Evaluating the impact of contextual information on the performance of intelligent continuous authentication systems
Authors: 
Pedro Miguel Sánchez Sánchez, Adrián Abenza Cano, Alberto Huertas Celdrán, Gregorio Martínez PérezAuthors Info & Claims
ARES '24: Proceedings of the 19th International Conference on Availability, Reliability and Security
Article No.: 72, Pages 1 - 10
Abstract
Nowadays, the usage of computers ranges from activities that do not consider sensitive data, such as playing video games, to others managing confidential information, like military operations. Additionally, regardless of the actions performed by subjects, most computers store different pieces of sensitive data, making the implementation of robust security mechanisms a critical and mandatory task. In this context, continuous authentication has been proposed as a complementary mechanism to improve the limitations of conventional authentication methods. However, mainly driven by the evolution of Machine Learning (ML), a series of challenges related to authentication performance and, therefore, the feasibility of existing systems are still open. This work proposes the usage of contextual information related to the applications executed in the computers to create ML models able to authenticate subjects continuously. To evaluate the suitability of the proposed context-aware ML models, a continuous authentication framework for computers has been designed and implemented. Then, a set of experiments with a public dataset with 12 subjects demonstrated the improvement of the proposed approach compared to the existing ones. Precision, recall, and F1-Score metrics are raised from an average of 0.96 (provided by general ML models proposed in the literature) to 0.99-1.
References
[1]
Margit Antal and Elöd Egyed-Zsigmond. 2019. Intrusion detection using mouse dynamics. IET Biometrics 8, 5 (2019), 285–294.
[2]
Y. Barlas, O. E. Basar, Y. Akan, M. Isbilen, G. I. Alptekin, and O. D. Incel. 2020. DAKOTA: Continuous Authentication with Behavioral Biometrics in a Mobile Banking Application. In 2020 5th International Conference on Computer Science and Engineering (UBMK). 1–6. https://doi.org/10.1109/UBMK50275.2020.9219365
[3]
Ingo Deutschmann and Johan Lindholm. 2013. Behavioral biometrics for DARPA’s active authentication program. In 2013 International Conference of the BIOSIG Special Interest Group (BIOSIG). IEEE, 1–8.
[4]
Juan Manuel Espín López, Alberto Huertas Celdrán, Javier G. Marín-Blázquez, Francisco Esquembre, and Gregorio Martínez Pérez. 2021. S3: An AI-Enabled User Continuous Authentication for Smartphones Based on Sensors, Statistics and Speaker Information. Sensors 21, 11 (2021), 3765. https://doi.org/10.3390/s21113765
[5]
Lex Fridman, Ariel Stolerman, Sayandeep Acharya, Patrick Brennan, Patrick Juola, Rachel Greenstadt, Moshe Kam, and Felix Gomez. 2015. Multi-modal decision fusion for continuous authentication. Computers and Electrical Engineering 41, C (1 Jan. 2015), 142–156. https://doi.org/10.1016/j.compeleceng.2014.10.018
[6]
Lex Fridman, Steven Weber, Rachel Greenstadt, and Moshe Kam. 2016. Active authentication on mobile devices via stylometry, application usage, web browsing, and GPS location. IEEE Systems Journal 11, 2 (2016), 513–521.
[7]
Michelle Goddard. 2017. The EU General Data Protection Regulation (GDPR): European regulation that has a global impact. International Journal of Market Research 59, 6 (2017), 703–705.
[8]
José María Jorquera Valero, Pedro Miguel Sánchez Sánchez, Lorenzo Fernández Maimó, Alberto Huertas Celdrán, Marcos Arjona Fernández, Sergio De Los Santos Vílchez, and Gregorio Martínez Pérez. 2018. Improving the security and QoE in mobile devices through an intelligent and adaptive continuous authentication system. Sensors 18, 11 (2018), 3769.
[9]
Xiaofeng Lu, Shengfei Zhang, Pan Hui, and Pietro Lio. 2020. Continuous authentication by free-text keystroke based on CNN and RNN. Computers & Security 96 (2020), 101861. https://doi.org/10.1016/j.cose.2020.101861
[10]
Chandler Mitchell and Chen-Chi Shing. 2018. Discussing alternative login methods and their advantages and disadvantages. In 2018 14th International Conference on Natural Computation, Fuzzy Systems and Knowledge Discovery (ICNC-FSKD). IEEE, 1353–1356.
[11]
Soumik Mondal and Patrick Bours. 2013. Continuous authentication using mouse dynamics. In 2013 International Conference of the BIOSIG Special Interest Group (BIOSIG). IEEE, 1–12.
[12]
Soumik Mondal and Patrick Bours. 2016. Combining keystroke and mouse dynamics for continuous user authentication and identification. In 2016 IEEE International Conference on Identity, Security and Behavior Analysis (ISBA). IEEE, 1–8.
[13]
Soumik Mondal and Patrick Bours. 2017. A study on continuous authentication using a combination of keystroke and mouse biometrics. Neurocomputing 230 (2017), 1–22.
[14]
Sanka Rasnayaka and Terence Sim. 2018. Who wants Continuous Authentication on Mobile Devices?. In 2018 IEEE 9th International Conference on Biometrics Theory, Applications and Systems (BTAS). IEEE, 1–9.
[15]
Rodrigo Rocha, Davide Carneiro, and Paulo Novais. 2021. Continuous authentication with a focus on explainability. Neurocomputing 423 (2021), 697–702.
[16]
Pedro Miguel Sánchez Sánchez. 2020. CyberDataLab/AuthCode. https://doi.org/10.5281/zenodo.3748714
[17]
Yan Sun, Hayreddin Ceker, and Shambhu Upadhyaya. 2016. Shared keystroke dataset for continuous authentication. In 2016 IEEE International Workshop on Information Forensics and Security (WIFS). IEEE, 1–6.
[18]
Pedro Miguel Sánchez Sánchez, Lorenzo Fernández Maimó, Alberto Huertas Celdrán, and Gregorio Martínez Pérez. 2021. AuthCODE: A privacy-preserving and multi-device continuous authentication architecture based on machine and deep learning. Computers & Security 103 (2021), 102168. https://doi.org/10.1016/j.cose.2020.102168
[19]
Pedro Miguel Sánchez Sánchez, Jose Maria Jorquera Valero, Alberto Huertas Celdran, Gerome Bovet, Manuel Gil Perez, and Gregorio Martínez Pérez. 2021. A Survey on Device Behavior Fingerprinting: Data Sources, Techniques, Application Scenarios, and Datasets. IEEE Communications Surveys & Tutorials 23, 2 (2021), 1048–1077. https://doi.org/10.1109/comst.2021.3064259
[20]
Pedro M. Sánchez Sánchez, José M. Jorquera Valero, Mattia Zago, Alberto Huertas Celdrán, Lorenzo Fernández Maimó, Eduardo López Bernal, Sergio López Bernal, Javier Martínez Valverde, Pantaleone Nespoli, Javier Pastor Galindo, Ángel L. Perales Gómez, Manuel Gil Pérez, and Gregorio Martínez Pérez. 2020. BEHACOM - a dataset modelling users’ behaviour in computers. Data in Brief 31 (2020), 105767. https://doi.org/10.1016/j.dib.2020.105767
[21]
Esra Vural, Jiaju Huang, Daqing Hou, and Stephanie Schuckers. 2014. Shared research dataset to support development of keystroke authentication. In IEEE International joint conference on biometrics. IEEE, 1–8.
Index Terms
- Evaluating the impact of contextual information on the performance of intelligent continuous authentication systems
Recommendations
A note on using the F-measure for evaluating record linkage algorithms
Record linkage is the process of identifying and linking records about the same entities from one or more databases. Record linkage can be viewed as a classification problem where the aim is to decide whether a pair of records is a match (i.e. two ...
Continuous Authentication Using Behavioral Biometrics
IWSPA '17: Proceedings of the 3rd ACM on International Workshop on Security And Privacy AnalyticsCurrently, the standard methods to authenticate a computer/network user typically occur once at the initial log-in. These authentication methods involve user proxies, especially passwords and smart cards such as common access cards (CACs) and service ID ...
Privacy-preserving continuous authentication using behavioral biometrics
AbstractContinuous authentication modalities collect and utilize users’ sensitive data to authenticate them continuously. Such data contain information about user activities, behaviors, and other demographic information, which causes privacy concerns. In ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
July 2024
2032 pages
ISBN:9798400717185
DOI:10.1145/3664476
Copyright © 2024 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 30 July 2024
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Funding Sources
- armasuisse S&T
- INCIBE (Instituto Nacional de Ciberseguridad)
Conference
ARES 2024
ARES 2024: The 19th International Conference on Availability, Reliability and Security
July 30 - August 2, 2024
Vienna, Austria
Acceptance Rates
Overall Acceptance Rate 228 of 451 submissions, 51%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 18Total Downloads
- Downloads (Last 12 months)18
- Downloads (Last 6 weeks)4
Reflects downloads up to 14 Dec 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format