skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Authenticating Facebook Users Based on Widget Interaction Behavior
Facebook has become an important part of our daily life. From knowing the status of our relatives, showing off a new car, to connecting with a high school classmate, abundant personally identifiable information (PII) are made visible to others by posts, images and news. However, this free flow of information has also created significant cyber-security challenges that make us vulnerable to social engineering and cyber crimes. To confront these challenges, we propose a new behavioral biometric that verifies a user based on his or her widget interaction behavior when using Facebook. Specifically, we monitor activities on the user’s Facebook account using our own logging software and verify the user’s claimed identity by binary classifiers trained with two algorithms (SVM-rbf and the GBM– Gradient Boosting Machines). Our novel dataset consists of eight users over a month of data collection with an average of 2.95k rows of data per user. We convert these activities data into meaningful features such as day-of-week, hour-of-day, and widget types and duration of mouse staying on a widget. The performance shows that our novel widget interaction modality is promising for authentication. The SVM-rbf classifiers achieve a mean Equal Error Rate (EER) and mean Accuracy (ACC) of 3.91% and 97.79%, while the GBM classifiers a mean EER and ACC of 2.76% and 97.88%, respectively. In addition, we perform an ablation study to understand the impact of individual features on authentication performance. The importance of features are ranked in the descending order of hour-of-day, day-of-week, and widget types and duration.  more » « less
Award ID(s):
1650503
PAR ID:
10323031
Author(s) / Creator(s):
; ; ; ;
Date Published:
Journal Name:
2021 IEEE 18th Annual Consumer Communications & Networking Conference
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; (, 2023 IEEE 20th Consumer Communications & Networking Conference (CCNC))
    Utilization of Internet in everyday life has made us vulnerable in terms of security and privacy of our data and systems. For example, large-scale data breaches have occurred at Yahoo and Equifax because of lacking of robust and secure data protection within systems. Therefore, it is imperative to find solutions to further boost data security and protect privacy of our systems. To this end, we propose to authenticate users by utilizing score-level fusions based on mouse dynamics (e.g., mouse movement on a screen) and widget interactions (e.g., when clicking or hovering over different icons on a screen) on two novel datasets. In this study, we focus on two common applications, PayPal (a money transaction website) and Facebook (a social media platform). Though we fuse the same modalities for both applications, the purpose of investigating PayPal is to demonstrate how we can authenticate users when the users interact with the app for only a short period of time, while the purpose of investigating Facebook is to authenticate users based on social media browsing activities. We have a total of 10 users for PayPal with an average of 12 minutes of data per user and a total of 15 users for Facebook with an average of 2 hours of data per user. By fusing a single mouse trajectory with the associated widget interactions that occur during the trajectory, our mean EERs (Equal Error Rates) with a score-level fusion of mouse dynamics and widget interactions are 7.64% (SVM-rbf) and 3.25% (GBM), for PayPal, and 5.49% (SVM-rbf) and 2.54% (GBM), for Facebook. To further improve the performance of our fusion, we combine decision scores from multiple consecutive trajectories, which yields a 0% mean EER after 11 decision scores across all the users for both PayPal and Facebook. 
    more » « less
  2. ; (, IEEE)
    This paper presents an EEG-based user authentication system using Event-Related Potentials (ERPs) to distinguish legitimate users from impostors. Utilizing a publicly available EEG dataset, we implemented a comprehensive data processing pipeline, which included advanced preprocessing and feature extraction techniques. Multiple state-of-the-art machine learning classifiers, such as CatBoost and XGBoost, were evaluated to assess their effectiveness in user authentication. The results showed a very low average Equal Error Rate (EER) of 2.53%. Our study emphasizes the strength of the P300 and N400 responses in biometric authentication and demonstrates the potential of advanced ensemble classifiers in improving system accuracy. This research contributes to the development of EEG-based authentication and lays the groundwork for future studies aiming to create secure and practical biometric systems. 
    more » « less
  3. ; ; ; (, ACM Computing Surveys)
    Utilization of the Internet in our everyday lives has made us vulnerable in terms of privacy and security of our data and systems. Therefore, there is a pressing need to protect our data and systems by improving authentication mechanisms, which are expected to be low cost, unobtrusive, and ideally ubiquitous in nature. Behavioral biometric modalities such as mouse dynamics (mouse behaviors on a graphical user interface (GUI)) and widget interactions (another modality closely related to mouse dynamics that also considers the target (widget) of a GUI interaction, such as links, buttons, and combo-boxes) can bolster the security of existing authentication systems because of their ability to distinguish individuals based on their unique features. As a result, it can be difficult for an imposter to impersonate these behavioral biometrics, making them suitable for authentication. In this article, we survey the literature on mouse dynamics and widget interactions dated from 1897 to 2023. We begin our survey with an account of the psychological perspectives on behavioral biometrics. We then analyze the literature along the following dimensions: tasks and experimental settings for data collection, taxonomy of raw attributes, feature extractions and mathematical definitions, publicly available datasets, algorithms (statistical, machine learning, and deep learning), data fusion, performance, and limitations. We end the paper with presenting challenges and promising research opportunities. 
    more » « less
  4. ; ; (, IEEE 4th International Conference on Identity, Security, and Behavior Analysis (ISBA))
    Wearable computing devices have become increasingly popular and while these devices promise to improve our lives, they come with new challenges. One such device is the Google Glass from which data can be stolen easily as the touch gestures can be intercepted from a head-mounted device. This paper focuses on analyzing and combining two behavioral metrics, namely, head movement (captured through glass) and torso movement (captured through smartphone) to build a continuous authentication system that can be used on Google Glass alone or by pairing it with a smartphone. We performed a correlation analysis among the features on these two metrics and found that very little correlation exists between the features extracted from head and torso movements in most scenarios (set of activities). This led us to combine the two metrics to perform authentication. We built an authentication system using these metrics and compared the performance among different scenarios. We got EER less than 6% when authenticating a user using only the head movements in one scenario whereas the EER is less than 5% when authenticating a user using both head and torso movements in general. 
    more » « less
  5. ; ; ; ; ; (, IEEE Conference on Computer Communications)
    Traditional one-time user authentication processes might cause friction and unfavorable user experience in many widely-used applications. This is a severe problem in particular for security-sensitive facilities if an adversary could obtain unauthorized privileges after a user’s initial login. Recently, continuous user authentication (CA) has shown its great potential by enabling seamless user authentication with few active participation. We devise a low-cost system exploiting a user’s pulsatile signals from the photoplethysmography (PPG) sensor in commercial wrist-worn wearables for CA. Compared to existing approaches, our system requires zero user effort and is applicable to practical scenarios with non-clinical PPG measurements having motion artifacts (MA). We explore the uniqueness of the human cardiac system and design an MA filtering method to mitigate the impacts of daily activities. Furthermore, we identify general fiducial features and develop an adaptive classifier using the gradient boosting tree (GBT) method. As a result, our system can authenticate users continuously based on their cardiac characteristics so little training effort is required. Experiments with our wrist-worn PPG sensing platform on 20 participants under practical scenarios demonstrate that our system can achieve a high CA accuracy of over 90% and a low false detection rate of 4% in detecting random attacks. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email