An official website of the United States government
Facebook has become an important part of our daily life. From knowing the status of our relatives, showing off a new car, to connecting with a high school classmate, abundant personally identifiable information (PII) are made visible to others by posts, images and news. However, this free flow of information has also created significant cyber-security challenges that make us vulnerable to social engineering and cyber crimes. To confront these challenges, we propose a new behavioral biometric that verifies a user based on his or her widget interaction behavior when using Facebook. Specifically, we monitor activities on the user’s Facebook account using our own logging software and verify the user’s claimed identity by binary classifiers trained with two algorithms (SVM-rbf and the GBM– Gradient Boosting Machines). Our novel dataset consists of eight users over a month of data collection with an average of 2.95k rows of data per user. We convert these activities data into meaningful features such as day-of-week, hour-of-day, and widget types and duration of mouse staying on a widget. The performance shows that our novel widget interaction modality is promising for authentication. The SVM-rbf classifiers achieve a mean Equal Error Rate (EER) and mean Accuracy (ACC) of 3.91% and 97.79%, while the GBM classifiers a mean EER and ACC of 2.76% and 97.88%, respectively. In addition, we perform an ablation study to understand the impact of individual features on authentication performance. The importance of features are ranked in the descending order of hour-of-day, day-of-week, and widget types and duration.
more »
« less
Mouse Dynamics Behavioral Biometrics: A Survey
Utilization of the Internet in our everyday lives has made us vulnerable in terms of privacy and security of our data and systems. Therefore, there is a pressing need to protect our data and systems by improving authentication mechanisms, which are expected to be low cost, unobtrusive, and ideally ubiquitous in nature. Behavioral biometric modalities such as mouse dynamics (mouse behaviors on a graphical user interface (GUI)) and widget interactions (another modality closely related to mouse dynamics that also considers the target (widget) of a GUI interaction, such as links, buttons, and combo-boxes) can bolster the security of existing authentication systems because of their ability to distinguish individuals based on their unique features. As a result, it can be difficult for an imposter to impersonate these behavioral biometrics, making them suitable for authentication. In this article, we survey the literature on mouse dynamics and widget interactions dated from 1897 to 2023. We begin our survey with an account of the psychological perspectives on behavioral biometrics. We then analyze the literature along the following dimensions: tasks and experimental settings for data collection, taxonomy of raw attributes, feature extractions and mathematical definitions, publicly available datasets, algorithms (statistical, machine learning, and deep learning), data fusion, performance, and limitations. We end the paper with presenting challenges and promising research opportunities.
more »
« less
- Award ID(s):
- 2122746
- PAR ID:
- 10519795
- Publisher / Repository:
- ACM
- Date Published:
- Journal Name:
- ACM Computing Surveys
- Volume:
- 56
- Issue:
- 6
- ISSN:
- 0360-0300
- Page Range / eLocation ID:
- 1 to 33
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Utilization of Internet in everyday life has made us vulnerable in terms of security and privacy of our data and systems. For example, large-scale data breaches have occurred at Yahoo and Equifax because of lacking of robust and secure data protection within systems. Therefore, it is imperative to find solutions to further boost data security and protect privacy of our systems. To this end, we propose to authenticate users by utilizing score-level fusions based on mouse dynamics (e.g., mouse movement on a screen) and widget interactions (e.g., when clicking or hovering over different icons on a screen) on two novel datasets. In this study, we focus on two common applications, PayPal (a money transaction website) and Facebook (a social media platform). Though we fuse the same modalities for both applications, the purpose of investigating PayPal is to demonstrate how we can authenticate users when the users interact with the app for only a short period of time, while the purpose of investigating Facebook is to authenticate users based on social media browsing activities. We have a total of 10 users for PayPal with an average of 12 minutes of data per user and a total of 15 users for Facebook with an average of 2 hours of data per user. By fusing a single mouse trajectory with the associated widget interactions that occur during the trajectory, our mean EERs (Equal Error Rates) with a score-level fusion of mouse dynamics and widget interactions are 7.64% (SVM-rbf) and 3.25% (GBM), for PayPal, and 5.49% (SVM-rbf) and 2.54% (GBM), for Facebook. To further improve the performance of our fusion, we combine decision scores from multiple consecutive trajectories, which yields a 0% mean EER after 11 decision scores across all the users for both PayPal and Facebook.more » « less
-
This paper explores behavioral biometrics, an emerging authentication method leveraging unique user behavior patterns for continuous security. This dynamic approach offers enhanced protection compared to traditional methods, yet significant challenges must be addressed. A key concern, examined herein, is accuracy; false positives and false negatives can undermine system effectiveness. User frustration arises from false positives, while false negatives create security vulnerabilities. The work emphasizes the need for careful system tuning and advanced machine learning to mitigate these errors. Data privacy and security are also paramount, given the sensitive, non-replaceable nature of the collected information. The paper highlights the importance of robust security measures, user transparency, and informed consent. Furthermore, it acknowledges that natural human behavioral variability, influenced by physical and environmental factors, can impact authentication accuracy, necessitating adaptive systems. In conclusion, addressing these technical and ethical challenges is crucial for realizing the full potential of behavioral biometrics.more » « less
-
The ubiquity of mobile devices nowadays necessitates securing the apps and user information stored therein. However, existing one-time entry-point authentication mechanisms and enhanced security mechanisms such as Multi-Factor Authentication (MFA) are prone to a wide vector of attacks. Furthermore, MFA also introduces friction to the user experience. Therefore, what is needed is continuous authentication that once passing the entry-point authentication, will protect the mobile devices on a continuous basis by confirming the legitimate owner of the device and locking out detected impostor activities. Hence, more research is needed on the dynamic methods of mobile security such as behavioral biometrics-based continuous authentication, which is cost-effective and passive as the data utilized to authenticate users are logged from the phone's sensors. However, currently, there are not many mobile authentication datasets to perform benchmarking research. In this work, we share two novel mobile datasets (Clarkson University (CU) Mobile datasets I and II) consisting of multi-modality behavioral biometrics data from 49 and 39 users respectively (88 users in total). Each of our datasets consists of modalities such as swipes, keystrokes, acceleration, gyroscope, and pattern-tracing strokes. These modalities are collected when users are filling out a registration form in sitting both as genuine and impostor users. To exhibit the usefulness of the datasets, we have performed initial experiments on selected individual modalities from the datasets as well as the fusion of simultaneously available modalities.more » « less
-
null (Ed.)With the growing popularity of smartphones, continuous and implicit authentication of such devices via behavioral biometrics such as touch dynamics becomes an attractive option, especially when the physical biometrics are challenging to utilize, or their frequent and continuous usage annoys the user. However, touch dynamics is vulnerable to potential security attacks such as shoulder surfing, camera attack, and smudge attack. As a result, it is challenging to rule out genuine imposters while only relying on models that learn from real touchstrokes. In this paper, a touchstroke authentication model based on Auxiliary Classifier Generative Adversarial Network (AC-GAN) is presented. Given a small subset of a legitimate user's touchstrokes data during training, the presented AC-GAN model learns to generate a vast amount of synthetic touchstrokes that closely approximate the real touchstrokes, simulating imposter behavior, and then uses both generated and real touchstrokes in discriminating real user from the imposters. The presented network is trained on the Touchanalytics dataset and the discriminability is evaluated with popular performance metrics and loss functions. The evaluation results suggest that it is possible to achieve comparable authentication accuracies with Equal Error Rate ranging from 2% to 11% even when the generative model is challenged with a vast number of synthetic data that effectively simulates an imposter behavior. The use of AC-GAN also diversifies generated samples and stabilizes training.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Journal Article:
- https://doi.org/10.1145/3640311
