Behaviour Profiling on Mobile Devices

Over the last decade, the mobile device has become a ubiquitous tool within everyday life. Unfortunately, whilst the popularity of mobile devices has increased, a corresponding increase can also be identified in the threats being targeted towards these devices. Security countermeasures such as AV and firewalls are being deployed, however, the increasing sophistication of the attacks requires additional measures to be taken. This paper proposes a novel behaviour-based profiling technique that is able to build upon the weaknesses of current systems by developing a comprehensive multilevel approach to profiling. In support of this model, a series of experiments have been designed to look at profiling calling, device usage and Bluetooth network scanning. Using neural networks, experimental results for the aforementioned activities’ are able to achieve an EER (Equal Error Rate) of: 13.5%, 35.1% and 35.7%.

[1]  Stefan Axelsson,et al.  Intrusion Detection Systems: A Survey and Taxonomy , 2002 .

[2]  Grant A. Jacoby,et al.  Gibraltar: A Mobile Host-Based Intrusion Protection System , 2006, Security and Management.

[3]  Yingzi Eliza Du Review of iris recognition: cameras, systems, and their applications , 2006 .

[4]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[5]  Xuelong Li,et al.  Human Gait Recognition With Matrix Representation , 2006, IEEE Transactions on Circuits and Systems for Video Technology.

[6]  Sharath Pankanti,et al.  Biometric Recognition: Security and Privacy Concerns , 2003, IEEE Secur. Priv..

[7]  Zhi-chun Mu,et al.  Ear Recognition based on 2D Images , 2007, 2007 First IEEE International Conference on Biometrics: Theory, Applications, and Systems.

[8]  Steven Furnell,et al.  Beyond the PIN: Enhancing user authentication for mobile devices , 2008 .

[9]  Pankaj Rohatgi,et al.  Partitioning attacks: or how to rapidly clone some GSM cards , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[10]  Mohammad Zulkernine,et al.  Towards an intrusion detection system for pervasive computing environments , 2005, International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II.

[11]  D. Lazer,et al.  Inferring Social Network Structure using Mobile Phone Data , 2006 .

[12]  Peter Reichl,et al.  How to increase security in mobile networks by anomaly detection , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[13]  Azzedine Boukerche,et al.  Behavior-Based Intrusion Detection in Mobile Phone Systems , 2002, J. Parallel Distributed Comput..

[14]  James J. Little,et al.  Biometric Gait Recognition , 2003, Advanced Studies in Biometrics.

[15]  Arun Ross,et al.  An introduction to biometric recognition , 2004, IEEE Transactions on Circuits and Systems for Video Technology.

[16]  Michel Barbeau,et al.  Anomaly-based intrusion detection using mobility profiles of public transportation users , 2005, WiMob'2005), IEEE International Conference on Wireless And Mobile Computing, Networking And Communications, 2005..

[17]  Tieniu Tan,et al.  Ordinal palmprint represention for personal identification [represention read representation] , 2005, 2005 IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR'05).

[18]  Joos Vandewalle,et al.  Detection of Mobile Phone Fraud Using Supervised Neural Networks: A First Prototype , 1997, ICANN.

[19]  Jiwen Lu,et al.  Gait recognition for human identification based on ICA and fuzzy SVM through multiple views fusion , 2007, Pattern Recognit. Lett..

[20]  G.A. Jacoby,et al.  Battery-based intrusion detection a first line of defense , 2004, Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004..

[21]  Hannes Tschofenig,et al.  Protecting mobile devices from TCP flooding attacks , 2006, MobiArch '06.

[22]  David Lazer,et al.  Inferring friendship network structure by using mobile phone data , 2009, Proceedings of the National Academy of Sciences.

[23]  Alex Park,et al.  The MIT Mobile Device Speaker Verification Corpus: Data Collection and Preliminary Experiments , 2006, 2006 IEEE Odyssey - The Speaker and Language Recognition Workshop.

[24]  Steven Furnell,et al.  Authentication of users on mobile telephones - A survey of attitudes and practices , 2005, Comput. Secur..

[25]  Stephen Perelson An Investigation Into Access Control For Mobile Devices , 2004, ISSA.

[26]  A.C.M. Fong,et al.  Palmprint Alignment for Consumer Applications , 2008, 2008 Digest of Technical Papers - International Conference on Consumer Electronics.

[27]  Markus Miettinen,et al.  Host-Based Intrusion Detection for Advanced Mobile Devices , 2006, 20th International Conference on Advanced Information Networking and Applications - Volume 1 (AINA'06).

[28]  Victor C. M. Leung,et al.  Enhancing security using mobility-based anomaly detection in cellular mobile networks , 2004, IEEE Transactions on Vehicular Technology.

[29]  Christine L. MacKenzie,et al.  Computer user verification using login string keystroke dynamics , 1998, IEEE Trans. Syst. Man Cybern. Part A.

[30]  Bo Sun,et al.  Towards adaptive anomaly detection in cellular mobile networks , 2006, CCNC 2006. 2006 3rd IEEE Consumer Communications and Networking Conference, 2006..

[31]  Nathan Clarke,et al.  Deployment of Keystroke Analysis on a Smartphone , 2008 .

[32]  Anil K. Jain,et al.  Statistical Pattern Recognition: A Review , 2000, IEEE Trans. Pattern Anal. Mach. Intell..

[33]  Lucas M. Venter,et al.  A comparison of Intrusion Detection systems , 2001, Comput. Secur..

[34]  Dennis Fowler,et al.  Net News , 1999, The Lancet.

[35]  Refik Molva,et al.  IDAMN: An Intrusion Detection Architecture for Mobile Networks , 1997, IEEE J. Sel. Areas Commun..

[36]  Nathan L. Clarke,et al.  The application of signature recognition to transparent handwriting verification for mobile devices , 2007, Inf. Manag. Comput. Secur..

[37]  David H. Wolpert,et al.  No free lunch theorems for optimization , 1997, IEEE Trans. Evol. Comput..

[38]  Alessandro Neri,et al.  User authentication using keystroke dynamics for cellular phones , 2009 .

[39]  Wilhelm Burger,et al.  Ear biometrics in computer vision , 2000, Proceedings 15th International Conference on Pattern Recognition. ICPR-2000.

[40]  Stanislav Kurkovsky,et al.  Digital natives and mobile phones: A survey of practices and attitudes about privacy and security , 2010, 2010 IEEE International Symposium on Technology and Society.

[41]  John Daugman,et al.  High Confidence Visual Recognition of Persons by a Test of Statistical Independence , 1993, IEEE Trans. Pattern Anal. Mach. Intell..

[42]  Steven Furnell,et al.  Advanced user authentication for mobile devices , 2007, Comput. Secur..

[43]  King-Sun Fu,et al.  Feature Selection in Pattern Recognition , 1970, IEEE Trans. Syst. Sci. Cybern..

[44]  Michael S. Hsiao,et al.  Denial-of-service attacks on battery-powered mobile computers , 2004, Second IEEE Annual Conference on Pervasive Computing and Communications, 2004. Proceedings of the.

[45]  Steven Furnell,et al.  Authenticating mobile phone users using keystroke analysis , 2006, International Journal of Information Security.

[46]  Christoph Busch,et al.  Unobtrusive User-Authentication on Mobile Phones Using Biometric Gait Recognition , 2010, 2010 Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[47]  J. Sola,et al.  Importance of input data normalization for the application of neural networks to complex industrial problems , 1997 .

[48]  R. Engelbrecht,et al.  DIGEST of TECHNICAL PAPERS , 1959 .

[49]  Joos Vandewalle,et al.  Detection and management of fraud in UMTS networks , 1999, KDD 1999.