194 research outputs found
On the Inference of Soft Biometrics from Typing Patterns Collected in a Multi-device Environment
In this paper, we study the inference of gender, major/minor (computer
science, non-computer science), typing style, age, and height from the typing
patterns collected from 117 individuals in a multi-device environment. The
inference of the first three identifiers was considered as classification
tasks, while the rest as regression tasks. For classification tasks, we
benchmark the performance of six classical machine learning (ML) and four deep
learning (DL) classifiers. On the other hand, for regression tasks, we
evaluated three ML and four DL-based regressors. The overall experiment
consisted of two text-entry (free and fixed) and four device (Desktop, Tablet,
Phone, and Combined) configurations. The best arrangements achieved accuracies
of 96.15%, 93.02%, and 87.80% for typing style, gender, and major/minor,
respectively, and mean absolute errors of 1.77 years and 2.65 inches for age
and height, respectively. The results are promising considering the variety of
application scenarios that we have listed in this work.Comment: The first two authors contributed equally. The code is available upon
request. Please contact the last autho
User Authentication and Supervision in Networked Systems
This thesis considers the problem of user authentication and supervision in networked
systems. The issue of user authentication is one of on-going concern in modem IT systems
with the increased use of computer systems to store and provide access to sensitive
information resources. While the traditional username/password login combination can be
used to protect access to resources (when used appropriately), users often compromise the
security that these methods can provide. While alternative (and often more secure)
systems are available, these alternatives usually require expensive hardware to be
purchased and integrated into IT systems. Even if alternatives are available (and
financially viable), they frequently require users to authenticate in an intrusive manner (e.g.
forcing a user to use a biometric technique relying on fingerprint recognition). Assuming
an acceptable form of authentication is available, this still does not address the problem of
on-going confidence in the users’ identity - i.e. once the user has logged in at the
beginning of a session, there is usually no further confirmation of the users' identity until
they logout or lock the session in which they are operating. Hence there is a significant
requirement to not only improve login authentication but to also introduce the concept of
continuous user supervision.
Before attempting to implement a solution to the problems outlined above, a range of
currently available user authentication methods are identified and evaluated. This is
followed by a survey conducted to evaluate user attitudes and opinions relating to login
and continuous authentication. The results reinforce perceptions regarding the weaknesses
of the traditional username/password combination, and suggest that alternative techniques
can be acceptable. This provides justification for the work described in the latter part o f
the thesis.
A number of small-scale trials are conducted to investigate alternative authentication
techniques, using ImagePIN's and associative/cognitive questions. While these techniques
are of an intrusive nature, they offer potential improvements as either initial login
authentication methods or, as a challenge during a session to confirm the identity of the
logged-in user.
A potential solution to the problem of continuous user authentication is presented through
the design and implementation o f a system to monitor user activity throughout a logged-in
session. The effectiveness of this system is evaluated through a series of trials
investigating the use of keystroke analysis using digraph, trigraph and keyword-based
metrics (with the latter two methods representing novel approaches to the analysis of
keystroke data). The initial trials demonstrate the viability of these techniques, whereas
later trials are used to demonstrate the potential for a composite approach. The final trial
described in this thesis was conducted over a three-month period with 35 trial participants
and resulted in over five million samples. Due to the scope, duration, and the volume of
data collected, this trial provides a significant contribution to the domain, with the use of a
composite analysis method representing entirely new work. The results of these trials
show that the technique of keystroke analysis is one that can be effective for the majority
of users. Finally, a prototype composite authentication and response system is presented,
which demonstrates how transparent, non-intrusive, continuous user authentication can be
achieved
Data security in European healthcare information systems
This thesis considers the current requirements for data security in European healthcare systems and
establishments. Information technology is being increasingly used in all areas of healthcare
operation, from administration to direct care delivery, with a resulting dependence upon it by
healthcare staff. Systems routinely store and communicate a wide variety of potentially sensitive
data, much of which may also be critical to patient safety. There is consequently a significant
requirement for protection in many cases.
The thesis presents an assessment of healthcare security requirements at the European level, with a
critical examination of how the issue has been addressed to date in operational systems. It is
recognised that many systems were originally implemented without security needs being properly
addressed, with a consequence that protection is often weak and inconsistent between establishments.
The overall aim of the research has been to determine appropriate means by which security may be
added or enhanced in these cases.
The realisation of this objective has included the development of a common baseline standard for
security in healthcare systems and environments. The underlying guidelines in this approach cover
all of the principal protection issues, from physical and environmental measures to logical system
access controls. Further to this, the work has encompassed the development of a new protection
methodology by which establishments may determine their additional security requirements (by
classifying aspects of their systems, environments and data). Both the guidelines and the
methodology represent work submitted to the Commission of European Communities SEISMED
(Secure Environment for Information Systems in MEDicine) project, with which the research
programme was closely linked.
The thesis also establishes that healthcare systems can present significant targets for both internal
and external abuse, highlighting a requirement for improved logical controls. However, it is also
shown that the issues of easy integration and convenience are of paramount importance if security is
to be accepted and viable in practice. Unfortunately, many traditional methods do not offer these
advantages, necessitating the need for a different approach.
To this end, the conceptual design for a new intrusion monitoring system was developed, combining
the key aspects of authentication and auditing into an advanced framework for real-time user
supervision. A principal feature of the approach is the use of behaviour profiles, against which user
activities may be continuously compared to determine potential system intrusions and anomalous
events.
The effectiveness of real-time monitoring was evaluated in an experimental study of keystroke
analysis -a behavioural biometric technique that allows an assessment of user identity from their
typing style. This technique was found to have significant potential for discriminating between
impostors and legitimate users and was subsequently incorporated into a fully functional security
system, which demonstrated further aspects of the conceptual design and showed how transparent
supervision could be realised in practice.
The thesis also examines how the intrusion monitoring concept may be integrated into a wider
security architecture, allowing more comprehensive protection within both the local healthcare
establishment and between remote domains.Commission of European Communities
SEISMED proje
Detecting Abnormal Behavior in Web Applications
The rapid advance of web technologies has made the Web an essential part of our daily lives. However, network attacks have exploited vulnerabilities of web applications, and caused substantial damages to Internet users. Detecting network attacks is the first and important step in network security. A major branch in this area is anomaly detection. This dissertation concentrates on detecting abnormal behaviors in web applications by employing the following methodology. For a web application, we conduct a set of measurements to reveal the existence of abnormal behaviors in it. We observe the differences between normal and abnormal behaviors. By applying a variety of methods in information extraction, such as heuristics algorithms, machine learning, and information theory, we extract features useful for building a classification system to detect abnormal behaviors.;In particular, we have studied four detection problems in web security. The first is detecting unauthorized hotlinking behavior that plagues hosting servers on the Internet. We analyze a group of common hotlinking attacks and web resources targeted by them. Then we present an anti-hotlinking framework for protecting materials on hosting servers. The second problem is detecting aggressive behavior of automation on Twitter. Our work determines whether a Twitter user is human, bot or cyborg based on the degree of automation. We observe the differences among the three categories in terms of tweeting behavior, tweet content, and account properties. We propose a classification system that uses the combination of features extracted from an unknown user to determine the likelihood of being a human, bot or cyborg. Furthermore, we shift the detection perspective from automation to spam, and introduce the third problem, namely detecting social spam campaigns on Twitter. Evolved from individual spammers, spam campaigns manipulate and coordinate multiple accounts to spread spam on Twitter, and display some collective characteristics. We design an automatic classification system based on machine learning, and apply multiple features to classifying spam campaigns. Complementary to conventional spam detection methods, our work brings efficiency and robustness. Finally, we extend our detection research into the blogosphere to capture blog bots. In this problem, detecting the human presence is an effective defense against the automatic posting ability of blog bots. We introduce behavioral biometrics, mainly mouse and keyboard dynamics, to distinguish between human and bot. By passively monitoring user browsing activities, this detection method does not require any direct user participation, and improves the user experience
CLASSIFYING AND RESPONDING TO NETWORK INTRUSIONS
Intrusion detection systems (IDS) have been widely adopted within the IT community, as
passive monitoring tools that report security related problems to system administrators.
However, the increasing number and evolving complexity of attacks, along with the
growth and complexity of networking infrastructures, has led to overwhelming numbers of
IDS alerts, which allow significantly smaller timeframe for a human to respond. The need
for automated response is therefore very much evident. However, the adoption of such
approaches has been constrained by practical limitations and administrators' consequent
mistrust of systems' abilities to issue appropriate responses.
The thesis presents a thorough analysis of the problem of intrusions, and identifies false
alarms as the main obstacle to the adoption of automated response. A critical examination
of existing automated response systems is provided, along with a discussion of why a new
solution is needed. The thesis determines that, while the detection capabilities remain
imperfect, the problem of false alarms cannot be eliminated. Automated response
technology must take this into account, and instead focus upon avoiding the disruption of
legitimate users and services in such scenarios. The overall aim of the research has
therefore been to enhance the automated response process, by considering the context of an
attack, and investigate and evaluate a means of making intelligent response decisions.
The realisation of this objective has included the formulation of a response-oriented
taxonomy of intrusions, which is used as a basis to systematically study intrusions and
understand the threats detected by an IDS. From this foundation, a novel Flexible
Automated and Intelligent Responder (FAIR) architecture has been designed, as the basis
from which flexible and escalating levels of response are offered, according to the context
of an attack. The thesis describes the design and operation of the architecture, focusing
upon the contextual factors influencing the response process, and the way they are
measured and assessed to formulate response decisions. The architecture is underpinned by
the use of response policies which provide a means to reflect the changing needs and
characteristics of organisations.
The main concepts of the new architecture were validated via a proof-of-concept prototype
system. A series of test scenarios were used to demonstrate how the context of an attack
can influence the response decisions, and how the response policies can be customised and
used to enable intelligent decisions. This helped to prove that the concept of flexible
automated response is indeed viable, and that the research has provided a suitable
contribution to knowledge in this important domain
Features extraction scheme for behavioral biometric authentication in touchscreen mobile devices
Common authentication mechanisms in mobile devices such as passwords and Personal Identification Number have failed to keep up with the rapid pace of challenges associated with the use of ubiquitous devices over the Internet, since they can easily be lost or stolen. Thus, it is important to develop authentication mechanisms that can be adapted to such an environment. Biometric-based person recognition is a good alternative to overcome the difficulties of password and token approaches, since biometrics cannot be easily stolen or forgotten. An important characteristic of biometric authentication is that there is an explicit connection with the user's identity, since biometrics rely entirely on behavioral and physiological characteristics of human being. There are a variety of biometric authentication options that have emerged so far, all of which can be used on a mobile phone. These options include but are not limited to, face recognition via camera, fingerprint, voice recognition, keystroke and gesture recognition via touch screen. Touch gesture behavioural biometrics are commonly used as an alternative solution to existing traditional biometric mechanism. However, current touch gesture authentication schemes are fraught with authentication accuracy problems. In fact, the extracted features used in some researches on touch gesture schemes are limited to speed, time, position, finger size and finger pressure. However, extracting a few touch features from individual touches is not enough to accurately distinguish various users. In this research, behavioural features are extracted from recorded touch screen data and a discriminative classifier is trained on these extracted features for authentication. While the user performs the gesture, the touch screen sensor is leveraged on and twelve of the user‘s finger touch features are extracted. Eighty four different users participated in this research work, each user drew six gesture with a total of 504 instances. The extracted touch gesture features are normalised by scaling the values so that they fall within a small specified range. Thereafter, five different Feature Selection Algorithm were used to choose the most significant features subset. Six different machine learning classifiers were used to classify each instance in the data set into one of the predefined set of classes. Results from experiments conducted in the proposed touch gesture behavioral biometrics scheme achieved an average False Reject Rate (FRR) of 7.84%, average False Accept Rate (FAR) of 1%, average Equal Error Rate (EER) of 4.02% and authentication accuracy of 91.67%,. The comparative results showed that the proposed scheme outperforms other existing touch gesture authentication schemes in terms of FAR, EER and authentication accuracy by 1.67%, 6.74% and 4.65% respectively. The results of this research affirm that user authentication through gestures is promising, highly viable and can be used for mobile devices
Alzheimer's early detection in post-acute COVID-19 syndrome: a systematic review and expert consensus on preclinical assessments.
The risk of developing Alzheimer's disease (AD) in older adults increasingly is being discussed in the literature on Post-Acute COVID-19 Syndrome (PACS). Remote digital Assessments for Preclinical AD (RAPAs) are becoming more important in screening for early AD, and should always be available for PACS patients, especially for patients at risk of AD. This systematic review examines the potential for using RAPA to identify impairments in PACS patients, scrutinizes the supporting evidence, and describes the recommendations of experts regarding their use.
We conducted a thorough search using the PubMed and Embase databases. Systematic reviews (with or without meta-analysis), narrative reviews, and observational studies that assessed patients with PACS on specific RAPAs were included. The RAPAs that were identified looked for impairments in olfactory, eye-tracking, graphical, speech and language, central auditory, or spatial navigation abilities. The recommendations' final grades were determined by evaluating the strength of the evidence and by having a consensus discussion about the results of the Delphi rounds among an international Delphi consensus panel called IMPACT, sponsored by the French National Research Agency. The consensus panel included 11 international experts from France, Switzerland, and Canada.
Based on the available evidence, olfaction is the most long-lasting impairment found in PACS patients. However, while olfaction is the most prevalent impairment, expert consensus statements recommend that AD olfactory screening should not be used on patients with a history of PACS at this point in time. Experts recommend that olfactory screenings can only be recommended once those under study have reported full recovery. This is particularly important for the deployment of the olfactory identification subdimension. The expert assessment that more long-term studies are needed after a period of full recovery, suggests that this consensus statement requires an update in a few years.
Based on available evidence, olfaction could be long-lasting in PACS patients. However, according to expert consensus statements, AD olfactory screening is not recommended for patients with a history of PACS until complete recovery has been confirmed in the literature, particularly for the identification sub-dimension. This consensus statement may require an update in a few years
- …