Active authentication for mobile devices utilising behaviour profiling.

With nearly 6 billion subscribers around the world, mobile devices have become an indispensable component in modern society. The majority of these devices rely upon passwords and personal identification numbers as a form of user authentication, and the weakness of these point-of-entry techniques is widely documented. Active authentication is designed to overcome this problem by utilising biometric techniques to continuously assess user identity. This paper describes a feasibility study into a behaviour profiling technique that utilises historical application usage to verify mobile users in a continuous manner. By utilising a combination of a rule-based classifier, a dynamic profiling technique and a smoothing function, the best experimental result for a users overall application usage was an equal error rate of 9.8 %. Based upon this result, the paper proceeds to propose a novel behaviour profiling framework that enables a user’s identity to be verified through their application usage in a continuous and transparent manner. In order to balance the trade-off between security and usability, the framework is designed in a modular way that will not reject user access based upon a single application activity but a number of consecutive abnormal application usages. The proposed framework is then evaluated through simulation with results of 11.45 and 4.17 % for the false rejection rate and false acceptance rate, respectively. In comparison with point-of-entry-based approaches, behaviour profiling provides a significant improvement in both the security afforded to the device and user convenience

Behaviour Profiling for Mobile Devices

With more than 5 billion users globally, mobile devices have become ubiquitous in our daily life. The modern mobile handheld device is capable of providing many multimedia services through a wide range of applications over multiple networks as well as on the handheld device itself. These services are predominantly driven by data, which is increasingly associated with sensitive information. Such a trend raises the security requirement for reliable and robust verification techniques of users.This thesis explores the end-user verification requirements of mobile devices and proposes a novel Behaviour Profiling security framework for mobile devices. The research starts with a critical review of existing mobile technologies, security threats and mechanisms, and highlights a broad range of weaknesses. Therefore, attention is given to biometric verification techniques which have the ability to offer better security. Despite a large number of biometric works carried out in the area of transparent authentication systems (TAS) and Intrusion Detection Systems (IDS), each have a set of weaknesses that fail to provide a comprehensive solution. They are either reliant upon a specific behaviour to enable the system to function or only capable of providing security for network based services. To this end, the behaviour profiling technique is identified as a potential candidate to provide high level security from both authentication and IDS aspects, operating in a continuous and transparent manner within the mobile host environment.This research examines the feasibility of a behaviour profiling technique through mobile users general applications usage, telephone, text message and multi-instance application usage with the best experimental results Equal Error Rates (EER) of 13.5%, 5.4%, 2.2% and 10% respectively. Based upon this information, a novel architecture of Behaviour Profiling on mobile devices is proposed. The framework is able to provide a robust, continuous and non-intrusive verification mechanism in standalone, TAS or IDS modes, regardless of device hardware configuration. The framework is able to utilise user behaviour to continuously evaluate the system security status of the device. With a high system security level, users are granted with instant access to sensitive services and data, while with lower system security levels, users are required to reassure their identity before accessing sensitive services.The core functions of the novel framework are validated through the implementation of a simulation system. A series of security scenarios are designed to demonstrate the effectiveness of the novel framework to verify legitimate and imposter activities. By employing the smoothing function of three applications, verification time of 3 minutes and a time period of 60 minutes of the degradation function, the Behaviour Profiling framework achieved the best performance with False Rejection Rate (FRR) rates of 7.57%, 77% and 11.24% for the normal, protected and overall applications respectively and with False Acceptance Rate (FAR) rates of 3.42%, 15.29% and 4.09% for their counterparts

Behaviour based anomaly detection system for smartphones using machine learning algorithm

In this research, we propose a novel, platform independent behaviour-based anomaly detection system for smartphones. The fundamental premise of this system is that every smartphone user has unique usage patterns. By modelling these patterns into a profile we can uniquely identify users. To evaluate this hypothesis, we conducted an experiment in which a data collection application was developed to accumulate real-life dataset consisting of application usage statistics, various system metrics and contextual information from smartphones. Descriptive statistical analysis was performed on our dataset to identify patterns of dissimilarity in smartphone usage of the participants of our experiment. Following this analysis, a Machine Learning algorithm was applied on the dataset to create a baseline usage profile for each participant. These profiles were compared to monitor deviations from baseline in a series of tests that we conducted, to determine the profiling accuracy. In the first test, seven day smartphone usage data consisting of eight features and an observation interval of one hour was used and an accuracy range of 73.41% to 100% was achieved. In this test, 8 out 10 user profiles were more than 95% accurate. The second test, utilised the entire dataset and achieved average accuracy of 44.50% to 95.48%. Not only these results are very promising in differentiating participants based on their usage, the implications of this research are far reaching as our system can also be extended to provide transparent, continuous user authentication on smartphones or work as a risk scoring engine for other Intrusion Detection System

Continuous User Authentication Using Multi-Modal Biometrics

It is commonly acknowledged that mobile devices now form an integral part of an individual’s everyday life. The modern mobile handheld devices are capable to provide a wide range of services and applications over multiple networks. With the increasing capability and accessibility, they introduce additional demands in term of security. This thesis explores the need for authentication on mobile devices and proposes a novel mechanism to improve the current techniques. The research begins with an intensive review of mobile technologies and the current security challenges that mobile devices experience to illustrate the imperative of authentication on mobile devices. The research then highlights the existing authentication mechanism and a wide range of weakness. To this end, biometric approaches are identified as an appropriate solution an opportunity for security to be maintained beyond point-of-entry. Indeed, by utilising behaviour biometric techniques, the authentication mechanism can be performed in a continuous and transparent fashion. This research investigated three behavioural biometric techniques based on SMS texting activities and messages, looking to apply these techniques as a multi-modal biometric authentication method for mobile devices. The results showed that linguistic profiling; keystroke dynamics and behaviour profiling can be used to discriminate users with overall Equal Error Rates (EER) 12.8%, 20.8% and 9.2% respectively. By using a combination of biometrics, the results showed clearly that the classification performance is better than using single biometric technique achieving EER 3.3%. Based on these findings, a novel architecture of multi-modal biometric authentication on mobile devices is proposed. The framework is able to provide a robust, continuous and transparent authentication in standalone and server-client modes regardless of mobile hardware configuration. The framework is able to continuously maintain the security status of the devices. With a high level of security status, users are permitted to access sensitive services and data. On the other hand, with the low level of security, users are required to re-authenticate before accessing sensitive service or data

The Feasibility of Using Behavioural Profiling Technique for Mitigating Insider Threats: Review

Insider threat has become a serious issue to the many organizations. Various companies are increasingly deploying many information technologies to prevent unauthorized access to getting inside their system. Biometrics approaches have some techniques that contribute towards controlling the point of entry. However, these methods mainly are not able to continuously validate the users reliability. In contrast behavioral profiling is one of the biometrics technologies but it focusing on the activities of the users during using the system and comparing that with a previous history. This paper presents a comprehensive analysis, literature review and limitations on behavioral profiling approach and to what extent that can be used for mitigating insider misuse

Transparent authentication: Utilising heart rate for user authentication

There has been exponential growth in the use of wearable technologies in the last decade with smart watches having a large share of the market. Smart watches were primarily used for health and fitness purposes but recent years have seen a rise in their deployment in other areas. Recent smart watches are fitted with sensors with enhanced functionality and capabilities. For example, some function as standalone device with the ability to create activity logs and transmit data to a secondary device. The capability has contributed to their increased usage in recent years with researchers focusing on their potential. This paper explores the ability to extract physiological data from smart watch technology to achieve user authentication. The approach is suitable not only because of the capacity for data capture but also easy connectivity with other devices - principally the Smartphone. For the purpose of this study, heart rate data is captured and extracted from 30 subjects continually over an hour. While security is the ultimate goal, usability should also be key consideration. Most bioelectrical signals like heart rate are non-stationary time-dependent signals therefore Discrete Wavelet Transform (DWT) is employed. DWT decomposes the bioelectrical signal into n level sub-bands of detail coefficients and approximation coefficients. Biorthogonal Wavelet (bior 4.4) is applied to extract features from the four levels of detail coefficents. Ten statistical features are extracted from each level of the coffecient sub-band. Classification of each sub-band levels are done using a Feedforward neural Network (FF-NN). The 1 st , 2 nd , 3 rd and 4 th levels had an Equal Error Rate (EER) of 17.20%, 18.17%, 20.93% and 21.83% respectively. To improve the EER, fusion of the four level sub-band is applied at the feature level. The proposed fusion showed an improved result over the initial result with an EER of 11.25% As a one-off authentication decision, an 11% EER is not ideal, its use on a continuous basis makes this more than feasible in practice

A novel behaviour profiling approach to continuous authentication for mobile applications

The growth in smartphone usage has led to increased user concerns regarding privacy and security. Smartphones contain sensitive information, such as personal data, images, and emails, and can be used to perform various types of activity, such as transferring money via mobile Internet banking, making calls and sending emails. As a consequence, concerns regarding smartphone security have been expressed and there is a need to devise new solutions to enhance the security of mobile applications, especially after initial access to a mobile device. This paper presents a novel behavioural profiling approach to user identity verification as part of mobile application security. A study involving data collected from 76 users over a 1-month period was conducted, generating over 3 million actions based on users' interactions with their smartphone. The study examines a novel user interaction approach based on supervised machine learning algorithms, thereby enabling a more reliable identity verification method. The experimental results show that users could be distinguished via their behavioural profiling upon each action within the application, with an average equal error rate of 26.98% and the gradient boosting classifier results prove quite compelling. Based on these findings, this approach is able to provide robust, continuous and transparent authentication