Active Authentication on Mobile Devices via Stylometry, Application Usage, Web Browsing, and GPS Location

Lex Fridman, Steven Weber, Rachel Greenstadt, Moshe Kam

    Research output: Contribution to journalArticle

    Abstract

    Active authentication is the problem of continuously verifying the identity of a person based on behavioral aspects of their interaction with a computing device. In this paper, we collect and analyze behavioral biometrics data from 200 subjects, each using their personal Android mobile device for a period of at least 30 days. This data set is novel in the context of active authentication due to its size, duration, number of modalities, and absence of restrictions on tracked activity. The geographical colocation of the subjects in the study is representative of a large closed-world environment such as an organization where the unauthorized user of a device is likely to be an insider threat: coming from within the organization. We consider four biometric modalities: 1) text entered via soft keyboard, 2) applications used, 3) websites visited, and 4) physical location of the device as determined from GPS (when outdoors) or WiFi (when indoors). We implement and test a classifier for each modality and organize the classifiers as a parallel binary decision fusion architecture. We are able to characterize the performance of the system with respect to intruder detection time and to quantify the contribution of each modality to the overall performance.

    Original languageEnglish (US)
    Article number7444124
    Pages (from-to)513-521
    Number of pages9
    JournalIEEE Systems Journal
    Volume11
    Issue number2
    DOIs
    StatePublished - Jun 1 2017

    Fingerprint

    Biometrics
    Mobile devices
    Authentication
    Global positioning system
    Classifiers
    Websites
    Fusion reactions
    Android (operating system)

    Keywords

    • Active authentication
    • application usage patterns
    • behavioral biometrics
    • decision fusion
    • GPS location
    • insider threat
    • intrusion detection
    • multimodal biometric systems
    • stylometry
    • web browsing behavior

    ASJC Scopus subject areas

    • Control and Systems Engineering
    • Electrical and Electronic Engineering

    Cite this

    Active Authentication on Mobile Devices via Stylometry, Application Usage, Web Browsing, and GPS Location. / Fridman, Lex; Weber, Steven; Greenstadt, Rachel; Kam, Moshe.

    In: IEEE Systems Journal, Vol. 11, No. 2, 7444124, 01.06.2017, p. 513-521.

    Research output: Contribution to journalArticle

    Fridman, Lex ; Weber, Steven ; Greenstadt, Rachel ; Kam, Moshe. / Active Authentication on Mobile Devices via Stylometry, Application Usage, Web Browsing, and GPS Location. In: IEEE Systems Journal. 2017 ; Vol. 11, No. 2. pp. 513-521.
    @article{3fef8e8727624d249378b6d0e1e61e6d,
    title = "Active Authentication on Mobile Devices via Stylometry, Application Usage, Web Browsing, and GPS Location",
    abstract = "Active authentication is the problem of continuously verifying the identity of a person based on behavioral aspects of their interaction with a computing device. In this paper, we collect and analyze behavioral biometrics data from 200 subjects, each using their personal Android mobile device for a period of at least 30 days. This data set is novel in the context of active authentication due to its size, duration, number of modalities, and absence of restrictions on tracked activity. The geographical colocation of the subjects in the study is representative of a large closed-world environment such as an organization where the unauthorized user of a device is likely to be an insider threat: coming from within the organization. We consider four biometric modalities: 1) text entered via soft keyboard, 2) applications used, 3) websites visited, and 4) physical location of the device as determined from GPS (when outdoors) or WiFi (when indoors). We implement and test a classifier for each modality and organize the classifiers as a parallel binary decision fusion architecture. We are able to characterize the performance of the system with respect to intruder detection time and to quantify the contribution of each modality to the overall performance.",
    keywords = "Active authentication, application usage patterns, behavioral biometrics, decision fusion, GPS location, insider threat, intrusion detection, multimodal biometric systems, stylometry, web browsing behavior",
    author = "Lex Fridman and Steven Weber and Rachel Greenstadt and Moshe Kam",
    year = "2017",
    month = "6",
    day = "1",
    doi = "10.1109/JSYST.2015.2472579",
    language = "English (US)",
    volume = "11",
    pages = "513--521",
    journal = "IEEE Systems Journal",
    issn = "1932-8184",
    publisher = "Institute of Electrical and Electronics Engineers Inc.",
    number = "2",

    }

    TY - JOUR

    T1 - Active Authentication on Mobile Devices via Stylometry, Application Usage, Web Browsing, and GPS Location

    AU - Fridman, Lex

    AU - Weber, Steven

    AU - Greenstadt, Rachel

    AU - Kam, Moshe

    PY - 2017/6/1

    Y1 - 2017/6/1

    N2 - Active authentication is the problem of continuously verifying the identity of a person based on behavioral aspects of their interaction with a computing device. In this paper, we collect and analyze behavioral biometrics data from 200 subjects, each using their personal Android mobile device for a period of at least 30 days. This data set is novel in the context of active authentication due to its size, duration, number of modalities, and absence of restrictions on tracked activity. The geographical colocation of the subjects in the study is representative of a large closed-world environment such as an organization where the unauthorized user of a device is likely to be an insider threat: coming from within the organization. We consider four biometric modalities: 1) text entered via soft keyboard, 2) applications used, 3) websites visited, and 4) physical location of the device as determined from GPS (when outdoors) or WiFi (when indoors). We implement and test a classifier for each modality and organize the classifiers as a parallel binary decision fusion architecture. We are able to characterize the performance of the system with respect to intruder detection time and to quantify the contribution of each modality to the overall performance.

    AB - Active authentication is the problem of continuously verifying the identity of a person based on behavioral aspects of their interaction with a computing device. In this paper, we collect and analyze behavioral biometrics data from 200 subjects, each using their personal Android mobile device for a period of at least 30 days. This data set is novel in the context of active authentication due to its size, duration, number of modalities, and absence of restrictions on tracked activity. The geographical colocation of the subjects in the study is representative of a large closed-world environment such as an organization where the unauthorized user of a device is likely to be an insider threat: coming from within the organization. We consider four biometric modalities: 1) text entered via soft keyboard, 2) applications used, 3) websites visited, and 4) physical location of the device as determined from GPS (when outdoors) or WiFi (when indoors). We implement and test a classifier for each modality and organize the classifiers as a parallel binary decision fusion architecture. We are able to characterize the performance of the system with respect to intruder detection time and to quantify the contribution of each modality to the overall performance.

    KW - Active authentication

    KW - application usage patterns

    KW - behavioral biometrics

    KW - decision fusion

    KW - GPS location

    KW - insider threat

    KW - intrusion detection

    KW - multimodal biometric systems

    KW - stylometry

    KW - web browsing behavior

    UR - http://www.scopus.com/inward/record.url?scp=84962618524&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=84962618524&partnerID=8YFLogxK

    U2 - 10.1109/JSYST.2015.2472579

    DO - 10.1109/JSYST.2015.2472579

    M3 - Article

    AN - SCOPUS:84962618524

    VL - 11

    SP - 513

    EP - 521

    JO - IEEE Systems Journal

    JF - IEEE Systems Journal

    SN - 1932-8184

    IS - 2

    M1 - 7444124

    ER -