User profiling via application usage pattern on digital devices for digital forensics

Abstract In digital forensics, user profiling aims to predict characteristics of the user from digital evidence extracted from digital devices (e.g. smartphone, laptop, tablet). Previous researches showed promising results, but there are limitations to apply practical investigations. The researches so far have focused only on specific applications, devices, or operating systems by analyzing the order of execution or volatile data such as network traffic and online content. This paper introduces a user profiling method, named Entity Profiling with Binary Predicates (EPBP) model, which analyzes non-volatile data remained on digital devices. The proposed model defines that a user has two properties: tendency and impact, which indicate patterns of application usage. Based on the attributes, the EPBP model generates users’ profiles and performs similarity analysis to differentiate between the users. We also present methods for clustering and anomaly detection through real case studies.

[1]  Chad M. Steel,et al.  Idiographic Digital Profiling: Behavioral Analysis Based On Digital Forensics , 2014 .

[2]  M. Omair Shafiq,et al.  Learning Mobile Application Usage - A Deep Learning Approach , 2019, 2019 18th IEEE International Conference On Machine Learning And Applications (ICMLA).

[3]  Huansheng Ning,et al.  Mining user interest based on personality-aware hybrid filtering in social networks , 2020, Knowl. Based Syst..

[4]  Antonio Colella,et al.  Digital Profiling: A Computer Forensics Approach , 2011, ARES.

[5]  Frederick R. Forst,et al.  On robust estimation of the location parameter , 1980 .

[6]  Sarah K. Howard,et al.  Usage profiling from mobile applications: A case study of online activity for Australian primary schools , 2020, Knowl. Based Syst..

[7]  Stefano Zanero,et al.  Seeing the invisible: forensic uses of anomaly detection and machine learning , 2008, OPSR.

[8]  Sangjin Lee,et al.  A study of user relationships in smartphone forensics , 2016, Multimedia Tools and Applications.

[9]  Michel van de Velden,et al.  Online profiling and clustering of Facebook users , 2015, Decis. Support Syst..

[10]  Yogesh Khatri,et al.  Forensic implications of System Resource Usage Monitor (SRUM) data in Windows 8 , 2015, Digit. Investig..

[11]  Daniela Godoy,et al.  Mining interests for user profiling in electronic conversations , 2013, Expert Syst. Appl..

[12]  Heejune Ahn,et al.  A Systemic Smartphone Usage Pattern Analysis: Focusing on Smartphone Addiction Issue , 2014, MUE 2014.

[13]  Arun Warikoo,et al.  Proposed Methodology for Cyber Criminal Profiling , 2014, Inf. Secur. J. A Glob. Perspect..

[14]  Virginia N. L. Franqueira,et al.  Forensic investigation of cyberstalking cases using Behavioural Evidence Analysis , 2016, Digit. Investig..

[15]  Jian Li,et al.  ForenVisor: A Tool for Acquiring and Preserving Reliable Data in Cloud Live Forensics , 2017, IEEE Transactions on Cloud Computing.

[16]  Liyana Shuib,et al.  A Survey of User Profiling: State-of-the-Art, Challenges, and Solutions , 2019, IEEE Access.

[17]  Sungzoon Cho,et al.  Smartphone user segmentation based on app usage sequence with neural networks , 2017, Telematics Informatics.

[18]  Alessio Merlo,et al.  Behavioral-Anomaly Detection in Forensics Analysis , 2019, IEEE Security & Privacy.

[19]  Yoshito Tobe,et al.  Smartphone Application Usage Prediction Using Cellular Network Traffic , 2018, 2018 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops).

[20]  Rama Chellappa,et al.  Continuous Authentication of Smartphones Based on Application Usage , 2018, IEEE Transactions on Biometrics, Behavior, and Identity Science.

[21]  Lu Liu,et al.  Event Detection and User Interest Discovering in Social Media Data Streams , 2017, IEEE Access.

[22]  Soumik Mondal,et al.  Person Identification by Keystroke Dynamics Using Pairwise User Coupling , 2017, IEEE Transactions on Information Forensics and Security.

[23]  Chad M. S. Steel Idiographic Digital Profiling: Behavioral Analysis Based on Digital Footprints , 2014, J. Digit. Forensics Secur. Law.

[24]  Delbert Dueck,et al.  Clustering by Passing Messages Between Data Points , 2007, Science.

[25]  Zhu Wang,et al.  Ten scientific problems in human behavior understanding , 2019, CCF Trans. Pervasive Comput. Interact..

[26]  Virginia N. L. Franqueira,et al.  Behavioural Evidence Analysis Applied to Digital Forensics: An Empirical Analysis of Child Pornography Cases Using P2P Networks , 2015, 2015 10th International Conference on Availability, Reliability and Security.

[27]  Gang Pan,et al.  User profiling from their use of smartphone applications: A survey , 2019, Pervasive Mob. Comput..

[28]  Heloise Pieterse,et al.  Smartphone data evaluation model: Identifying authentic smartphone data , 2018, Digit. Investig..

[29]  Nickson M. Karie,et al.  Forensic Profiling of Cyber-Security Adversaries based on Incident Similarity Measures Interaction Index , 2018, 2018 International Conference on Intelligent and Innovative Computing Applications (ICONIC).

[30]  Yi-Wei Lin,et al.  Mining mobile application sequential patterns for usage prediction , 2014, 2014 IEEE International Conference on Granular Computing (GrC).

[31]  Upasna Singh,et al.  Program execution analysis in Windows: A study of data sources, their format and comparison of forensic capability , 2018, Comput. Secur..