Table 1 - uploaded by Mirko Stanić
Content may be subject to copyright.
Comparison of existing user verification method by [17]

Comparison of existing user verification method by [17]

Source publication
Conference Paper
Full-text available
This paper provides overview of the current methods of identifying users based on their interactions with a computer keyboard, mouse or a touchscreen and argues that in their current state of development none of them are capable of establishing the users identity within the time it takes for a user to input a password. The paper proposes the applic...

Context in source publication

Context 1
... methods of user identity verification based on mouse movements are not efficient enough to achieve the European Standard for Access Control Systems requirements, which are a FRR of less than 1% and FAR of under 0.001%. Table 1, taken from [17], shows the effectiveness of current mouse based user verification methods. To this end todays behavioral biometrics systems employ both mouse based behavioral biometrics as well as ones that are keystroke based. ...

Similar publications

Article
Full-text available
As a behavioral biometric trait, an online signature is extensively used to verify a person’s identity in many applications. In this paper, we present a method using shape contexts and function features as well as a two-stage strategy for accurate online signature verification. Specifically, in the first stage, features of shape contexts are extrac...
Article
Full-text available
signature verification is a behavioral biometric. Every day, we may face signature verification problem directly or indirectly whether it is in a banking transaction or signing a credit card transaction or authenticating a legal document. In order to solve this problem, during the last few decades, research has been going on with different approach...
Article
Full-text available
This paper describes a combined behavioral techniques based on speech and signature biometrics modalities. Fusion of multiple biometric modalities for human verification performance improvement has received considerable attention. Multi-biometric systems, which consolidate information from multiple biometric sources, are gaining popularity because...
Article
Full-text available
Biometric systems are considered an efficient component for identification in the developing modern technologies. The aim of biometric systems is to verify or determine the identity of a user through his/her biological and behavioral characteristics. The threat of spoof attacks is always an important issue in biometric verification and authenticati...
Conference Paper
Full-text available
We introduce a generic component-based design of a run-time checker, identify its components and their requirements, and evaluate existing state of the art tools instantiating each component.

Citations

... Continuous authentication methods based on conventional input devices (e.g., keyboard, mouse, touch screen) are appealing because it is their usage that provides biometric samples for recognition (Stanic, 2013). They do not require an additional sensor and they impose no restrictions in which activities the user can perform during authentication (Shen, Cai, & Guan, 2012). ...
Article
Full-text available
The shortcomings of conventional access control systems for high‐security environments have led to the concert of continuous authentication. Contrary to traditional verification, in which users are authenticated only once at the start of their session, continuous authentication systems regularly check users' identities to prevent hijackings. The challenges in this area involve balancing the security of protected assets by quickly detecting intruders with the system usability for genuine users. Biometric recognition plays a major role within this context, as it is the main way to assure that users are who they claim to be. A comparative analysis of the latest works revealed different aspects of this problem. First, some biometrics traits among those applied for continuous authentication are more suitable for this task than others. Second, systems combining multiple traits have advantages over those relying on a single one. Finally, many works fail to report proper evaluation metrics. With this in mind, we were able to identify new opportunities for researchers in the field. We highlight the potential for mining new datasets on the internet, which would benefit validation and benchmarking, and how recent deep learning techniques could address some of the open challenges in the area. This article is categorized under: • Technologies > Prediction • Technologies > Machine Learning • Application Areas > Science and Technology
... Mouse dynamics have been extensively studied and used as a behavioral biometric approach [1]- [3]. Most of the existing research in this context relied on the distance or speed related features of mouse dynamics [3], [9]- [12]. Although the geometry-and locomotion-based features have been proven to be effective in representing the mouse operational behaviors, they are all subject to the device-dependent limitations. ...
Article
Full-text available
In this paper, we propose enhanced continuous authentication by supplementing keystroke and mouse dynamics with wrist motion behaviors. Our method bridges the security gap when neither the mouse nor the keyboard is being used, such as during transitions from mouse to keyboard and vice versa, or during intermittent pauses when wrist movement is captured. Context-aware keystroke latency feature cell generation improves performance and solves latency fluctuation – different diagraphs have different latencies in different words. Based on two Random Forest Ensemble Classifiers (RFECs) recognizing the mouse and keystroke actions with corresponding wrist motions and one Sequential Sampling Analysis (SSA) or SSA Dynamic Trust Model (SSA-DTM), the identity of the user can be continuously verified no matter the operation mode — mouse clicking or keyboard typing. Experimental results, based on 44 subjects, show that the proposed approach can reach an FRR of 0.92% for genuine users and an FAR of 0 for attackers. The approach is shown to be more superior in efficient and timely authentications by making an authentication decision within only 35 mixed actions — mouse clicks or keystrokes, compared with conventional methods solely based on the mouse geometry and locomotion features or keystroke latency features.
... Research on mouse dynamics owes its inception to the research conducted by Everitt and colleague (Everitt and McOwan, 2003). This has generated studies, majorly, on active authentication (Shen et al., 2013;Bailey et al., 2014;Mondal and Bours, 2016a) and continuous authentication (Mondal and Bours, 2017;Stanic, 2013). More recently, it has been extended to digital forensic readiness processes (Ernsberger et al., 2017). ...
Article
the need for a reliable and complementary identifier mechanism in a digital forensic analysis is the focus of this study. Mouse dynamics have been applied in information security studies, particularly, continuous authentication and authorization. However, the method applied in security is void of specific behavioral signature of a user, which inhibits its applicability in digital forensic science. This study investigated the likelihood of the observation of a unique signature from mouse dynamics of a computer user. An initial mouse path model was developed using non-finite automata. Thereafter, a set-theory based adaptive two-stage hash function and a multi-stage rule-based semantic algorithm were developed to observe the feasibility of a unique signature for forensic usage. An experimental process which comprises three existing mouse dynamics datasets were used to evaluate the applicability of the developed mechanism. The result showed a low likelihood of extracting unique behavioral signature which can be used in a user attribution process. Whilst digital forensic readiness mechanism could be a potential approach that can be used to achieve a reliable behavioral biometrics modality, the lack of unique signature presents a limitation. In addition, the result supports the logic that the current state of behavioral biometric modality, particularly mouse dynamics, is not suitable for forensic usage. Hence, the study concluded that whilst mouse dynamics-based behavioral biometrics may be a complementary modality in security studies, more will be required to adopt it as a forensic modality in litigation. Furthermore, the result from this study finds relevance in other human attributional studies such as user identification in recommender systems, e-commerce, and online profiling systems, where the degree of accuracy is not relatively high.
... This paper overcomes the problem of session hijacking. To reduce the number of mouse action which requires identifying the user, Stanic (2013) introduced an application of behavioural biometrics to safeguard against unauthorised users. It amalgamates many techniques in order to improve the efficiency. ...
... This paper overcomes the problem of session hijacking. To reduce the number of mouse action which requires identifying the user, Stanic (2013) introduced an application of behavioural biometrics to safeguard against unauthorised users. It amalgamates many techniques in order to improve the efficiency. ...
Article
There has been significant research in the provision of trustworthy initial login user authentication, however, there is still need for continuous authentication during a user session. Most mobile devices and computer systems authenticate a user only at the initial login session and do not take steps to recognise whether the present user is still the initial authorised user or an imposter pretending to be a valid user. Therefore, a system to check the identity of the user continuously throughout the whole session is necessary. To ensure the authenticity of the user during their whole login session, a continuous user authentication mechanism is required. In this paper, an overview of different continuous authentication methods is presented along with a discussion on the merits and demerits of the available approaches. This paper also discusses the understanding of the emerging necessities and open problems in continuous user authentication system.
... The Cubic spline employed in these works is generating a de-noised version of the curvilinear trajectory taken by the mouse under specific user influence. Many researchers extract features from mouse movements as they exhibit better discriminatory power than those from mouse-clicks alone [1], [9], [11], [14], [16], [21], [20]. Spline smoothing is mainly a least-square problem with a penalty term proportional to the average curvature of the function over space. ...
... Behavioral Keystroke [52][53][54][55][56][57][58][59][60][61][62][63][64][65][66] Mouse [67][68][69][70][71][72][73][74][75][76][77] Signature [78] Gait [79][80][81][82][83][84][85][86][87] Voice [88][89][90][91] Behavioral profiling [92][93][94][95][96] Physiological Face [97][98][99][100][101] Ear [102][103][104][105] Finger [106,107] Palmprint [108] Iris [109][110][111][112][113][114][115][116] Whilst [121] incorporated facial recognition and fingerprint in their model, the latter was applied intrusively when the confidence level went below the specified threshold, making it eventually unimodal. The accomplished matching score of 48.6-72.5 % indicates undesirable performance especially with critical applications. ...
Article
Full-text available
Individuals, businesses and governments undertake an ever-growing range of activities online and via various Internet-enabled digital devices. Unfortunately, these activities, services, information and devices are the targets of cybercrimes. Verifying the user legitimacy to use/access a digital device or service has become of the utmost importance. Authentication is the frontline countermeasure of ensuring only the authorized user is granted access; however, it has historically suffered from a range of issues related to the security and usability of the approaches. They are also still mostly functioning at the point of entry and those performing sort of re-authentication executing it in an intrusive manner. Thus, it is apparent that a more innovative, convenient and secure user authentication solution is vital. This paper reviews the authentication methods along with the current use of authentication technologies, aiming at developing a current state-of-the-art and identifying the open problems to be tackled and available solutions to be adopted. It also investigates whether these authentication technologies have the capability to fill the gap between high security and user satisfaction. This is followed by a literature review of the existing research on continuous and transparent multimodal authentication. It concludes that providing users with adequate protection and convenience requires innovative robust authentication mechanisms to be utilized in a universal level. Ultimately, a potential federated biometric authentication solution is presented; however it needs to be developed and extensively evaluated, thus operating in a transparent, continuous and user-friendly manner.
Article
Full-text available
Authentication is the process of keeping the user’s personal information as confidential in digital applications. Moreover, the user authentication process in the digital platform is employed to verify the own users by some authentication methods like biometrics, voice recognition, and so on. Traditionally, a one-time login based credential verification method was utilized for user authentication. Recently, several new approaches were proposed to enhance the user authentication framework but those approaches have been found inconsistent during the authentication execution process. Hence, the main motive of this review article is to analyze the advantage and disadvantages of authentication systems such as voice recognition, keystroke, and mouse dynamics. These authentication models are evaluated in a continuous non-user authentication environment and their results have been presented in way of tabular and graphical representation. Also, the common merits and demerits of the discussed authentication systems are broadly explained discussion section. Henceforth, this study will help the researchers to adopt the best suitable method at each stage to build an authentication framework for non-intrusive active authentication.
Article
Full-text available
One of the main functions of an information security system is the identification of any access subject to be able to investigate information security incidents. During executing procedures of scanning and vulnerability exploitation, qualified adversaries regularly change identifying features. Such operations can not only obfuscate logging the data in subsystems, thus, complicating the restoring of events chronology for an information security expert but also call into question the irrefutability of the evidence of participation of particular adversary to particular illegal operations. In the paper analyses of application of modern approaches of adversary identification in web resources, which does not require authentification of main part of users, is given (fingerprinting, analysis of behavioral features). Along with widely used in web analytics ''thermal maps'', user adapted profile and computer model of dynamics of ''user-mouse'' system, authors offer to identify the subjects of information security incident in readily available informational resources of the Internet. The main idea of the prospective approach consists of the following: when a thermal map is built, not only the density of data layout should be considered but also statistical parameters should be defined by an expert (the distance of intensity gradient, distance overlap, etc.). The authors also offer to consider the dynamics of user operations (e.g. calculation of the average duration of data entry into interactive elements). A description of each step of an appropriate technique and also information on its practical implementation are given. Robustness of the given approach is confirmed by a practical experiment. The offered technique is not a universal instrument of adversary identification. Only manual targeted attacks are considered, the cURL tools etc. used by adversaries are not taken into account. Therefore, it is recommended to use this technique exclusively in addition to working protective systems (WAF, IPS, IDS).