Continuous Biometric Authentication: Can It Be More Practical?

Continuous biometric authentication schemes (CBAS) are built around the biometrics supplied by user behavioural characteristics and continuously check the identity of the user throughout the session. The current literature for CBAS primarily focuses on the accuracy of the system in order to reduce false alarms. However, these attempts do not consider various issues that might affect practicality in real world applications and continuous authentication scenarios. One of the main issues is that the presented CBAS are based on several samples of training data either of both intruder and valid users or only the valid users’ profile. This means that historical profiles for either the legitimate users or possible attackers should be available or collected before prediction time. However, in some cases it is impractical to gain the biometric data of the user in advance (before detection time). Another issue is the variability of the behaviour of the user between the registered profile obtained during enrollment, and the profile from the testing phase. The aim of this paper is to identify the limitations in current CBAS in order to make them more practical for real world applications. Also, the paper discusses a new application for CBAS not requiring any training data either from intruders or from valid users.

[1]  Roland H. C. Yap,et al.  An Usability Study of Continuous Biometrics Authentication , 2009, ICB.

[2]  Stefania Marrara,et al.  Impostor Users Discovery Using a Multimodal Biometric Continuous Authentication Fuzzy System , 2008, KES.

[3]  John McHugh,et al.  Intrusion and intrusion detection , 2001, International Journal of Information Security.

[4]  Martial Hebert,et al.  Event Detection in Crowded Videos , 2007, 2007 IEEE 11th International Conference on Computer Vision.

[5]  Fredrik Gustafsson,et al.  Adaptive filtering and change detection , 2000 .

[6]  Kathryn Hempstalk,et al.  Continuous Typist Verification using Machine Learning , 2009 .

[7]  Takehisa Yairi,et al.  An approach to spacecraft anomaly detection problem using kernel feature space , 2005, KDD '05.

[8]  Michèle Basseville,et al.  Detection of abrupt changes: theory and application , 1993 .

[9]  Liang Wang,et al.  Behavioral Biometrics For Human Identification: Intelligent Applications , 2009 .

[10]  Roy A. Maxion,et al.  Comparing anomaly-detection algorithms for keystroke dynamics , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[11]  V. Govindaraju,et al.  Taxonomy of Behavioural Biometrics , 2010 .

[12]  F. Gustafsson The marginalized likelihood ratio test for detecting abrupt changes , 1996, IEEE Trans. Autom. Control..

[13]  Masashi Sugiyama,et al.  Change-Point Detection in Time-Series Data by Direct Density-Ratio Estimation , 2009, SDM.

[14]  Claudia Picardi,et al.  Keystroke analysis of free text , 2005, TSEC.

[15]  L. O'Gorman,et al.  Comparing passwords, tokens, and biometrics for user authentication , 2003, Proceedings of the IEEE.

[16]  Gadi Pinkas,et al.  Unsupervised Profiling for Identifying Superimposed Fraud , 1999, PKDD.

[17]  Issa Traoré,et al.  Detecting Computer Intrusions Using Behavioral Biometrics , 2005, PST.

[18]  George M. Mohay,et al.  A Novel Sliding Window Based Change Detection Algorithm for Asymmetric Traffic , 2008, 2008 IFIP International Conference on Network and Parallel Computing.

[19]  Martin P. Loeb,et al.  CSI/FBI Computer Crime and Security Survey , 2004 .

[20]  Jie Liu,et al.  A Framework of Combining Intrusion Detection and Continuous Authentication in Mobile Ad Hoc Networks , 2008, 2008 IEEE International Conference on Communications.

[21]  Carla E. Brodley,et al.  User re-authentication via mouse movements , 2004, VizSEC/DMSEC '04.

[22]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.