Toward user patterns for online security: Observation time and online user identification

Research in biometrics suggests that the time period a specific trait is monitored over (i.e. observing speech or handwriting ''long enough'') is useful for identification. Focusing on this aspect, this paper presents a data mining analysis of the effect of observation time period on user identification based on online user behavior. We show that online identification accuracies improve with pooling user data over sessions and present results that quantify the number of sessions needed to identify users at desired accuracy thresholds. We discuss potential applications of this for verification of online user identity, particularly as part of multi-factor authentication methods.

[1]  Jr. J.P. Campbell,et al.  Speaker recognition: a tutorial , 1997, Proc. IEEE.

[2]  P. Pirolli Information Foraging Theory: Adaptive Interaction with Information , 2007 .

[3]  B. Natarajan Machine Learning: A Theoretical Approach , 1992 .

[4]  Albert-László Barabási,et al.  Understanding individual human mobility patterns , 2008, Nature.

[5]  A. G. Goldstein,et al.  Relevance of Voice Identification Research to Criteria for Evaluating Reliability of an Identification , 1989 .

[6]  Tejaswini Herath,et al.  Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness , 2009, Decis. Support Syst..

[7]  Cedric Nishan Canagarajah,et al.  Perceptually optimised sign language video coding , 2003, 10th IEEE International Conference on Electronics, Circuits and Systems, 2003. ICECS 2003. Proceedings of the 2003.

[8]  Huseyin Cavusoglu,et al.  The Value of Intrusion Detection Systems in Information Technology Security Architecture , 2005, Inf. Syst. Res..

[9]  B. Miller,et al.  Vital signs of identity [biometrics] , 1994, IEEE Spectrum.

[10]  Peter W. McOwan,et al.  Java-Based Internet Biometric Authentication System , 2003, IEEE Trans. Pattern Anal. Mach. Intell..

[11]  A. Yarmey,et al.  Voice identification of an abductor , 1992 .

[12]  Detmar W. Straub,et al.  Effective IS Security: An Empirical Study , 1990, Inf. Syst. Res..

[13]  Corinna Cortes,et al.  Signature-Based Methods for Data Streams , 2001, Data Mining and Knowledge Discovery.

[14]  Philip S. Yu,et al.  Fast Algorithms for Online Generation of Profile Association Rules , 2002, IEEE Trans. Knowl. Data Eng..

[15]  Jaideep Srivastava,et al.  Web usage mining: discovery and applications of usage patterns from Web data , 2000, SKDD.

[16]  Fabian Monrose,et al.  Authentication via keystroke dynamics , 1997, CCS '97.

[17]  Andrew B. Whinston,et al.  An economic mechanism for better Internet security , 2008, Decis. Support Syst..

[18]  Rong Zheng,et al.  From fingerprint to writeprint , 2006, Commun. ACM.

[19]  Andreas Stolcke,et al.  Modeling duration patterns for speaker recognition , 2003, INTERSPEECH.

[20]  H. Raghav Rao,et al.  A trust-based consumer decision-making model in electronic commerce: The role of trust, perceived risk, and their antecedents , 2008, Decis. Support Syst..

[21]  Shlomo Argamon,et al.  Author Identification on the Large Scale , 2005 .

[22]  David H. Wolpert,et al.  No free lunch theorems for optimization , 1997, IEEE Trans. Evol. Comput..

[23]  A. D. Yarmey Voice Identification Over the Telephone1 , 1991 .

[24]  Marta C. González,et al.  Understanding individual human mobility patterns , 2008, Nature.

[25]  Earwitnesses: effects of speech duration, retention interval and acoustic environment , 2004 .

[26]  Tom E. Bishop,et al.  Blind Image Restoration Using a Block-Stationary Signal Model , 2006, 2006 IEEE International Conference on Acoustics Speech and Signal Processing Proceedings.

[27]  Jackie Rees Ulmer,et al.  Matching information security vulnerabilities to organizational security profiles: a genetic algorithm approach , 2006, Decis. Support Syst..

[28]  Balaji Padmanabhan,et al.  GHIC: a hierarchical pattern-based clustering algorithm for grouping Web transactions , 2005, IEEE Transactions on Knowledge and Data Engineering.

[29]  Jude W. Shavlik,et al.  Learning users' interests by unobtrusively observing their normal behavior , 2000, IUI '00.

[30]  Hendrik Blockeel,et al.  Web mining research: a survey , 2000, SKDD.

[31]  Gediminas Adomavicius,et al.  Using Data Mining Methods to Build Customer Profiles , 2001, Computer.

[32]  Vassilis Anastassopoulos,et al.  Methods for writer identification , 1996, Proceedings of Third International Conference on Electronics, Circuits, and Systems.

[33]  Gordon E. Legge,et al.  Learning unfamiliar voices , 1984 .

[34]  Tao Luo,et al.  Discovery and Evaluation of Aggregate Usage Profiles for Web Personalization , 2004, Data Mining and Knowledge Discovery.

[35]  Teddy Ko,et al.  Monitoring and reporting of fingerprint image quality and match accuracy for a large user application , 2004, 33rd Applied Imagery Pattern Recognition Workshop (AIPR'04).

[36]  Hüseyin Abut,et al.  Biometric identification using driving behavioral signals , 2004, 2004 IEEE International Conference on Multimedia and Expo (ICME) (IEEE Cat. No.04TH8763).

[37]  Heikki Ailisto,et al.  Identifying users of portable devices from gait pattern with accelerometers , 2005, Proceedings. (ICASSP '05). IEEE International Conference on Acoustics, Speech, and Signal Processing, 2005..

[38]  David H. Wolpert,et al.  The Lack of A Priori Distinctions Between Learning Algorithms , 1996, Neural Computation.

[39]  Ian H. Witten,et al.  Data mining: practical machine learning tools and techniques, 3rd Edition , 1999 .