Wei Li,Shuping Yi,Qian Yi,Jiajia Li,Shiquan Xiong

DOI: https://doi.org/10.1007/978-3-030-50309-3_39

2020-01-01

Abstract:With the increasingly prominent problem of information security, the research on user trustworthy authentication technology becomes more and more important. Identification and authentication methods based on user’s biological behavior characteristics have attracted widespread attention due to their low cost and difficulty in imitation, which represented by mouse dynamics. This study proposed an improved method for time-frequency joint analysis of mouse behaviors for trustworthy authentication of website users. We collected the behavior data of the user’s natural mouse operation under real website environment, and analyzed the timing and spatial characteristics of the user’s mouse movements. Based on extracting the time-frequency joint distribution characteristics and spatial distribution characteristics of the temporal signals of the user’s mouse movements, we used the random forest algorithm to establish a user’s trustworthy authentication model. Mouse behavior data of five users during twenty-eight months had been used as a case study to explore the effectiveness of this method in user trustworthy authentication. The results of case analysis showed that, comparing to the original research, the method proposed in this study significantly improved the accuracy of the website user trustworthy authentication.

Xiaojun Chen,Fei Xu,Rui Xu,Siu-Ming Yiu,Jinqiao Shi

DOI: https://doi.org/10.1109/INFCOMW.2014.6849185

2014-01-01

Abstract:It is relatively easier for an insider attacker to steal the password of a colleague or use an unattended machine (logged in by other users) within a trusted domain to launch an attack. A simple real-time authentication by password may not work if they have the password. A promising direction is to consider how a user uses the mouse (referred as mouse dynamics). By comparing the stored mouse behavioral profile of the valid user, the system automatically authenticates the user. However, existing approaches are impractical due to long verification time (several minutes on average). An attack may only take seconds (e. g. copying a file, sending an email). In this abstract, we propose a practical real-time authentication method via mouse dynamics, called PAITS (Practical Authentication with Identity Tracking System). The real-time authentication can be done in only 5 seconds with similar accuracy as existing methods. The novelty of PAITS comes from tracking the behavior of users using "short-lived interventional scenarios" (in which the cursor is out of control, e. g. cursor stops, disappears, or slows down) with 71 carefully chosen attributes as the profile.

Chao Shen,Zhongmin Cai,Xiaomei Liu,Xiaohong Guan,Roy A. Maxion

DOI: https://doi.org/10.1109/thms.2016.2558623

2016-01-01

IEEE Transactions on Human-Machine Systems

Abstract:Analysis of mouse-interaction behaviors for identifying individual computer users has experienced growing interest from information security and biometric researchers. This paper presents a simple and efficient user verification system by modeling mouse-interaction behavior, which is accurate and competent for future deployment. For each mouse-operation sample, holistic attributes of mouse trajectories are first analyzed using a power transformation method, to derive a schematic representation of behavior eigenspace. Then, a propagation-based segmentation method is developed to model the detailed dynamic process of mouse movements by performing adaptive behavior segmentation and then characterizing each obtained segment using fine-grained procedural motion metrics. Both schematic and procedural cues from mouse-interaction behaviors may be used independently for verification, being fused at the decision level using combination rules. Analyses are conducted using data from 106 subjects with 21 200 mouse-operation samples. The verification system achieves a 1.96% false-rejection rate and a 1.18% false-acceptance rate with a short verification time (about 6 s) and lightweight system overload. Additional experiments on the effect of sample length and subject pool further examine the applicability of our verification system. We also compare the proposed approach with the state-of-the-art approaches for the data collected. Our findings suggest that mouse-interaction behaviors can enhance traditional authentication systems.

Xiaohong Guan

2008-01-01

Abstract:User identification and monitoring is one of the most important issues in computer system security.A new method for user identification is presented based on the dynamics of computer mouse behavior.Data of mouse behavior in various applications are collected,and users' mouse behavior in human computer interaction is analyzed and modeled,specifically from both the interaction layer and the physiological layer.Based on the dynamic model,a real-time identity authentication and monitoring prototype system is developed,which can intercept users' mouse behavior data,and compare user's current behavior with his history behavior model in order to detect and authenticate current user's identity.According to the result of authentication,system responds real-time and defends against the intrusion of illegal user.An algorithm that uses feature dimension reduction and neural network for classification is applied in experiments for ten users.The experimental results show that mouse dynamics is effective for authenticating and monitoring user identities with a false accept rate(FAR) of 0.48% and a false rejection rate(FRR) of 2.86%.

Rushit Dave,Marcho Handoko,Ali Rashid,Cole Schoenbauer

2024-03-07

Abstract:In the realm of computer security, the importance of efficient and reliable user authentication methods has become increasingly critical. This paper examines the potential of mouse movement dynamics as a consistent metric for continuous authentication. By analyzing user mouse movement patterns in two contrasting gaming scenarios, "Team Fortress" and Poly Bridge we investigate the distinctive behavioral patterns inherent in high-intensity and low-intensity UI interactions. The study extends beyond conventional methodologies by employing a range of machine learning models. These models are carefully selected to assess their effectiveness in capturing and interpreting the subtleties of user behavior as reflected in their mouse movements. This multifaceted approach allows for a more nuanced and comprehensive understanding of user interaction patterns. Our findings reveal that mouse movement dynamics can serve as a reliable indicator for continuous user authentication. The diverse machine learning models employed in this study demonstrate competent performance in user verification, marking an improvement over previous methods used in this field. This research contributes to the ongoing efforts to enhance computer security and highlights the potential of leveraging user behavior, specifically mouse dynamics, in developing robust authentication systems.

Artificial Intelligence

Shujie Hu,Jun Bai,Hongri Liu,Chao Wang,Bailing Wang

DOI: https://doi.org/10.1109/iscid.2017.134

2017-01-01

Abstract:Biometric security is one of the fundamental problems in user authentication. The authentication model based on mouse dynamics and biometrics has been widely researched in recent years. However, the model security against potential attacks is largely ignored. In this paper, we propose a mouse movement simulation method to inspect the vulnerability of this authentication technique. The authenticity of the mouse movement data generated by the simulation method is validated by five benchmark classifiers. Experimental results show the simulation method possesses a high authentication pass rate for most users. It indicates the proposed method can simulate real user mouse actions and the persuasive assumption that mouse behavior is difficult to imitate might be too optimistic.

Jie Zhang,Ruohan Bai

DOI: https://doi.org/10.1016/j.dsp.2024.104555

IF: 2.92

2024-01-01

Digital Signal Processing

Abstract:Identify authentication is an important component of computer security systems and has received extensive research and attention. Computer authentication techniques, such as passwords, fingerprint recognition, and face recognition, are widely used. However, the above authentication methods are vulnerable to copying and theft attacks. Past proposals to solve this limitation are based on mouse trajectory movement curves, which leverage the user's dynamic behavioral characteristics and are difficult to counterfeit. This paper proposes an intelligent authentication method based on mouse trajectory and wireless signal. Unlike previous work, our design uses two commercial wireless devices as transceivers to identify users. The insight is that when different users draw the same mouse trajectory, the impact of the trajectory on the wireless signal is different, which can be seen as fingerprints to identify users. Butterworth bandpass filtering and principal components analysis(PCA) is used to denoise and reduce the dimension of CSI measurements, and then time-frequency domain and multi-scale energy features are extracted, and then the ReliefF algorithm is leveraged to select features that can differentiate different users, and machine learning algorithm is used to authenticate and identify users. Experimental results show that average accuracy of 97.34% for user authentication and 93.90% for user identification.

xiaojun chen,jinqiao shi,rui xu,s m yiu,bingxing fang,fei xu

DOI: https://doi.org/10.1007/978-3-662-45670-5_22

2014-01-01

Abstract:It is relatively easier for an insider attacker to steal the password of a colleague or use an unattended machine (logged in by other users) within a trusted domain to launch an attack. A simple real-time authentication by password may not work if they have the password. By comparing the stored mouse behavioral profile of the valid user, the system automatically authenticates the user. However, long verification time in existing approaches based on mouse dynamics which mostly last dozens of minutes and probably make masquerader escaped from detection mechanism. In this paper, we proposed a system called PAITS (Practical Authentication with Identity Tracing System) to do reauthentication via comparison of mouse behavior under a short-lived interventional scenario. Mouse movements under the special scenario where the cursor is a bit out of control can capture the user's unconscious reaction, and then be used for behavioral comparison and detection of malicious masquerader. Our experiments on PAITS demonstrate best result with a FRR of 2.86% and a FAR of 3.23% under probability neural network with 71 features. That is a comparative result against the previous research results, but at the same time significantly shorten the verification time from dozens of minutes to five seconds.

ZHANG Yigong,YI Qian,LI Jian,LI Congbo,YIN Aijun,YI Shuping

DOI: https://doi.org/10.11959/j.issn.2096−3750.2022.00268

2022-01-01

Abstract:The rapid development of the industrial internet had caused widespread concern about the network security, and the end-user authentication technology was considered a research hotspot.According to the characteristics of human-computer interaction in industrial internet, an experimental website was designed.24 users' mouse behavior data in an uncontrolled environment were collected within 2.5 years to conduct case studies.Hilbert-Huang transform (HHT) was used to extract frequency domain features of mouse behavior signals, combined with time domain features to form a time-frequency joint domain feature matrix of 163-dimensional to characterize user mouse behavior patterns.Bagged tree, support vector machine (SVM), Boost tree and K-nearest neighbor (KNN) were used to build a user authentication model， and the comparison result showed that the Bagged tree had the best internal detection effect in this case, with an average false acceptance rate (FAR) of 0.12% and an average false rejection rate (FRR) of 0.28%.In external detection, the FAR was 1.47%.Compared with the traditional mouse dynamics method, the frequency domain information of mouse behavior extracted by HHT can better realize the user authentication, and provide technical support the security of the industrial internet.

Chao Shen,Yufei Chen,Xiaohong Guan,Roy A. Maxion

DOI: https://doi.org/10.1109/tdsc.2017.2771295

2017-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Analyzing mouse-interaction behaviors for implicitly identifying computer users has received growing interest from security and biometric researchers. This study presents a simple but efficient active user authentication system by modeling mouse-interaction behavior, which is accurate and competent for future deployments. A pattern-growth-based mining method is proposed to extract frequent behavior segments, in obtaining a stable and discriminative representation of mouse-interaction behavior. Then procedural features are extracted to provide an accurate and fine-grained characterization of the behavior segments. A SVM-based decision procedure using one-class learning techniques is applied to the feature space for performing authentication. Analyses are conducted using data from around 1,526,400 mouse operations of 159 participants, and the authentication performance is evaluated across various application scenarios and tasks. Our experimental results show that characteristics from frequent behavior segments are more stable and discriminative than those from holistic behavior, and the system achieves a practically useful level of performance with FAR of 0.09 percent and FRR of 1 percent. Additional experiments on usability to sample length, reliability to application task, scalability to user size, robustness to mimic attack, and response to behavior change are provided to further explore the applicability. We also compare the proposed approach with the state-of-the-art approaches for the collected data.

Chao Shen,Zhongmin Cai,Xiaohong Guan,Jialin Wang

DOI: https://doi.org/10.1109/icb.2012.6199780

2012-01-01

Abstract:Mouse dynamics, the analysis of individuals' distinctive mouse actions, has been proposed as a biometric to discriminate legitimate users from impostors. Some researchers have explored this domain and showed promising results, but few examined the effectiveness and applicability of this technique, particularly regarding the inconsistent evaluation conditions, unacceptably long authentication time, and unshared data set. In this work, we perform a benchmark study of the baseline capabilities of mouse dynamics for static authentication. Using the data collected under a tightly-controlled environment from 26 subjects, we develop a repeatable evaluation procedure to investigate the performance of this technique at a continuum of authentication times and various classifiers. The results show that the longer the authentication time, the better the accuracy. The equal-error rate reduces from 14.26% to 2.64%, as the authentication time increases from 11 seconds to 110 seconds. Further, the technique is able to meet the European standard for commercial biometric technology if a longer authentication time is allowed. We also publish our data set and discuss a number of avenues for future research, which we believe are necessary to advance the state of the art in this area.

Borui Li,Wei Wang,Yang Gao,Vir V. Phoha,Zhanpeng Jin

DOI: https://doi.org/10.1109/btas.2018.8698577

2018-01-01

Abstract:Behavioral biometrics have been long used as a complementary method to the traditional one-time authentication system. Mouse dynamics, representing an individual’s unique patterns of mouse operations, possess a great potential to bridge the security gap between two one-time authentications on the computer. In this paper, we propose a continuous authentication approach by combining the deviceindependent, angle-based mouse movement features and the wrist motion features. Based on a Random Forest Ensemble Classifier (RFEC) and the Sequential Sampling Analysis (SSA), the identity of the user can be continuously verified. Experimental results, based on 26 subjects, show that the proposed approach can reach the False Accept Rate (FAR) of 1.46% and 4.69% for impostors and intruders respectively and a False Reject Rate (FRR) of 0%. Moreover, the proposed approach is proven to be more effective in timely authentication (i.e., making an authentication decision within only 9 to 12 mouse clicks), compared with conventional methods solely based on the mouse geometry and locomotion features.

Jianfeng Guan,Xuetao Li,Ying Zhang

DOI: https://doi.org/10.1155/2021/6669429

IF: 1.968

2021-01-01

Security and Communication Networks

Abstract:Most of the current authentication mechanisms adopt the “one-time authentication,” which authenticate users for initial access. Once users have been authenticated, they can access network services without further verifications. In this case, after an illegal user completes authentication through identity forgery or a malicious user completes authentication by hijacking a legitimate user, his or her behaviour will become uncontrollable and may result in unknown risks to the network. These kinds of insider attacks have been increasingly threatening lots of organizations, and have boosted the emergence of zero trust architecture. In this paper, we propose a Multimodal Fusion-based Continuous Authentication (MFCA) scheme, which collects multidimensional behaviour characteristics during the online process, verifies their identities continuously, and locks out the users once abnormal behaviours are detected to protect data privacy and prevent the risk of potential attack. More specifically, MFCA integrates the behaviours of keystroke, mouse movement, and application usage and presents a multimodal fusion mechanism and trust model to effectively figure out user behaviours. To evaluate the performance of the MFCA, we designed and implemented the MFCA system and the experimental results show that the MFCA can detect illegal users in quick time with high accuracy.

Nan Zheng,Aaron Paloski,Haining Wang

DOI: https://doi.org/10.1145/2893185

2016-04-14

ACM Transactions on Information and System Security

Abstract:Biometric authentication verifies a user based on its inherent, unique characteristics—who you are. In addition to physiological biometrics, behavioral biometrics has proven very useful in authenticating a user. Mouse dynamics, with their unique patterns of mouse movements, is one such behavioral biometric. In this article, we present a user verification system using mouse dynamics, which is transparent to users and can be naturally applied for continuous reauthentication. The key feature of our system lies in using much more fine-grained (point-by-point) angle-based metrics of mouse movements for user verification. These new metrics are relatively unique from person to person and independent of a computing platform. Moreover, we utilize support vector machines (SVMs) for quick and accurate classification. Our technique is robust across different operating platforms, and no specialized hardware is required. The efficacy of our approach is validated through a series of experiments, which are based on three sets of user mouse movement data collected in controllable environments and in the field. Our experimental results show that the proposed system can verify a user in an accurate and timely manner, with minor induced system overhead.

Gao Jian,Yu Huadong,Wang Hongmian,Bai Huifeng,Huo Chao,Zhang Ganghong

DOI: https://doi.org/10.1051/itmconf/20224703015

2022-01-01

ITM Web of Conferences

Abstract:Along with the computer, communication, control, the rapid development of automation technology, based on the analysis of the information security requirements, combined with the trusted computing provide security solution, the communication control information security interaction model and the key technology to realize information security interaction, put forward a real-time evaluation model based on credible global terminal entities. By introducing penalty factor and time factor, the evaluation method is improved from single evaluation to global evaluation. Taking the user information collection system as an example, the information security communication model of behavior trust measurement mechanism is simulated. The simulation results show that this model has the ability of continuous trust measurement in dynamic uncertain network environment, and can accurately determine the trust of terminal entities in real time, and it is more realistic, which lays a good foundation for the research of trust connection, trust management and trust decision based on trust measurement.

Teng Hu,Weina Niu,Xiaosong Zhang,Xiaolei Liu,Jiazhong Lu,Yuan Liu

DOI: https://doi.org/10.1155/2019/3898951

IF: 1.968

2019-02-17

Security and Communication Networks

Abstract:In the current intranet environment, information is becoming more readily accessed and replicated across a wide range of interconnected systems. Anyone using the intranet computer may access content that he does not have permission to access. For an insider attacker, it is relatively easy to steal a colleague’s password or use an unattended computer to launch an attack. A common one-time user authentication method may not work in this situation. In this paper, we propose a user authentication method based on mouse biobehavioral characteristics and deep learning, which can accurately and efficiently perform continuous identity authentication on current computer users, thus to address insider threats. We used an open-source dataset with ten users to carry out experiments, and the experimental results demonstrated the effectiveness of the approach. This approach can complete a user authentication task approximately every 7 seconds, with a false acceptance rate of 2.94% and a false rejection rate of 2.28%.

computer science, information systems,telecommunications

Chen Xiaojun,Wei Zicheng,Pu Yiguo,Shi Jinqiao

DOI: https://doi.org/10.1016/j.procs.2013.05.111

2013-01-01

Procedia Computer Science

Abstract:Insider threat becomes a more and more serious problem to organizations. Identify theft is a common attack method among various attack methods from insider. And it is very hard to detection since the attacker acts as a legal identity. Existing researches focus on Human Computer Interaction (HCI) behavior such as keystroke dynamics or mouse dynamics to detection this kind of attack. Based on an obvious observable that different applications show different HCI behavioral patterns (rich-key-operations or rich-mice-operations), we demonstrate that single authentication method is not efficient always in full time work period. In this paper, we provide an ensemble re-authentication approach to detection identify theft in real time, which combine the classification of keystroke-classifier and mice-classifier to determine whether the current operations is produced by the real legitimate user or not. Our experiment proves this new approach is efficient and can provide consistent detection ability with high accuracy.

Soumik Mondal,Patrick Bours

DOI: https://doi.org/10.1016/j.neucom.2016.11.031

IF: 6

2017-03-01

Neurocomputing

Abstract:In this paper we focus on a context independent continuous authentication system that reacts on every separate action performed by a user. We contribute with a robust dynamic trust model algorithm that can be applied to any continuous authentication system, irrespective of the biometric modality. We also contribute a novel performance reporting technique for continuous authentication. Our proposed approach was validated with extensive experiments with a unique behavioural biometric dataset. This dataset was collected under complete uncontrolled condition from 53 users by using our data collection software. We considered both keystroke and mouse usage behaviour patterns to prevent a situation where an attacker avoids detection by restricting to one input device because the system only checks the other input device. During our research, we developed a feature selection technique that could be applied to other pattern recognition problems.The best result obtained in this research is that 50 out of 53 genuine users are never inadvertently locked out by the system, while the remaining 3 genuine users (i. e. 5.7%) are sometimes locked out, on average after 2265 actions. Furthermore, there are only 3 out of 2756 impostors not been detected, i.e. only 0.1% of the impostors go undetected. Impostors are detected on average after 252 actions.

computer science, artificial intelligence

Chao Shen,Zhongmin Cai,Xiaohong Guan,Huilan Sha,Jingzi Du

DOI: https://doi.org/10.1109/ICC.2009.5199032

2009-01-01

Abstract:Mouse dynamics has recently become an interesting new topic in the area of behavioral biometrics due to its non-intrusiveness and convenience. Some promising results have been shown by previous researches on identity authentication and monitoring using characteristics in users' mouse actions. This paper explores mouse dynamics further by focusing on an important issue not addressed previously: behavioral variability. With an empirical study of long term behaviors of 10 computer users, we show variations are obvious in mouse activities and can have a serious impact if not considered carefully. To tackle the problem of variability, we propose a dimensionality reduction based approach which is demonstrated to be effective in our experiments. More specifically, the classification results after preprocessing by PCA and ISOMAP are shown to be much better than direct classification. Moreover, the results of a false acceptance rate (FAR) 0.55% and false rejection rate (FRR) 3.00% by the nonlinear method ISOMAP are comparable to the best result reported in literature while being subject to more behavioral variability.

Qian Yi,Shiquan Xiong,Biao Wang,Shuping Yi

DOI: https://doi.org/10.1016/j.ergon.2019.102903

IF: 2.884

2020-01-01

International Journal of Industrial Ergonomics

Abstract:Under existing network security technology, it is still possible for hackers to impersonate legitimate users and invade a system for malicious destruction. Therefore, this study constructs a user's unique mouse behavior pattern to identify a trusted interaction behavior in a real environment and quantify the effects of different emotions on mouse behavior and the accuracy of the user's trusted interaction behavior identification. First, mouse data was collected for 8 user's trusted interactions on an academic study website (AML). These data were used to construct the basic trusted interaction model by a big data analysis method called a random forest. Second, in a repeated measurement experiment, 18 participants completed tasks on the AML under different emotions, and the emotions' impact on the mouse behavior and accuracy of the user's trusted interaction identification was analyzed. In the results, the accuracy of the trusted interaction behavior identification based on mouse behavior reached 91.82%, and the error rate was lower than 8.18%. Significant differences were observed in horizontal velocity, velocity, and traveled distance under different emotions. However, there was no significant difference in the accuracy of a user's trusted interaction behavior identification under different emotions. Based on these results, the trusted interaction behavior of web users can be accurately identified based on the user's mouse behavior pattern. The user's mouse behavior differs under different emotions, but there is no significant difference on the identification of the user's trusted interaction behavior. The findings help to provide another protection layer for network information security.