Non-Intrusive Continuous User Behavior Analysis Using Computerized Systems

Abstract

There are different ways to authenticate humans, which is an essential prerequisite for access control. The authentication process can be subdivided into three categories that rely on something someone… i) knows (e.g. password), and/or ii) has (e.g. smart card), and/or iii) is (biometric features). Besides classical attacks on password solutions and the risk that identity-related objects can be stolen, traditional biometric solutions have their own disadvantages such as the requirement of expensive devices, risk of stolen bio-templates etc. Moreover, existing approaches provide the authentication process usually performed only once initially. Non-intrusive and continuous monitoring of user activities emerges as promising solution in hardening authentication process: iii-2) how so. behaves. In recent years various keystroke dynamic behavior-based approaches were published that are able to authenticate humans based on their typing behavior. The majority focuses on so-called static text approaches, where users are requested to type a previously defined text. Relatively few techniques are based on free text approaches that allow a transparent monitoring of user activities and provide continuous verification. Unfortunately only few solutions are deployable in application environments under realistic conditions. Unsolved problems are for instance scalability problems, high response times and error rates. The aim of this work is the development of behavioral-based verification solutions. Our main requirement is to deploy these solutions under realistic conditions within existing environments in order to enable a transparent and free text based continuous verification of active users with low error rates and response times

@INPROCEEDINGS{Messerman2010b,
  author = {Arik Messerman and Tarik Mustafi'{c} and Seyit A. Camtepe and Sahin
	Albayrak},
  title = {Non-Intrusive Continuous User Behavior Analysis Using Computerized
	Systems},
  booktitle = {Inproceedings of the 5th Future Security Research Conference},
  year = {2010},
  address = {Berlin, Germany},
  month = {09},
  note = {ISBN 978-3-8396-0159-4},
  isbn = {978-3-8396-0159-4},
  abstract = {There are different ways to authenticate humans, which is an essential
	prerequisite for access control. The authentication process can be
	subdivided into three categories that rely on something someone...
	
	i)knows (e.g. password), and/or
	
	ii)has (e.g. smart card), and/or
	
	iii)is (biometric features).
	
	Besides classical attacks on password solutions and the risk that
	identity-related objects can be stolen, traditional biometric solutions
	have their own disadvantages such as the requirement of expensive
	devices, risk of stolen bio-templates etc. Moreover, existing approaches
	provide the authentication process usually performed only once initially.
	
	
	Non-intrusive and continuous monitoring of user activities emerges
	as promising solution in hardening authentication process:
	
	iii-2) how so. behaves.
	
	In recent years various keystroke dynamic behavior-based approaches
	were published that are able to authenticate humans based on their
	typing behavior.
	
	The majority focuses on so-called static text approaches, where users
	are requested to type a previously defined text. Relatively few techniques
	are based on free text approaches that allow a transparent monitoring
	of user activities and provide continuous verification.
	
	Unfortunately only few solutions are deployable in application environments
	under realistic conditions. Unsolved problems are for instance scalability
	problems, high response times and error rates.
	
	The aim of this work is the development of behavioral-based verification
	solutions. Our main requirement is to deploy these solutions under
	realistic conditions within existing environments in order to enable
	a transparent and free text based continuous verification of active
	users with low error rates and response times},
  owner = {arik},
  timestamp = {2010.09.16}
}
Autoren:
Arik Messerman, Tarik Mustafic, Seyit Ahmet Camtepe, Sahin Albayrak
Kategorie:
Tagungsbeitrag
Jahr:
2010
Ort:
Future Security, 5th Security Research Conference, Berlin