A novel approach to design of user re-authentication systems

In the internet age, security is a major concern as identity thefts often cause detrimental effects. Masquerading is an important factor for identity theft and current authentication systems using traditional methods woefully lack mechanisms to detect and prevent it. This paper presents an application independent, continual, non-intrusive, fast and easily deployable user re-authentication system based on behavioral biometrics. These behavioral attributes are extracted from the keyboard and mouse operations of the user. They are used to identify and non-intrusively authenticate the user periodically. To extract suitable user attributes, we propose a novel heuristic that uses the percentage of mouse-to-keyboard interaction ratio and interaction quotient (IQ). In the re-authentication process, every time, the current behavior of the user is compared with the stored “expected” behavior. All deviations are noted and after a certain deviation threshold is reached, the system logs the user out of the current session. The underlying heuristic prevents imposters from misusing the system. Experimental results show that the proposed heuristic can greatly improve the accuracy of application-based and application independent systems to 96.4% and 82.2% respectively.

[1]  Jude Shavlik,et al.  Evaluating Software Sensors for Actively Profiling Windows 2000 Computer Users , 2001 .

[2]  Pranav Shah,et al.  Mouse Movements Biometric Identification: A Feasibility Study , 2007 .

[3]  Jeremy Goecks,et al.  Automatically Labeling Web Pages Based on Normal User Actions , 1999 .

[4]  Bassam Hussien,et al.  An application of fuzzy algorithms in a computer access security system , 1989, Pattern Recognit. Lett..

[5]  Shivani Hashia AUTHENTICATION BY MOUSE MOVEMENTS , 2004 .

[6]  Boleslaw K. Szymanski,et al.  Intrusion detection: a bioinformatics approach , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[7]  D.A. Schulz,et al.  Mouse Curve Biometrics , 2006, 2006 Biometrics Symposium: Special Session on Research at the Biometric Consortium Conference.

[8]  Hamid Jahankhani,et al.  A Survey of User Authentication Based on Mouse Dynamics , 2008 .

[9]  Mohammad S. Obaidat,et al.  Performance of the perceptron algorithm for the classification of computer users , 1992, SAC '92.

[10]  Fabian Monrose,et al.  Authentication via keystroke dynamics , 1997, CCS '97.

[11]  Ahmed Awad E. Ahmed,et al.  A New Biometric Technology Based on Mouse Dynamics , 2007, IEEE Transactions on Dependable and Secure Computing.

[12]  John J. Leggett,et al.  Verifying Identity via Keystroke Characteristics , 1988, Int. J. Man Mach. Stud..

[13]  Marcus Brown,et al.  User Identification via Keystroke Characteristics of Typed Names using Neural Networks , 1993, Int. J. Man Mach. Stud..

[14]  Ana L. N. Fred,et al.  An Identity Authentication System Based On Human Computer Interaction Behaviour , 2003, PRIS.

[15]  Carla E. Brodley,et al.  Temporal sequence learning and data reduction for anomaly detection , 1998, CCS '98.

[16]  Norman Shapiro,et al.  Authentication by Keystroke Timing: Some Preliminary Results , 1980 .

[17]  B. V. K. Vijaya Kumar,et al.  Correlation Pattern Recognition , 2002 .

[18]  TERRAN LANE,et al.  Temporal sequence learning and data reduction for anomaly detection , 1999, TSEC.

[19]  Carla E. Brodley,et al.  User re-authentication via mouse movements , 2004, VizSEC/DMSEC '04.

[20]  Gopal K. Gupta,et al.  Identity authentication based on keystroke latencies , 1990, Commun. ACM.

[21]  David Umphress,et al.  Verification of user identity via keyboard characteristics , 1988 .

[22]  David Umphress,et al.  Identity Verification Through Keyboard Characteristics , 1985, Int. J. Man Mach. Stud..

[23]  Carl G. Looney,et al.  Pattern recognition using neural networks: theory and algorithms for engineers and scientists , 1997 .

[24]  Sun-Yuan Kung,et al.  Biometric Authentication: A Machine Learning Approach , 2004 .

[25]  Mohammad S. Obaidat,et al.  A Simulation Evaluation Study of Neural Network Techniques to Computer User Identification , 1997, Inf. Sci..