ABSTRACT
We present an approach to user re-authentication based on the data collected from the computer's mouse device. Our underlying hypothesis is that one can successfully model user behavior on the basis of user-invoked mouse movements. Our implemented system raises an alarm when the current behavior of user X, deviates sufficiently from learned "normal" behavior of user X. We apply a supervised learning method to discriminate among k users. Our empirical results for eleven users show that we can differentiate these individuals based on their mouse movement behavior with a false positive rate of 0.43% and a false negative rate of 1.75%. Nevertheless, we point out that analyzing mouse movements alone is not sufficient for a stand-alone user re-authentication system.
- S. Axelsson. On a difficulty of intrusion detection. In Proceedings of the Recent Advances in Intrusion Detection Conference, 1999.]]Google Scholar
- K. Bennett and C. Campbell. Support vector machines: Hype or hallelujah? SIGKDD Explorations, 2:1--13, 2000.]] Google ScholarDigital Library
- U. B. Consortium. "Face recognition". www.vitro.bloomington.in.us: 8080/ BC, 2004.]]Google Scholar
- S. Coull, J. Branch, B. Szymanski, and E. Breimer. "Intrusion detection: A bioinformatics approach". In Proceedings of the Nineteenth Annual Computer Security Applications Conference, pages 24--34, Las Vegas, NE, 2003.]] Google ScholarDigital Library
- J. G. Daugman. "High confidence visual recognition of persons by a test of statistical independence". In Proceedings of the IEEE Transactions on Pattern Analysis and Machine Intelligence, volume 15, pages 1148--1161, November 1993.]] Google ScholarDigital Library
- D. E. Denning. "An intrusion-detection model". IEEE Transactions on Software Engineering, 13(2):222--232, 1987.]] Google ScholarDigital Library
- D. E. Denning and P. G. Neumann. "Requirements and model for IDES - A real-time intrusion detection system". Technical report, Computer Science Laboratory, SRI International, Menlo Park, CA, 1985.]]Google Scholar
- D. Endler. "Intrusion detection applying machine learning to Solaris audit data". In Proceedings of the Computer Security Applications Conference, pages 268--279, 1998.]] Google ScholarDigital Library
- H. H. Feng, O. M. Kolesnikov, P. Fogla, W. Lee, and W. Gong. "Anomaly detection using call stack information". In Proceedings of IEEE Symposium on Security and Privacy, pages 62--78, 2003.]] Google ScholarDigital Library
- S. Forrest, S. A. Hofmeyr, and A. Somayaji. "Computer immunology". Communications of the ACM, 40(10):88--96, 1997.]] Google ScholarDigital Library
- Y. Freund. Boosting a Weak Learning Algorithm by Majority. Information and Computation, 121(2):256--285, 1995.]] Google ScholarDigital Library
- T. Gear. "Voice recognition solutions". www.transcriptiongear.com, 2004.]]Google Scholar
- A. K. Ghosh, A. Schwartzbard, and M. Schatz. "Learning program behavior profiles for intrusion detection". In Proceedings of the First USENIX Workshop on Intrusion Detection and Network Monitoring, pages 51--62, April 1999.]] Google ScholarDigital Library
- J. Goecks and J. Shavlik. "Automatically labeling web pages based on normal user actions". In Procedings of the IJCAI Workshop on Machine Learning for Information Filtering, July 1999.]]Google Scholar
- S. A. Hofmeyr, S. Forrest, and A. Somayaji. "Intrusion detection using sequences of system calls". Journal of Computer Security, 6(3):151--180, 1998.]] Google ScholarCross Ref
- C. Hsu and C. Lin. "A comparison of methods for multi-class support vector machines". IEEE Transactions on Neural Networks, 13:415--425, 2002.]] Google ScholarDigital Library
- S. HTT. "Access control". www.htt.com, 2004.]]Google Scholar
- K. Ilgun, R. A. Kemmerer, and P. A. Porras. "State transition analysis: A rule-based intrusion detection approach". Software Engineering, 21(3):181--199, 1995.]] Google ScholarDigital Library
- C. Ko, G. Fink, and K. Levitt. "Automated detection of vulnerabilities in priviledged programs by execution monitoring". In Proceedings of the Tenth Annual Computer Security Applications Conference, pages 134--144, December 1994.]]Google ScholarCross Ref
- C. E. Landwehr. "Protecting unattended computers without software". In Proceedings of the 13th Annual Computer Security Applications Conference, pages 273--283, December 1997.]] Google ScholarDigital Library
- T. Lane and C. E. Brodley. "Temporal sequence learning and data reduction for anomaly detection". ACM Transactions on Information and System Security, 2(3):295--331, 1999.]] Google ScholarDigital Library
- W. Lee, S. J. Stolfo, and K. W. Mok. "A data mining framework for building intrusion detection models". In Proceedings of the IEEE Symposium on Security and Privacy, pages 120--132, 1999.]]Google Scholar
- Y. Li, N. Wu, S. Jajodia, and X. S. Wang. "Enhancing profiles for anomaly detection using time granularities". Journal of Computer Security, 10(2):137--157, 2002.]] Google ScholarDigital Library
- T. F. Lunt, A. Tamaru, F. Gilham, R. Jagannathan, P. G. Neumann, H. S. Javitz, A. Valdes, and T. D. Garvey. "A real-time intrusion detection expert system IDES - Final report". Technical Report SRI-CSL-92-05, SRI Computer Science Laboratory, SRI International, February 1992.]]Google Scholar
- C. Marceau. "Characterizing the behavior of a program using multiple-length N-grams". In Proceedings of the 2000 Workshop on New Security Paradigms, pages 101--110. ACM Press, 2000.]] Google ScholarDigital Library
- J. A. Marin, D. Ragsdale, and J. Surdu. "A hybrid approach to profile creation and intrusion detection". In Proceedings of DARPA Information Survivability Conference and Exposition, pages 12--14, June 2001.]]Google ScholarCross Ref
- C. Michael and A. Ghosh. "Using finite automata to mine execution data for intrusion detection: A preliminary report". Lecture Notes in Computer Science, 1907:66--80, 2000.]] Google ScholarDigital Library
- F. Monrose and A. Rubin. "Authentication via keystroke dynamics". In Proceedings of the Fourth ACM Conference on Computer and Communications Security, pages 48--56, April 1997.]] Google ScholarDigital Library
- J. R. Quinlan. C4.5: Programs for machine learning. Morgan Kaufmann, San Mateo, CA, 1993.]] Google ScholarDigital Library
- R. Quinlan. Data mining tools See5 and C5.0. www.rulequest.com/see5-info.html, 2003.]]Google Scholar
- M. Rajagopalan, S. Debray, M. Hiltunen, and R. Schlichting. "Profile-directed optimization of event-based programs". In Proceedings of the ACM SIGPLAN on Programming Language Design and Implementation, June 2002.]] Google ScholarDigital Library
- I. Recognition. "Hand geometry technology". www.recogsys.com, 2004.]]Google Scholar
- R. E. Schapire. A brief introduction to boosting. In IJCAI, pages 1401--1406, 1999.]] Google ScholarDigital Library
- M. Schonlau, W. DuMouchel, W. Ju, A. F. Karr, M. Theus, and Y. Vardi. "Computer intrusion: Detecting masquerades". 16(1):58-74. February 2001.]]Google Scholar
- I. Security. "Index security: Biometric fingerprint ID". www.index-security.com, 2004.]]Google Scholar
- K. Sequeira and M. Zaki. "ADMIT: Anomaly-based data mining for intrusions". In Proceedings of the Eighth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pages 386--395. ACM Press, 2002.]] Google ScholarDigital Library
- J. Shavlik, M. Shavlik, and M. Fahland. "Evaluating software sensors for actively profiling Windows 2000 users". In Proceedings of the Fourth International Symposium on Recent Advances in Intrusion Detection, October 2001.]]Google Scholar
- L. Thalheim, J. Krissler, and P. M. Ziegler. "Body check: Biometrics defeated". www.heise.de/ct/english/02/11/114/, June 2002.]]Google Scholar
- D. Wagner and D. Dean. "Intrusion detection via static analysis". In Proceedings of IEEE Symposium on Security and Privacy, pages 156--169, 2001.]] Google ScholarDigital Library
- D. Wagner and P. Soto. "Mimicry attacks on host based intrusion detection systems". In Proceedings Ninth ACM Conference on Computer and Communications Security, pages 255--264. ACM Press, 2002.]] Google ScholarDigital Library
- C. Warrender, S. Forrest, and B. A. Pearlmutter. "Detecting intrusions using system calls: Alternative data models". In Proceedings of the IEEE Symposium on Security and Privacy, pages 133--145, 1999.]]Google ScholarCross Ref
- A. Wespi, M. Dacier, and H. Debar. "Intrusion detection using variable-length audit trail patterns". In Proceedings of the 3rd International Workshop on the Recent Advances in Intrusion Detection, volume 1907, 2000.]] Google ScholarDigital Library
- R. Wright. "2003 CSI/FBI computer security survey". http://www.security.fsu.edu/docs/FBI2003.pdf, 2003.]]Google Scholar
- N. Ye. "A Markov chain model of temporal behavior for anomaly detection". In Proceedings of the 2000 IEEE Systems, Man, and Cybernetics Information Assurance and Security Workshop, 2000, pages 171--174, 2000.]]Google Scholar
Index Terms
- User re-authentication via mouse movements
Recommendations
An Efficient User Verification System Using Angle-Based Mouse Movement Biometrics
Biometric authentication verifies a user based on its inherent, unique characteristics—who you are. In addition to physiological biometrics, behavioral biometrics has proven very useful in authenticating a user. Mouse dynamics, with their unique ...
An efficient user verification system via mouse movements
CCS '11: Proceedings of the 18th ACM conference on Computer and communications securityBiometric authentication verifies a user based on its inherent, unique characteristics --- who you are. In addition to physiological biometrics, behavioral biometrics has proven very useful in authenticating a user. Mouse dynamics, with their unique ...
User re-authentication via mouse movements
CERIAS '04: Proceedings of the 5th Annual Information Security SymposiumWe present an approach to user re-authentication based on the data collected from the computer's mouse device. Our underlying hypothesis is that one can successfully model user behavior on the basis of user-invoked mouse movements. Our implemented ...
Comments