Distributed detection of anomalous internet sessions

Financial service providers are moving many services online reducing their costs and facilitating customers¿ interaction. Unfortunately criminals have quickly found several ways to avoid most security measures applied to browsers and banking sites. The use of highly dangerous malware has become the most significant threat and traditional signature-detection methods are nowadays easily circumvented due to the amount of new samples and the use of sophisticated evasion techniques. Antivirus vendors and malware experts are pushed to seek for new methodologies to improve the identification and understanding of malicious applications behavior and their targets. Financial institutions are now playing an important role by deploying their own detection tools against malware that specifically affect their customers. However, most detection approaches tend to base on sequence of bytes in order to create new signatures. This thesis approach is based on new sources of information: the web logs generated from each banking session, the normal browser execution and customers mobile phone behavior. The thesis can be divided in four parts: The first part involves the introduction of the thesis along with the presentation of the problems and the methodology used to perform the experimentation. The second part describes our contributions to the research, which are based in two areas: *Server side: Weblogs analysis. We first focus on the real time detection of anomalies through the analysis of web logs and the challenges introduced due to the amount of information generated daily. We propose different techniques to detect multiple threats by deploying per user and global models in a graph based environment that will allow increase performance of a set of highly related data. *Customer side: Browser analysis. We deal with the detection of malicious behaviors from the other side of a banking session: the browser. Malware samples must interact with the browser in order to retrieve or add information. Such relation interferes with the normal behavior of the browser. We propose to develop models capable of detecting unusual patterns of function calls in order to detect if a given sample is targeting an specific financial entity. In the third part, we propose to adapt our approaches to mobile phones and Critical Infrastructures environments. The latest online banking attack techniques circumvent protection schemes such password verification systems send via SMS. Man in the Mobile attacks are capable of compromising mobile devices and gaining access to SMS traffic. Once the Transaction Authentication Number is obtained, criminals are free to make fraudulent transfers. We propose to model the behavior of the applications related messaging services to automatically detect suspicious actions. Real time detection of unwanted SMS forwarding can improve the effectiveness of second channel authentication and build on detection techniques applied to browsers and Web servers. Finally, we describe possible adaptations of our techniques to another area outside the scope of online banking: critical infrastructures, an environment with similar features since the applications involved can also be profiled. Just as financial entities, critical infrastructures are experiencing an increase in the number of cyber attacks, but the sophistication of the malware samples utilized forces to new detection approaches. The aim of the last proposal is to demonstrate the validity of out approach in different scenarios. Conclusions. Finally, we conclude with a summary of our findings and the directions for future work

Unlocking User Identity: A Study on Mouse Dynamics in Dual Gaming Environments for Continuous Authentication

With the surge in information management technology reliance and the looming presence of cyber threats, user authentication has become paramount in computer security. Traditional static or one-time authentication has its limitations, prompting the emergence of continuous authentication as a frontline approach for enhanced security. Continuous authentication taps into behavior-based metrics for ongoing user identity validation, predominantly utilizing machine learning techniques to continually model user behaviors. This study elucidates the potential of mouse movement dynamics as a key metric for continuous authentication. By examining mouse movement patterns across two contrasting gaming scenarios - the high-intensity Team Fortress and the low-intensity strategic Poly Bridge the research illuminates the distinct behavioral imprints users leave behind. Such consistent and unique mouse movements emphasize their credibility as reliable biometric markers. The developed sequential model in this research not only demonstrates impressive performance in user verification across these environments but also surpasses benchmarks set by prior research in the field. These findings underscore the potential of mouse movements in revolutionizing the continuous authentication domain, offering heightened security while capturing the intricacies of user behavior across diverse contexts

From user browsing behaviour to user demographics

Dissertation presented as the partial requirement for obtaining a Master's degree in Information Management, specialization in Information Systems and Technologies ManagementA Internet conta hoje com mais de 3 mil milhões de utilizadores e esse valor não para de aumentar. Desta forma, proporcionar uma experiência online agradável aos seus utilizadores é cada vez mais importante para as empresas. De modo a tirar partido dos benefícios deste crescimento, as empresas devem ser capazes de identificar os seus clientes-alvo dentro do total de utilizadores; e, subsequentemente, personalizar a sua experiência online. Existem diversas formas de estudar o comportamento online dos utilizadores; no entanto, estas não são ideais e existe uma ampla margem para melhoria. A inovação nesta área pode comportar um grande potencial comercial e até ser disruptiva. Com isto em mente, proponho-me a estudar a possível criacão de um sistema de aprendizagem automática (machine learning) que permita prever informa ações demográficas dos utilizadores estritamente com base no seu comportamento online. Tal sistema poderia constituir uma alternativa às atuais opções, que são mais invasivas; mitigando assim preocupações ao nível da proteção de dados pessoais. No primeiro capítulo (Introdução) explico a motivação para o estudo do comportamento dos utilizadores online por parte de empresas, e descrevo as opções disponíveis atualmente. Apresento também a minha proposta e o contexto em que assenta. O capítulo termina com a identicação de limitações que possam existir a priori. O segundo capítulo (Machine Learning) fornece uma introdução sobre machine learning, com o estudo dos algoritmos que vão ser utilizados e explicando como analisar os resultados. O terceiro capítulo (Implementação) explica a implementação do sistema proposto e descreve o sistema que desenvolvi no decorrer deste estudo, e como integra-lo em sistemas já existentes. No quarto capítulo (Análise e manipulação dos dados), mostro os dados compilados e explico como os recolhi e manipulei para testar a hipótese. No quinto capítulo (Análise de dados e discussão) vemos como e que os dados recolhidos foram usados pelos vários algoritmos para descobrir como se correlacionam com dados dos utilizadores e analiso e discuto os resultados observados. Por fim, o sexto e último capítulo apresenta as conclusões. Dependendo dos resultados, mostro como a hipótese poderia ser melhor testada, ou então discuto os próximos passos para tornar o sistema realidade

Application of Machine Learning to User Behavior-Based Authentication in Smartphone and Web

Authentication is the preliminary security mechanism employed in the information system to identify the legitimacy of the user. With technological advancements, hackers with sophisticated techniques easily crack single-factor authentication (username and password). Therefore, organizations started to deploy multi-factor authentication (MFA) to increase the complexity of the access to the system. Despite the MFA increasing the security of the digital service, the usable security should be given equal importance. The user behavior-based authentication provides a means to analyze the user interaction with the system in a non-intrusive way to identify the user legitimacy. This chapter presents a review of user behavior-based authentication in smartphones and websites. Moreover, the review highlights some of the common features, techniques, and evaluation criteria usually considered in the development of user behavior profiling

Towards Lightweight Secure User-Transparent And Privacy-Preserving Web Metering

Privacy is an issue today as more people are actively connecting and participating in the Internet. Problems arise when such concerning issue is coupled with security requirements of online applications. The web metering problem is the problem of counting the number of visits done by users to a webserver, additionally capturing data about these visits. There are trade-o s between designing secure web metering solutions and preserving users' privacy. There is also a dilemma between privacy preserving solutions versus accuracy of results. The problem becomes more difficult when the main interacting party, the user, is not inherently interested to participate and operations need to be carried out transparently. This thesis addresses the web metering problem in a hostile environment and proposes different web metering solutions. The web metering solutions operate in an environment where webservers or attackers are capable of invading users' privacy or modifying the web metering result. Threats in such environment are identified, using a well established threat model with certain assumptions, which are then used to derive privacy, security and functional requirements. Those requirements are used to show shortcomings in previous web metering schemes, which are then addressed by our proposed solutions. The central theme of this thesis is user's privacy by user-transparent solutions. Preserving users' privacy and designing secure web metering solutions that operate transparently to the user are two main goals of this research. Achieving the two goals can conflict with other requirements and such exploration was missed by former solutions in the literature. Privacy issues in this problem are the result of the dilemma of convincing interested parties of web metering results with sufficient details and non-repudiation evidence that can still preserve users' privacy. Relevant privacy guidelines are used to discuss and analyse privacy concerns in the context of the problem and consequently privacy-preserving solutions are proposed. Also, improving the usability through \securely" redesigning already used solutions will help into wider acceptance and universal deployment of the new solutions. Consequently, secure and privacy-preserving web metering solutions are proposed that operate transparently to the visitor. This thesis describes existing web metering solutions and analyses them with respect to different requirements and desiderata. It also describes and analyses new solutions which use existing security and authentication protocols, hardware devices and analytic codes. The proposed solutions provide a reasonable trade-o among privacy, security, accuracy and transparency. The first proposed solution, transparently to the user, reuses Identity Management Systems and hash functions for web metering purposes. The second hardware-based solution securely and transparently uses hardware devices and existing protocols in a privacy-preserving manner. The third proposed solution transparently collects different "unique" users' data and analyses fingerprints using privacy-preserving codes

Collocated Collaboration Analytics: Principles and Dilemmas for Mining Multimodal Interaction Data

© 2019, Copyright © 2017 Taylor & Francis Group, LLC. Learning to collaborate effectively requires practice, awareness of group dynamics, and reflection; often it benefits from coaching by an expert facilitator. However, in physical spaces it is not always easy to provide teams with evidence to support collaboration. Emerging technology provides a promising opportunity to make collocated collaboration visible by harnessing data about interactions and then mining and visualizing it. These collocated collaboration analytics can help researchers, designers, and users to understand the complexity of collaboration and to find ways they can support collaboration. This article introduces and motivates a set of principles for mining collocated collaboration data and draws attention to trade-offs that may need to be negotiated en route. We integrate Data Science principles and techniques with the advances in interactive surface devices and sensing technologies. We draw on a 7-year research program that has involved the analysis of six group situations in collocated settings with more than 500 users and a variety of surface technologies, tasks, grouping structures, and domains. The contribution of the article includes the key insights and themes that we have identified and summarized in a set of principles and dilemmas that can inform design of future collocated collaboration analytics innovations

How do different devices impact users' web browsing experience?

The digital world presents many interfaces, among which the desktop and mobile device platforms are dominant. Grasping the differential user experience (UX) on these devices is a critical requirement for developing user focused interfaces that can deliver enhanced satisfaction. This study specifically focuses on the user's web browsing experience while using desktop and mobile. The thesis adopts quantitative methodology. This amalgamation presents a comprehensive understanding of the influence of device specific variables, such as loading speed, security concerns and interaction techniques, which are critically analyzed. Moreover, various UX facets including usability, user interface (UI) design, accessibility, content organization, and user satisfaction on both devices were also discussed. Substantial differences are observed in the UX delivered by desktop and mobile devices, dictated by inherent device attributes and user behaviors. Mobile UX is often associated with personal, context sensitive use, while desktop caters more effectively to intensive, extended sessions. A surprising revelation is the existing discrepancy between the increasing popularity of mobile devices and the persistent inability of many websites and applications to provide a satisfactory mobile UX. This issue primarily arises from the ineffective adaptation of desktop-focused designs to the mobile, underscoring the necessity for distinct, device specific strategies in UI development. By furnishing pragmatic strategies for designing efficient, user-friendly and inclusive digital interfaces for both devices; the thesis contributes significantly to the existing body of literature. An emphasis is placed on a device-neutral approach in UX design, taking into consideration the unique capabilities and constraints of each device, thereby enriching the expanding discourse on multiservice user experience. As well as this study contributes to digital marketing and targe­ted advertising perspe­ctives

How do different devices impact users' web browsing experience?

The digital world presents many interfaces, among which the desktop and mobile device platforms are dominant. Grasping the differential user experience (UX) on these devices is a critical requirement for developing user focused interfaces that can deliver enhanced satisfaction. This study specifically focuses on the user's web browsing experience while using desktop and mobile. The thesis adopts quantitative methodology. This amalgamation presents a comprehensive understanding of the influence of device specific variables, such as loading speed, security concerns and interaction techniques, which are critically analyzed. Moreover, various UX facets including usability, user interface (UI) design, accessibility, content organization, and user satisfaction on both devices were also discussed. Substantial differences are observed in the UX delivered by desktop and mobile devices, dictated by inherent device attributes and user behaviors. Mobile UX is often associated with personal, context sensitive use, while desktop caters more effectively to intensive, extended sessions. A surprising revelation is the existing discrepancy between the increasing popularity of mobile devices and the persistent inability of many websites and applications to provide a satisfactory mobile UX. This issue primarily arises from the ineffective adaptation of desktop-focused designs to the mobile, underscoring the necessity for distinct, device specific strategies in UI development. By furnishing pragmatic strategies for designing efficient, user-friendly and inclusive digital interfaces for both devices; the thesis contributes significantly to the existing body of literature. An emphasis is placed on a device-neutral approach in UX design, taking into consideration the unique capabilities and constraints of each device, thereby enriching the expanding discourse on multiservice user experience. As well as this study contributes to digital marketing and targe­ted advertising perspe­ctives

Adaptive and Reactive Rich Internet Applications

In this thesis we present the client-side approach of Adaptive and Reactive Rich Internet Applications as the main result of our research into how to bring in time adaptivity to Rich Internet Applications. Our approach leverages previous work on adaptive hypermedia, event processing and other research disciplines. We present a holistic framework covering the design-time as well as the runtime aspects of Adaptive and Reactive Rich Internet Applications focusing especially on the run-time aspects