Оценивание информативности признаков в наборах данных для проведения продлённой аутентификации

Continuous verification eliminates the flaws of existing static authentication, e.g. identifiers can be lost or forgotten, and the user logs in the system only once, which may be dangerous not only for areas requiring a high level of security but also for a regular office. Checking the user dynamically during the whole session of work can improve the security of the system, since while working with the system, the user may be exposed to an attacker (to be assaulted for example) or intentionally transfer rights to him. In this case, the machine will not be operated by the user who performed the initial login. Classifying users continuously will limit access to sensitive data that can be obtained by an attacker. During the study, the methods and datasets used for continuous verification were checked, then some datasets were chosen, which were used in further research: smartphone and smart watch movement data (WISDM) and mouse activity (Chao Shen’s, DFL, Balabit). In order to improve the performance of models in the classification task it is necessary to perform a preliminary selection of features, to evaluate their informativeness. Reducing the number of features makes it possible to reduce the requirements for devices that will be used for their processing, and to increase the volume of enumeration of classifier parameter values at the same time, thereby potentially increasing the proportion of correct answers during classification due to a more complete enumeration of value parameters. For the informativeness evaluation, the Shannon method was used, as well as the algorithms built into programs for data analysis and machine learning (WEKA: Machine Learning Software and RapidMiner). In the course of the study, the informativeness of each feature in the selected datasets was evaluated, and then users were classified with RapidMiner. The used in classifying features selection was decreased gradually with a 20% step. As a result, a table was formed with recommended sets of features for each dataset, as well as dependency graphs of the accuracy and operating time of various models.Продлённая аутентификация позволяет избавиться от недостатков, присущих статической аутентификации, например, идентификаторы могут быть потеряны или забыты, пользователь совершает только первоначальный вход в систему, что может быть опасно не только для областей, требующих обеспечения высокого уровня безопасности, но и для обычного офиса. Динамическая проверка пользователя во время всего сеанса работы может повысить безопасность системы, поскольку во время работы пользователь может подвергнуться воздействию со стороны злоумышленника (например, быть атакованным) или намеренно передать ему права. В таком случае оперировать машиной будет не пользователь, который выполнил первоначальный вход. Классификация пользователей во время работы системы позволит ограничить доступ к важным данным, которые могут быть получены злоумышленником. Во время исследования были изучены методы и наборы данных, использующихся для продлённой аутентификации. Затем был сделан выбор наборов данных, которые использовались в дальнейшем исследовании: данные о движении смартфона и смарт-часов (WISDM) и динамике активности мыши (Chao Shen’s, DFL, Balabit). Помочь улучшить результаты работы моделей при классификации может предварительный отбор признаков, например, через оценивание их информативности. Уменьшение размерности признаков позволяет снизить требования к устройствам, которые будут использоваться при их обработке, повысить объём перебора значений параметров классификаторов при одинаковых временных затратах, тем самым потенциально повысить долю правильных ответов при классификации за счёт более полного перебора параметров значений. Для оценивания информативности использовались метод Шеннона, а также алгоритмы, встроенные в программы для анализа данных и машинного обучения (WEKA: Machine Learning Software и RapidMiner). В ходе исследования были выполнены расчёты информативности каждого признака в выбранных для исследования наборах данных, затем с помощью RapidMiner были проведены эксперименты по классификации пользователей с последовательным уменьшением количества используемых при классификации признаков с шагом в 20%. В результате была сформирована таблица с рекомендуемыми наборами признаков для каждого набора данных, а также построены графики зависимостей точности и времени работы различных моделей от количества используемых при классификации признаков

Exploring Natural Language Processing Methods for Interactive Behaviour Modelling

Analysing and modelling interactive behaviour is an important topic in human-computer interaction (HCI) and a key requirement for the development of intelligent interactive systems. Interactive behaviour has a sequential (actions happen one after another) and hierarchical (a sequence of actions forms an activity driven by interaction goals) structure, which may be similar to the structure of natural language. Designed based on such a structure, natural language processing (NLP) methods have achieved groundbreaking success in various downstream tasks. However, few works linked interactive behaviour with natural language. In this paper, we explore the similarity between interactive behaviour and natural language by applying an NLP method, byte pair encoding (BPE), to encode mouse and keyboard behaviour. We then analyse the vocabulary, i.e., the set of action sequences, learnt by BPE, as well as use the vocabulary to encode the input behaviour for interactive task recognition. An existing dataset collected in constrained lab settings and our novel out-of-the-lab dataset were used for evaluation. Results show that this natural language-inspired approach not only learns action sequences that reflect specific interaction goals, but also achieves higher F1 scores on task recognition than other methods. Our work reveals the similarity between interactive behaviour and natural language, and presents the potential of applying the new pack of methods that leverage insights from NLP to model interactive behaviour in HCI

USER AUTHENTICATION ACROSS DEVICES, MODALITIES AND REPRESENTATION: BEHAVIORAL BIOMETRIC METHODS

Biometrics eliminate the need for a person to remember and reproduce complex secretive information or carry additional hardware in order to authenticate oneself. Behavioral biometrics is a branch of biometrics that focuses on using a person’s behavior or way of doing a task as means of authentication. These tasks can be any common, day to day tasks like walking, sleeping, talking, typing and so on. As interactions with computers and other smart-devices like phones and tablets have become an essential part of modern life, a person’s style of interaction with them can be used as a powerful means of behavioral biometrics. In this dissertation, we present insights from the analysis of our proposed set of contextsensitive or word-specific keystroke features on desktop, tablet and phone. We show that the conventional features are not highly discriminatory on desktops and are only marginally better on hand-held devices for user identification. By using information of the context, our proposed word-specific features offer superior discrimination among users on all devices. Classifiers, built using our proposed features, perform user identification with high accuracies in range of 90% to 97%, average precision and recall values of 0.914 and 0.901 respectively. Analysis of the word-based impact factors reveal that four or five character words, words with about 50% vowels, and those that are ranked higher on the frequency lists might give better results for the extraction and use of the proposed features for user identification. We also examine a large umbrella of behavioral biometric data such as; keystroke latencies, gait and swipe data on desktop, phone and tablet for the assumption of an underlying normal distribution, which is common in many research works. Using suitable nonparametric normality tests (Lilliefors test and Shapiro-Wilk test) we show that a majority of the features from all activities and all devices, do not follow a normal distribution. In most cases less than 25% of the samples that were tested had p values \u3e 0.05. We discuss alternate solutions to address the non-normality in behavioral biometric data. Openly available datasets did not provide the wide range of modalities and activities required for our research. Therefore, we have collected and shared an open access, large benchmark dataset for behavioral biometrics on IEEEDataport. We describe the collection and analysis of our Syracuse University and Assured Information Security - Behavioral Biometrics Multi-device and multi -Activity data from Same users (SU-AIS BB-MAS) Dataset. Which is an open access dataset on IEEEdataport, with data from 117 subjects for typing (both fixed and free text), gait (walking, upstairs and downstairs) and touch on Desktop, Tablet and Phone. The dataset consists a total of about: 3.5 million keystroke events; 57.1 million data-points for accelerometer and gyroscope each; 1.7 million datapoints for swipes and is listed as one of the most popular datasets on the portal (through IEEE emails to all members on 05/13/2020 and 07/21/2020). We also show that keystroke dynamics (KD) on a desktop can be used to classify the type of activity, either benign or adversarial, that a text sample originates from. We show the inefficiencies of popular temporal features for this task. With our proposed set of 14 features we achieve high accuracies (93% to 97%) and low Type 1 and Type 2 errors (3% to 8%) in classifying text samples of different sizes. We also present exploratory research in (a) authenticating users through musical notes generated by mapping their keystroke latencies to music and (b) authenticating users through the relationship between their keystroke latencies on multiple devices

Mobile Device Background Sensors: Authentication vs Privacy

The increasing number of mobile devices in recent years has caused the collection of a large amount of personal information that needs to be protected. To this aim, behavioural biometrics has become very popular. But, what is the discriminative power of mobile behavioural biometrics in real scenarios? With the success of Deep Learning (DL), architectures based on Convolutional Neural Networks (CNNs) and Recurrent Neural Networks (RNNs), such as Long Short-Term Memory (LSTM), have shown improvements compared to traditional machine learning methods. However, these DL architectures still have limitations that need to be addressed. In response, new DL architectures like Transformers have emerged. The question is, can these new Transformers outperform previous biometric approaches? To answers to these questions, this thesis focuses on behavioural biometric authentication with data acquired from mobile background sensors (i.e., accelerometers and gyroscopes). In addition, to the best of our knowledge, this is the first thesis that explores and proposes novel behavioural biometric systems based on Transformers, achieving state-of-the-art results in gait, swipe, and keystroke biometrics. The adoption of biometrics requires a balance between security and privacy. Biometric modalities provide a unique and inherently personal approach for authentication. Nevertheless, biometrics also give rise to concerns regarding the invasion of personal privacy. According to the General Data Protection Regulation (GDPR) introduced by the European Union, personal data such as biometric data are sensitive and must be used and protected properly. This thesis analyses the impact of sensitive data in the performance of biometric systems and proposes a novel unsupervised privacy-preserving approach. The research conducted in this thesis makes significant contributions, including: i) a comprehensive review of the privacy vulnerabilities of mobile device sensors, covering metrics for quantifying privacy in relation to sensitive data, along with protection methods for safeguarding sensitive information; ii) an analysis of authentication systems for behavioural biometrics on mobile devices (i.e., gait, swipe, and keystroke), being the first thesis that explores the potential of Transformers for behavioural biometrics, introducing novel architectures that outperform the state of the art; and iii) a novel privacy-preserving approach for mobile biometric gait verification using unsupervised learning techniques, ensuring the protection of sensitive data during the verification process