research-article

Is it really you?: user identification via adaptive behavior fingerprinting

Authors:

Ilona Murynets,

Roger Piqueras Jover,

Yevgeniy VahlisAuthors Info & Claims

CODASPY '14: Proceedings of the 4th ACM conference on Data and application security and privacy

Pages 333 - 344

https://doi.org/10.1145/2557547.2557554

Published: 03 March 2014 Publication History

Abstract

The increased popularity of mobile devices widens opportunities for a user either to lose the device or to have the device stolen and compromised. At the same time, user interaction with a mobile device generates a unique set of features such as dialed numbers, timestamps of communication activities, contacted base stations, etc. This work proposes several methods to identify the user based on her communications history. Specifically, the proposed methods detect an abnormality based on the behavior fingerprint generated by a set of features from the network for each user session. We present an implementation of such methods that use features from real SMS, and voice call records from a major tier 1 cellular operator. This can potentially trigger a rapid reaction upon an unauthorized user gaining control of a lost or stolen terminal, preventing data compromise and device misuse. The proposed solution can also detect background malicious traffic originated by, for example, a malicious application running on the mobile device. Our experiments with annonymized data from 10,000 users, representing over 14 million SMS and voice call detail records, show that the proposed methods are scalable and can continuously identify millions of mobile users while preserving data privacy, and achieving low false positives and high misuse detection rates with low storage and computation overhead.

References

[1]

GGTracker Android Trojan. http://goo.gl/apq7eV.

[2]

Security Alert - SpamSoldier. The Lookout Blog, December 2012. http://goo.gl/7lkRM.

[3]

The most common passwords used online in the last year revealed (and 'password' STILL tops the list). Daily Mail, October 2012. http://goo.gl/tN9Yhr.

[4]

McAfee Threats Report: Second Quarter 2013. McAfee Labs, 2013. http://goo.gl/qJPh3e.

[5]

C. Arthur. More than 50 android apps found infected with rootkit malware, March 2011. http://www.guardian.co.uk/technology/blog/2011/mar/02/android-market-apps-malware.

[6]

M. Bellare and P. Rogaway. Random oracles are practical: a paradigm for designing efficient protocols. In Proceedings of the 1st ACM conference on Computer and communications security, CCS '93, pages 62--73, New York, NY, USA, 1993. ACM.

Digital Library

[7]

B. H. Bloom. Space/time trade-offs in hash coding with allowable errors. Commun. ACM, 13:422--426, July 1970.

Digital Library

[8]

B. Chen. Cellphone Thefts Grow, but the Industry Looks the Other Way. New York Times, May 2013. http://goo.gl/DWZwmV.

[9]

R. Chow, M. Jakobsson, R. Masuoka, J. Molina, Y. Niu, E. Shi, and Z. Song. Authentication in the clouds: A framework and its application to mobile users. 2010.

[10]

D. Dagon, T. Martin, and T. Starner. Mobile phones as computing devices: the viruses are coming! IEEE Pervasive Computing, 3(4):11--15, Oct 2004.

Digital Library

[11]

C. De Canniere and C. Rechberger. Finding sha-1 characteristics: General results and applications. Advances in Cryptology - ASIACRYPT 2006, pages 1--20, 2006.

Digital Library

[12]

J. Dean and S. Ghemawat. Mapreduce: simplified data processing on large clusters. In Proceedings of the 6th conference on Symposium on Operarting Systems Design & Implementation - Volume 6, pages 10--10, Berkeley, CA, USA, 2004. USENIX Association.

Digital Library

[13]

H. Falaki, R. Mahajan, S. Kandula, D. Lymberopoulos, R. Govindan, and D. Estrin. Diversity in smartphone usage. In Proceedings of the 8th international conference on Mobile systems, applications, and services, pages 179--194. ACM, 2010.

Digital Library

[14]

L. Fan, P. Cao, J. Almeida, and A. Z. Broder. Summary cache: a scalable wide-area web cache sharing protocol. IEEE/ACM Trans. Netw., 8:281--293, June 2000.

Digital Library

[15]

FortiBlog. Android droiddream uses two vulnerabilities, March 2011. http://blog.fortinet.com/android-droiddream-uses-two-vulnerabilities/.

[16]

S. Furnell, N. Clarke, and S. Karatzouni. Beyond the pin: Enhancing user authentication for mobile devices. Computer Fraud & Security, 2008(8):12--17, 2008.

[17]

C. Guo, H. Wang, and W. Zhu. Smart-phone attacks and defenses. In HotNets III, 2004.

[18]

J. A. Halderman, B. Waters, and E. W. Felten. A convenient method for securely managing passwords. In Proceedings of the 14th international conference on World Wide Web, WWW '05, pages 471--479, New York, NY, USA, 2005. ACM.

Digital Library

[19]

R. Joyce and G. Gupta. Identity authentication based on keystroke latencies. Communications of the ACM, 33(2):168--176, 1990.

Digital Library

[20]

J. Kwapisz, G. Weiss, and S. Moore. Cell phone-based biometric identification. In Biometrics: Theory Applications and Systems (BTAS), 2010 Fourth IEEE International Conference on, pages 1--7. IEEE, 2010.

[21]

J. H. v. Lint. Introduction to Coding Theory. Springer-Verlag New York, Inc., Secaucus, NJ, USA, 1982.

Digital Library

[22]

M. Mitzenmacher. Compressed bloom filters. In Proceedings of the twentieth annual ACM symposium on Principles of distributed computing, PODC '01, pages 144--150, New York, NY, USA, 2001. ACM.

Digital Library

[23]

M. Nisenson, I. Yariv, R. El-Yaniv, and R. Meir. Towards behaviometric security systems: Learning to identify a typist. Knowledge Discovery in Databases: PKDD 2003, pages 363--374, 2003.

[24]

P. Pachal. Google removes 21 malware apps from android market, March 2011. http://www.pcmag.com/article2/0,2817,2381252,00.asp.

[25]

S. Pankanti, R. Bolle, and A. Jain. Biometrics:the future of identification. Computer, 33(2):46--49, feb 2000.

Digital Library

[26]

E. Shi, Y. Niu, M. Jakobsson, and R. Chow. Implicit authentication through learning user behavior. 2010.

[27]

R. Siciliano. Recycled, Lost, Stolen Phones, Equal Identity Theft. FinExtra, February 2009. http://goo.gl/OVgidl.

[28]

R. Snelick, U. Uludag, A. Mink, M. Indovina, and A. Jain. Large-scale evaluation of multimodal biometric authentication using state-of-the-art systems. Pattern Analysis and Machine Intelligence, IEEE Transactions on, 27(3):450--455, march 2005.

Digital Library

[29]

Z. Xu, K. Bai, and S. Zhu. Taplogger: Inferring user inputs on smartphone touchscreens using on-board motion sensors. 2012.

[30]

J. Yan, A. Blackwell, R. Anderson, and A. Grant. Password memorability and security: empirical results. Security Privacy, IEEE, 2(5):25--31, sept.-oct. 2004.

Digital Library

Cited By

Muhammad MDaniel Ani UAbdullahi ARadanliev P(2021)Device-Type Profiling for Network Access Control Systems using Clustering-Based Multivariate Gaussian Outlier ScoreProceedings of the 5th International Conference on Future Networks and Distributed Systems10.1145/3508072.3508113(270-279)Online publication date: 15-Dec-2021
https://dl.acm.org/doi/10.1145/3508072.3508113
Giura PJim TJanowicz KKuhn WCena FHaller AVamvoudakis K(2018)SapphireProceedings of the 8th International Conference on the Internet of Things10.1145/3277593.3277611(1-8)Online publication date: 15-Oct-2018
https://dl.acm.org/doi/10.1145/3277593.3277611
Rauen ZAnjomshoa FKantarci BAjib WCoutinho RLi F(2018)Gesture and Sociability-based Continuous Authentication on Smart Mobile DevicesProceedings of the 16th ACM International Symposium on Mobility Management and Wireless Access10.1145/3265863.3265873(51-58)Online publication date: 25-Oct-2018
https://dl.acm.org/doi/10.1145/3265863.3265873
Show More Cited By

Index Terms

Is it really you?: user identification via adaptive behavior fingerprinting
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Mobile and ubiquitous malware
MoMM '09: Proceedings of the 7th International Conference on Advances in Mobile Computing and Multimedia

Mobile malware is an increasing threat to the world of handheld devices, which can prove to be costlier than PC viruses in the future. The current method used to combat mobile malware is virus signature matching which is based on the slow process of ...
Secure mobile device structure for trust IoT

In the IoT environment, all devices are connected to each other, and mobile device is considered as key device. But hacking into mobile devices is increasing rapidly with the increase in mobile device users. As the market share of Android OS increases, ...
Awareness, Knowledge, and Ability of Mobile Security Among Young Mobile Phone Users

The research literature on awareness, knowledge, and ability of mobile security of young mobile phone users was reviewed in this article. The existing literature suggests that young mobile phone users are usually not aware of potential mobile security ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CODASPY '14: Proceedings of the 4th ACM conference on Data and application security and privacy

March 2014

368 pages

ISBN:9781450322782

DOI:10.1145/2557547

General Chairs:
Elisa Bertino
Purdue University, USA
,
Ravi Sandhu
University of Texas at San Antonio, USA
,
Program Chair:
Jaehong Park
University of Texas at San Antonio, USA

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 March 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CODASPY'14

Sponsor:

SIGSAC

CODASPY'14: Fourth ACM Conference on Data and Application Security and Privacy

March 3 - 5, 2014

Texas, San Antonio, USA

Acceptance Rates

CODASPY '14 Paper Acceptance Rate 19 of 119 submissions, 16%;

Overall Acceptance Rate 149 of 789 submissions, 19%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
364
Total Downloads

Downloads (Last 12 months)12
Downloads (Last 6 weeks)0

Reflects downloads up to 07 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Muhammad MDaniel Ani UAbdullahi ARadanliev P(2021)Device-Type Profiling for Network Access Control Systems using Clustering-Based Multivariate Gaussian Outlier ScoreProceedings of the 5th International Conference on Future Networks and Distributed Systems10.1145/3508072.3508113(270-279)Online publication date: 15-Dec-2021
https://dl.acm.org/doi/10.1145/3508072.3508113
Giura PJim TJanowicz KKuhn WCena FHaller AVamvoudakis K(2018)SapphireProceedings of the 8th International Conference on the Internet of Things10.1145/3277593.3277611(1-8)Online publication date: 15-Oct-2018
https://dl.acm.org/doi/10.1145/3277593.3277611
Rauen ZAnjomshoa FKantarci BAjib WCoutinho RLi F(2018)Gesture and Sociability-based Continuous Authentication on Smart Mobile DevicesProceedings of the 16th ACM International Symposium on Mobility Management and Wireless Access10.1145/3265863.3265873(51-58)Online publication date: 25-Oct-2018
https://dl.acm.org/doi/10.1145/3265863.3265873
Petrov DZnati T(2018)Context-Aware Deep Learning-Driven Framework for Mitigation of Security Risks in BYOD-Enabled Environments2018 IEEE 4th International Conference on Collaboration and Internet Computing (CIC)10.1109/CIC.2018.00032(166-175)Online publication date: Oct-2018
https://doi.org/10.1109/CIC.2018.00032
Tang S(2017)Robust advertisement allocationProceedings of the 26th International Joint Conference on Artificial Intelligence10.5555/3171837.3171904(4419-4425)Online publication date: 19-Aug-2017
https://dl.acm.org/doi/10.5555/3171837.3171904
Lorenzi DUzun EVaidya JSural SAtluri V(2017)Towards designing robust CAPTCHAsJournal of Computer Security10.3233/JCS-1794726:6(731-760)Online publication date: 13-Dec-2017
https://doi.org/10.3233/JCS-17947
Peng GZhou GNguyen DQi XYang QWang S(2017)Continuous Authentication With Touch Behavioral Biometrics and Voice on Wearable GlassesIEEE Transactions on Human-Machine Systems10.1109/THMS.2016.262356247:3(404-416)Online publication date: Jun-2017
https://doi.org/10.1109/THMS.2016.2623562
Jover RMurynets IBickford J(2015)Detecting Malicious Activity on Smartphones Using Sensor MeasurementsNetwork and System Security10.1007/978-3-319-25645-0_36(475-487)Online publication date: 6-Nov-2015
https://doi.org/10.1007/978-3-319-25645-0_36

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten