A User Authentication Model for IoT Networks Based on App Traffic Patterns

While access to a variety of Internet of Things (IoT) networks can be achieved through end-user devices such as smartphones or tablets, these devices are susceptible to theft or loss, and their use by illicit users could lead to unauthorized access to IoT networks, thus allowing access to user information. Hence, an effective authentication mechanism that continuously authenticates users in the background is required in order to detect unauthorized access. As most access to IoT devices is achieved through end-user devices, a rich set of information can be extracted and used in the background to continuously authenticate users without requiring further user intervention. Several studies have examined mobile app usage in the broader population but failed to consider network traffic patterns during app access for user authentication. This paper presents a model to authenticate users based on the network traffic patterns of accessed apps, with an average F-measure of 95.5%. Overall, the preliminary results are promising and show the effectiveness and usability of the proposed model.

[1]  Dave Evans,et al.  How the Next Evolution of the Internet Is Changing Everything , 2011 .

[2]  Weiming Shen,et al.  Agent-Oriented Cooperative Smart Objects: From IoT System Design to Implementation , 2018, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[3]  M. Hemanth Kumar,et al.  Cyber security and the Internet of Things: Vulnerabilities, threats, intruders and attacks , 2019 .

[4]  Lei Yang,et al.  Accurate online power estimation and automatic battery behavior based power model generation for smartphones , 2010, 2010 IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS).

[5]  Gokhan Memik,et al.  Into the wild: Studying real user activity patterns to guide power optimizations for mobile architectures , 2009, 2009 42nd Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[6]  Eyal de Lara,et al.  Ensemble: cooperative proximity-based authentication , 2010, MobiSys '10.

[7]  Maria Papadaki,et al.  Active authentication for mobile devices utilising behaviour profiling , 2014, International Journal of Information Security.

[8]  Naoto Yokoya,et al.  Random Forest Ensembles and Extended Multiextinction Profiles for Hyperspectral Image Classification , 2018, IEEE Transactions on Geoscience and Remote Sensing.

[9]  Matej Mohar,et al.  Security in Internet of Things , 2017 .

[10]  Giancarlo Fortino,et al.  Empowering smart cities through interoperable Sensor Network Enablers , 2014, 2014 IEEE International Conference on Systems, Man, and Cybernetics (SMC).

[11]  Qusay H. Mahmoud,et al.  A context-aware authentication framework for smart homes , 2017, 2017 IEEE 30th Canadian Conference on Electrical and Computer Engineering (CCECE).

[12]  Yanjun Qi Random Forest for Bioinformatics , 2012 .

[13]  Andrew K. C. Wong,et al.  Classification of Imbalanced Data: a Review , 2009, Int. J. Pattern Recognit. Artif. Intell..

[14]  Ashish Jain,et al.  A new mobile biometric based upon usage context , 2013, 2013 IEEE International Conference on Technologies for Homeland Security (HST).

[15]  Markus Jakobsson,et al.  Implicit Authentication through Learning User Behavior , 2010, ISC.

[16]  José Salvador Sánchez,et al.  On the effectiveness of preprocessing methods when dealing with different levels of class imbalance , 2012, Knowl. Based Syst..

[17]  Francisco Herrera,et al.  Analysis of preprocessing vs. cost-sensitive learning for imbalanced classification. Open problems on intrinsic data characteristics , 2012, Expert Syst. Appl..

[18]  Sattar Hashemi,et al.  To Combat Multi-Class Imbalanced Problems by Means of Over-Sampling Techniques , 2016, IEEE Transactions on Knowledge and Data Engineering.

[19]  Michel Barbeau,et al.  Anomaly-based intrusion detection using mobility profiles of public transportation users , 2005, WiMob'2005), IEEE International Conference on Wireless And Mobile Computing, Networking And Communications, 2005..

[20]  Nathan Clarke,et al.  Behaviour profiling for transparent authentication for mobile devices , 2011, ECIW 2011 2011.

[21]  Maria Papadaki,et al.  Evaluation of anomaly-based IDS for mobile devices using machine learning classifiers , 2012, Secur. Commun. Networks.

[22]  Francisco Herrera,et al.  An overview of ensemble methods for binary classifiers in multi-class problems: Experimental study on one-vs-one and one-vs-all schemes , 2011, Pattern Recognit..

[23]  Qusay H. Mahmoud,et al.  Cyber physical systems security: Analysis, challenges and solutions , 2017, Comput. Secur..

[24]  Jeffrey M. Voas,et al.  Mobile Application and Device Power Usage Measurements , 2012, 2012 IEEE Sixth International Conference on Software Security and Reliability.

[25]  Blase Ur,et al.  The Current State of Access Control for Smart Devices in Homes , 2013 .

[26]  J. Popp,et al.  Sample size planning for classification models. , 2012, Analytica chimica acta.

[27]  Angelos Stavrou,et al.  Continuous Authentication on Mobile Devices Using Power Consumption, Touch Gestures and Physical Movement of Users , 2015, RAID.