BehaveSense: Continuous authentication for security-sensitive mobile apps using behavioral biometrics

Abstract With the emergence of smartphones as an essential part of our daily lives, continuous authentication becomes an urgent need which could efficiently protect user security and privacy. However, only a small percentage of apps contain sensitive data. To save energy and protect user security, we propose BehaveSense, an accurate and efficient continuous authentication method for security-sensitive mobile apps using touch-based behavioral biometrics. By exploring four different types of touch operations, we train the owner model using One-Class SVM (OCSVM) and isolation forest (iForest), and calculate the accuracy of each type with the model. Afterwards, we calculate the confidence level of each type using the Bayesian theorem. Finally, we obtain the accuracy of a touch operation sequence with an improved expectedprob algorithm. To validate the effectiveness of the proposed method, we conduct a series of experiments. We collect the WeChat app data of 45 volunteers during two weeks. Experimental results show that our method can recognize user identity efficiently. Specifically, our method achieves average accuracy of approaching 95.85% for touch operation sequence, when considering 9 touch operations. Our method is very promising to authenticate user.

[1]  Li Lu,et al.  Safeguard: User Reauthentication on Smartphones via Behavioral Biometrics , 2015, IEEE Transactions on Computational Social Systems.

[2]  Daniel Tihelka,et al.  Examining the ability of one-class classifier to ensure the spectral smoothness of concatenated units , 2016, 2016 IEEE 13th International Conference on Signal Processing (ICSP).

[3]  Michael R. Lyu,et al.  Towards Continuous and Passive Authentication via Touch Biometrics: An Experimental Study on Smartphones , 2014, SOUPS.

[4]  Kao-Shing Hwang,et al.  An adaptive decision-making method with fuzzy Bayesian reinforcement learning for robot soccer , 2018, Inf. Sci..

[5]  Leandros A. Maglaras,et al.  Combining ensemble methods and social network metrics for improving accuracy of OCSVM on intrusion detection in SCADA systems , 2015, J. Inf. Secur. Appl..

[6]  Xiaohong Guan,et al.  Performance Analysis of Touch-Interaction Behavior for Active Smartphone Authentication , 2016, IEEE Transactions on Information Forensics and Security.

[7]  Deyu Qi,et al.  Adaptive Linkage: an Interface Level Adaptable Component Development Technique , 2007, 2007 IEEE International Conference on Control and Automation.

[8]  Jun Yang,et al.  SenGuard: Passive user identification on smartphones using multiple sensors , 2011, 2011 IEEE 7th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[9]  Anirban Mahanti,et al.  Gesture-based Continuous Authentication for Wearable Devices: the Google Glass Case , 2014, ArXiv.

[10]  Sameer Singh,et al.  Novelty detection: a review - part 1: statistical approaches , 2003, Signal Process..

[11]  Dawn Xiaodong Song,et al.  Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication , 2012, IEEE Transactions on Information Forensics and Security.

[12]  Zhi-Hua Zhou,et al.  Isolation Forest , 2008, 2008 Eighth IEEE International Conference on Data Mining.

[13]  Beng Chin Ooi,et al.  CDAS: A Crowdsourcing Data Analytics System , 2012, Proc. VLDB Endow..

[14]  Shridatt Sugrim,et al.  User-generated free-form gestures for authentication: security and memorability , 2014, MobiSys.

[15]  Kao-Shing Hwang,et al.  An Adaptive Strategy Selection Method With Reinforcement Learning for Robotic Soccer Games , 2018, IEEE Access.

[16]  Sven G. Kratz,et al.  AirAuth: evaluating in-air hand gestures for authentication , 2014, MobileHCI '14.

[17]  Vincent Sritapan,et al.  At Your Fingertips: Considering Finger Distinctness in Continuous Touch-Based Authentication for Mobile Devices , 2016, 2016 IEEE Security and Privacy Workshops (SPW).

[18]  Alex X. Liu,et al.  Secure unlocking of mobile touch screen devices by simple gestures: you can see it but you can not do it , 2013, MobiCom.

[19]  Marc Langheinrich,et al.  Back-of-device authentication on smartphones , 2013, CHI.

[20]  Xiang-Yang Li,et al.  Continuous user identification via touch and movement behavioral biometrics , 2014, 2014 IEEE 33rd International Performance Computing and Communications Conference (IPCCC).

[21]  Zhu Wang,et al.  Wi-Fi CSI-Based Behavior Recognition: From Signals and Actions to Activities , 2017, IEEE Communications Magazine.