A Behavior Profiling Model for User Authentication in IoT Networks based on App Usage Patterns

Access to Internet of Things (IoT) devices is, in most cases, achieved remotely through end-user devices such as smartphones. However, these devices are susceptible to theft or loss, and their use by unauthorized users could lead to unauthorized access to IoT networks, consequently allowing access to user information. Due to the inherent weaknesses in many authentication approaches, such as knowledge-based authentication, as well as the complications involved in employing them for continuous and implicit authentication, focus has turned to a consideration of behavioral-based authentication. As most access to IoT devices is achieved through end-user devices, a variety of information can be extracted and utilized for continuous authentication without requiring further user intervention. As an example, the ability to continuously retrieve application usage profiles and sensor data on such devices strengthens the argument for employing behavioral-based mechanisms for continuous user authentication. Behavioral techniques that are user-friendly and non-intrusive can be utilized in the background to continuously and transparently verify users. This paper discusses behavioral-based authentication mechanisms with regard to security and usability. It then presents an authentication model that verifies users with an average F-measure of 96.5%. Overall, the preliminary results are promising and show the effectiveness and usability of the proposed model.

[1]  José Salvador Sánchez,et al.  On the effectiveness of preprocessing methods when dealing with different levels of class imbalance , 2012, Knowl. Based Syst..

[2]  Eyal de Lara,et al.  Ensemble: cooperative proximity-based authentication , 2010, MobiSys '10.

[3]  Maria Papadaki,et al.  Active authentication for mobile devices utilising behaviour profiling , 2014, International Journal of Information Security.

[4]  Naoto Yokoya,et al.  Random Forest Ensembles and Extended Multiextinction Profiles for Hyperspectral Image Classification , 2018, IEEE Transactions on Geoscience and Remote Sensing.

[5]  Giancarlo Fortino,et al.  Empowering smart cities through interoperable Sensor Network Enablers , 2014, 2014 IEEE International Conference on Systems, Man, and Cybernetics (SMC).

[6]  Andrew K. C. Wong,et al.  Classification of Imbalanced Data: a Review , 2009, Int. J. Pattern Recognit. Artif. Intell..

[7]  Ashish Jain,et al.  A new mobile biometric based upon usage context , 2013, 2013 IEEE International Conference on Technologies for Homeland Security (HST).

[8]  Maria Papadaki,et al.  Evaluation of anomaly-based IDS for mobile devices using machine learning classifiers , 2012, Secur. Commun. Networks.

[9]  Nathan Clarke,et al.  Behaviour profiling for transparent authentication for mobile devices , 2011, ECIW 2011 2011.

[10]  Blase Ur,et al.  The Current State of Access Control for Smart Devices in Homes , 2013 .

[11]  J. Popp,et al.  Sample size planning for classification models. , 2012, Analytica chimica acta.

[12]  Angelos Stavrou,et al.  Continuous Authentication on Mobile Devices Using Power Consumption, Touch Gestures and Physical Movement of Users , 2015, RAID.

[13]  Yanjun Qi Random Forest for Bioinformatics , 2012 .

[14]  Markus Jakobsson,et al.  Implicit Authentication through Learning User Behavior , 2010, ISC.

[15]  Francisco Herrera,et al.  Empowering one-vs-one decomposition with ensemble learning for multi-class imbalanced data , 2016, Knowl. Based Syst..

[16]  Sattar Hashemi,et al.  To Combat Multi-Class Imbalanced Problems by Means of Over-Sampling Techniques , 2016, IEEE Transactions on Knowledge and Data Engineering.

[17]  Michel Barbeau,et al.  Anomaly-based intrusion detection using mobility profiles of public transportation users , 2005, WiMob'2005), IEEE International Conference on Wireless And Mobile Computing, Networking And Communications, 2005..

[18]  Norwati Mustapha,et al.  Single classifier, OvO, OvA and RCC multiclass classification method in handheld based smartphone gait identification , 2017 .

[19]  Francisco Herrera,et al.  Analysis of preprocessing vs. cost-sensitive learning for imbalanced classification. Open problems on intrinsic data characteristics , 2012, Expert Syst. Appl..

[20]  Francisco Herrera,et al.  An overview of ensemble methods for binary classifiers in multi-class problems: Experimental study on one-vs-one and one-vs-all schemes , 2011, Pattern Recognit..

[21]  Qusay H. Mahmoud,et al.  A context-aware authentication framework for smart homes , 2017, 2017 IEEE 30th Canadian Conference on Electrical and Computer Engineering (CCECE).

[22]  Geir M. Køien,et al.  Cyber Security and the Internet of Things: Vulnerabilities, Threats, Intruders and Attacks , 2015, J. Cyber Secur. Mobil..

[23]  Qusay H. Mahmoud,et al.  A context-aware authentication service for smart homes , 2017, 2017 14th IEEE Annual Consumer Communications & Networking Conference (CCNC).