would you install a touchlogger on your child’s phone to monitor activity?

20 Conclusion Brief Introduction to Malware
Two approaches to Touchloggers The Research Results Random Forest Algorithm Questions

21 Works Cited D. Damopoulos, G. Kambourakis, S. Gritzalis, From keyloggers to touchloggers: Take the rough with the smooth, Computers & Security, Volume 32, February 2013, Pages Liang Cai and Hao Chen TouchLogger: inferring keystrokes on touch screen from smartphone motion. In Proceedings of the 6th USENIX conference on Hot topics in security (HotSec'11). USENIX Association, Berkeley, CA, USA, 9-9.

22 Works Cited F. Livingston. Implementation of breiman's random forest machine learning algorithm. Machine Learning Journal Paper, Fall 2005.  DC Android Keylogger – Take Control of what is going on?. DEF-CON, 17 Feb Web. 26 Feb 2013

Download ppt "Using Touchloggers To Build User Profiles Through Machine Learning"

Similar presentations

Slide Ruler. ? X 5 On today’s menu...  What happened with Gravity  Noise  The tool today  Fundamental Limitations  Magical Christmas Land  (Where.

Slide Ruler. ? X 5" On today’s menu...  What happened with Gravity  Noise  The tool today  Fundamental Limitations  Magical Christmas Land  (Where.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
Cryptography and Network Security Chapter 20 Intruders

Cryptography and Network Security Chapter 20 Intruders
Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.

Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.

Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Cambodia-India Entrepreneurship Development Centre - : :.... :-:-

Cambodia-India Entrepreneurship Development Centre - : :.... :-:-
Battle of Botcraft: Fighting Bots in Online Games withHuman Observational Proofs Steven Gianvecchio, Zhenyu Wu, Mengjun Xie, and Haining Wang The College.

Battle of Botcraft: Fighting Bots in Online Games withHuman Observational Proofs Steven Gianvecchio, Zhenyu Wu, Mengjun Xie, and Haining Wang The College.
Ambulation : a tool for monitoring mobility over time using mobile phones Computational Science and Engineering, 2009. CSE '09. International Conference.

Ambulation : a tool for monitoring mobility over time using mobile phones Computational Science and Engineering, CSE '09. International Conference.
IIT Indore © Neminah Hubballi

IIT Indore © Neminah Hubballi
Improving Intrusion Detection System Taminee Shinasharkey CS689 11/2/00.

Improving Intrusion Detection System Taminee Shinasharkey CS689 11/2/00.
TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion Liang Cai and Hao Chen UC Davis.

TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion Liang Cai and Hao Chen UC Davis.
Biometric System Design for Handheld Devices Team 4 Naif Alotaibi, Rich Barilla, Francisco Betances, Aditya Chohan, Alexandra Garcia, Alexander Gazarov,

Biometric System Design for Handheld Devices Team 4 Naif Alotaibi, Rich Barilla, Francisco Betances, Aditya Chohan, Alexandra Garcia, Alexander Gazarov,
AUTHORS: ASAF SHABTAI, URI KANONOV, YUVAL ELOVICI, CHANAN GLEZER, AND YAEL WEISS. 2012. ANDROMALY: A BEHAVIORAL MALWARE DETECTION FRAMEWORK FOR ANDROID.

AUTHORS: ASAF SHABTAI, URI KANONOV, YUVAL ELOVICI, CHANAN GLEZER, AND YAEL WEISS "ANDROMALY": A BEHAVIORAL MALWARE DETECTION FRAMEWORK FOR ANDROID.
Lecture 2 Title: Computer Software By: Mr Hashem Alaidaros MIS 101.

Lecture 2 Title: Computer Software By: Mr Hashem Alaidaros MIS 101.
Grant Pannell. Intrusion Detection Systems  Attempt to detect unauthorized activity  CIA – Confidentiality, Integrity, Availability  Commonly network-based.

Grant Pannell. Intrusion Detection Systems  Attempt to detect unauthorized activity  CIA – Confidentiality, Integrity, Availability  Commonly network-based.
10/11/2015 Computer virus By Al-janabi Rana J 1. 10/11/2015 A computer virus is a computer program that can copy itself and infect a computer without.

10/11/2015 Computer virus By Al-janabi Rana J 1. 10/11/2015 A computer virus is a computer program that can copy itself and infect a computer without.
HIPS Host-Based Intrusion Prevention System By Ali Adlavaran & Mahdi Mohamad Pour (M.A. Team) Life’s Live in Code Life.

HIPS Host-Based Intrusion Prevention System By Ali Adlavaran & Mahdi Mohamad Pour (M.A. Team) Life’s Live in Code Life.

Similar presentations

Ads by Google