Using Computer Behavior Profiles to Differentiate between Users in a Digital Investigation

Most digital crimes involve finding evidence on the computer and then linking it to a suspect using login information, such as a username and a password. However, login information is often shared or compromised. In such a situation, there needs to be a way to identify the user without relying exclusively on login credentials. This paper introduces the concept that users may show behavioral traits which might provide more information about the user on the computer. This hypothesis was tested by conducting an experiment in which subjects were required to perform common tasks on a computer, over multiple sessions. The choices they made to complete each task was recorded. These were converted to a \u27behavior profile,\u27 corresponding to each login session. Cluster Analysis of all the profiles assigned identifiers to each profile such that 98% of profiles were attributed correctly. Also, similarity scores were generated for each session-pair to test whether the similarity analysis attributed profiles to the same user or to two different users. Using similarity scores, the user sessions were correctly attributed 93.2% of the time. Sessions were incorrectly attributed to the same user 3.1% of the time and incorrectly attributed to different users 3.7% of the time. At a confidence level of 95%, the average correct attributions for the population was calculated to be between 92.98% and 93.42%. This shows that users show uniqueness and consistency in the choices they make as they complete everyday tasks on a system, and this can be useful to differentiate between them. Keywords: computer behavior users, interaction, investigation, forensics, graphical inter-face, windows, digital Keywords: computer behavior users, interaction, investigation, forensics, graphical inter- face, windows, digita

Computer Based Behavioral Biometric Authentication via Multi-Modal Fusion

Biometric computer authentication has an advantage over password and access card authentication in that it is based on something you are, which is not easily copied or stolen. One way of performing biometric computer authentication is to use behavioral tendencies associated with how a user interacts with the computer. However, behavioral biometric authentication accuracy rates are much larger then more traditional authentication methods. This thesis presents a behavioral biometric system that fuses user data from keyboard, mouse, and Graphical User Interface (GUI) interactions. Combining the modalities results in a more accurate authentication decision based on a broader view of the user\u27s computer activity while requiring less user interaction to train the system than previous work. Testing over 30 users, shows that fusion techniques significantly improve behavioral biometric authentication accuracy over single modalities on their own. Two fusion techniques are presented, feature fusion and decision level fusion. Using an ensemble based classification method the decision level fusion technique improves the FAR by 0.86% and FRR by 2.98% over the best individual modality