Abstract
Behavioural profiling and biometry are an interesting concept connected with authentication that have appeared in scientific literature and business world. Those methods indisputably offer new possibilities such as constant authentication and multi-user classification, but their taxonomy and definitions are not as clarified as it is for traditional authentication factors. The approach presented provides in this work provides an example of behavioural authentication model tested on a large dataset, focusing on one aspect of user behaviour - mobility, which can be adjusted to include other aspects in user behavioural authentication model. Also possible applications and extensions to the model are proposed.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
This work focuses on implementing only the behavioural profiling methods based on mobility into a practical authentication framework.
- 2.
Meaning both the pattern and each activity can be analyzed in multiple dimensions considering eg. geography, time, sequence of actions or semantics of the content.
- 3.
Those two concepts will be used interchangeably in this work.
- 4.
This aspect importance is twofold, defining the stability of a given user and his behaviour and enabling the updating of a profile (its evolution) considering the fact that user behaviour tends to change in a long period.
- 5.
Inspired by security domain informed/uninformed attacker scenario [39].
- 6.
Meaning the classification of anomaly was performed based on three consecutive activities.
- 7.
As in iterative.
- 8.
An average of 4 activities a day for a user on the sample tested.
References
Mobile cellular subscriptions (per 100 people) (2014). http://data.worldbank.org/indicator/IT.CEL.SETS.P2?end=2014&start=2014&view=bar. Accessed 19 July 2016
Aledavood, T., López, E., Roberts, S.G., Reed-Tsochas, F., Moro, E., Dunbar, R.I., Saramäki, J.: Daily rhythms in mobile telephone communication. PLoS ONE 10(9), e0138098 (2015)
Fox, B., van den Dam, R., Shockley, R.: Analytics: Real-world use of big data in telecommunications. IBM Institute for Business Value (2013)
Hayashi, E., Riva, O., Strauss, K., Brush, A., Schechter, S.: Goldilocks and the two mobile devices: going beyond all-or-nothing access to a device’s applications. In: Proceedings of the Eighth Symposium on Usable Privacy and Security, p. 2. ACM (2012)
Beyond the password: The future of account security (2016). https://www.telesign.com/wp-content/uploads/2016/06/Telesign-Report-Beyond-the-Password-June-2016-1.pdf. Accessed 10 Sept 2016
Muslukhov, I., Boshmaf, Y., Kuo, C., Lester, J., Beznosov, K.: Know your enemy: the risk of unauthorized access in smartphones by insiders. In: Proceedings of the 15th International Conference on Human-Computer Interaction with Mobile Devices and Services, pp. 271–280. ACM (2013)
Renaud, K.: Evaluating authentication mechanisms. In: Security and Usability, pp. 103–128 (2005)
Fridman, L., Weber, S., Greenstadt, R., Kam, M.: Active authentication on mobile devices via stylometry, application usage, web browsing, and GPS location (2015)
Market research - biometric smartphone model list (2016). http://www.acuity-mi.com/BSP.php. Accessed 19 July 2016
Saevanee, H., Clarke, N.L., Furnell, S.M.: Multi-modal behavioural biometric authentication for mobile devices. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IAICT, vol. 376, pp. 465–474. Springer, Heidelberg (2012). doi:10.1007/978-3-642-30436-1_38
Alzubaidi, A., Kalita, J.: Authentication of smartphone users using behavioral biometrics. IEEE Commun. Surv. Tutor. 18(3), 1998–2026 (2016)
Crawford, H.A.: A framework for continuous, transparent authentication on mobile devices. Ph.D. thesis, University of Glasgow (2012)
Bo, C., Zhang, L., Li, X.Y., Huang, Q., Wang, Y.: Silentsense: silent user identification via touch and movement behavioral biometrics. In: Proceedings of the 19th Annual International Conference on Mobile Computing and Networking, pp. 187–190. ACM (2013)
Buthpitiya, S.: Modeling mobile user behavior for anomaly detection (2014)
Saevanee, H., Clarke, N., Furnell, S., Biscione, V.: Continuous user authentication using multi-modal biometrics. Comput. Secur. 53, 234–246 (2015)
Li, F., Clarke, N., Papadaki, M., Dowland, P.: Active authentication for mobile devices utilising behaviour profiling. Int. J. Inf. Secur. 13(3), 229–244 (2014)
Mazhelis, O., Puuronen, S.: A framework for behavior-based detection of user substitution in a mobile context. Comput. Secur. 26(2), 154–176 (2007)
Boukerche, A., Notare, M.S.M.A.: Behavior-based intrusion detection in mobile phone systems. J. Parallel Distrib. Comput. 62(9), 1476–1490 (2002)
Li, F., Clarke, N., Papadaki, M., Dowland, P.: Behaviour profiling for transparent authentication for mobile devices (2011)
Saramäki, J., Leicht, E.A., López, E., Roberts, S.G., Reed-Tsochas, F., Dunbar, R.I.: Persistence of social signatures in human communication. Proc. Nat. Acad. Sci. 111(3), 942–947 (2014)
Gosnell, D.K.: Social fingerprinting: identifying users of social networks by their data footprint (2014)
Saevanee, H., Clarke, N., Furnell, S., Biscione, V.: Text-based active authentication for mobile devices. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IAICT, vol. 428, pp. 99–112. Springer, Heidelberg (2014). doi:10.1007/978-3-642-55415-5_9
Brocardo, M.L., Traore, I., Woungang, I.: Toward a framework for continuous authentication using stylometry. In: 2014 IEEE 28th International Conference on Advanced Information Networking and Applications, pp. 106–115. IEEE (2014)
Karnan, M., Akila, M., Krishnaraj, N.: Biometric personal authentication using keystroke dynamics: a review. Appl. Soft Comput. 11(2), 1565–1573 (2011)
Gascon, H., Uellenbeck, S., Wolf, C., Rieck, K.: Continuous authentication on mobile devices by analysis of typing motion behavior. In: Sicherheit, pp. 1–12. Citeseer (2014)
Primo, A., Phoha, V.V., Kumar, R., Serwadda, A.: Context-aware active authentication using smartphone accelerometer measurements. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition Workshops, pp. 98–105 (2014)
Li, L., Zhao, X., Xue, G.: Unobservable re-authentication for smartphones. In: NDSS (2013)
Hilas, C.S., Sahalos, J.N.: User profiling for fraud detection in telecommunication networks. In: 5th International Conference on Technology and Automation, pp. 382–387 (2005)
Isaacman, S., Becker, R., Caceres, R., Kobourov, S., Martonosi, M., Rowland, J., Varshavsky, A.: Ranges of human mobility in Los Angeles and New York. In: 2011 IEEE International Conference on Pervasive Computing and Communications Workshops, PERCOM Workshops 2011, pp. 88–93 (2011)
Liu, F., Janssens, D., Cui, J., Wang, Y., Wets, G., Cools, M.: Building a validation measure for activity-based transportation models based on mobile phone data. Expert Syst. Appl. 41(14), 6174–6189 (2014)
Çolak, S., Alexander, L.P., Alvim, B.G., Mehndiratta, S.R., González, M.C.: Analyzing cell phone location data for urban travel: current methods, limitations, and opportunities. Transp. Res. Rec.: J. Transp. Res. Board 2526, 126–135 (2015)
Sun, B., Chen, Z., Wang, R., Yu, F., Leung, V.C.: Towards adaptive anomaly detection in cellular mobile networks. In: The IEEE Consumer Communications and Networking Conference, vol. 2, pp. 666–670 (2006)
Tandon, G., Chan, P.K.: Tracking user mobility to detect suspicious behavior. In: SDM, pp. 871–882. SIAM (2009)
Sun, B., Yu, F., Wu, K., Leung, V.: Mobility-based anomaly detection in cellular mobile networks. In: Proceedings of the 3rd ACM Workshop on Wireless Security, pp. 61–69. ACM (2004)
Yan, G., Eidenbenz, S., Sun, B.: Mobi-watchdog: you can steal, but you can’t run!. In: Proceedings of the Second ACM Conference on Wireless Network Security, pp. 139–150. ACM (2009)
Yazji, S., Scheuermann, P., Dick, R.P., Trajcevski, G., Jin, R.: Efficient location aware intrusion detection to protect mobile devices. Pers. Ubiquit. Comput. 18(1), 143–162 (2014)
Kałużny, P.: Evaluation of trajectory based mobility profile in user behavioral authentication based on telecom data. Master thesis, Poznań University of Economics and Business, Poznań (2017)
Jankowiak, P., Kałużny, P.: Human mobility profiling based on call detail records analysis. Bachelor thesis, Poznań University of Economics and Business, Poznań (2015)
Kayacik, H.G., Just, M., Baillie, L., Aspinall, D., Micallef, N.: Data driven authentication: on the effectiveness of user behaviour modelling with mobile device sensors. arXiv preprint: arXiv:1410.7743 (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Kałużny, P. (2017). Behavioural Profiling Authentication Based on Trajectory Based Anomaly Detection Model of User’s Mobility. In: Abramowicz, W. (eds) Business Information Systems Workshops. BIS 2017. Lecture Notes in Business Information Processing, vol 303. Springer, Cham. https://doi.org/10.1007/978-3-319-69023-0_21
Download citation
DOI: https://doi.org/10.1007/978-3-319-69023-0_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-69022-3
Online ISBN: 978-3-319-69023-0
eBook Packages: Business and ManagementBusiness and Management (R0)