Active authentication for mobile devices utilising behaviour profiling

  • Fudong Li
  • Nathan Clarke
  • Maria Papadaki
  • Paul Dowland
Regular Contribution


With nearly 6 billion subscribers around the world, mobile devices have become an indispensable component in modern society. The majority of these devices rely upon passwords and personal identification numbers as a form of user authentication, and the weakness of these point-of-entry techniques is widely documented. Active authentication is designed to overcome this problem by utilising biometric techniques to continuously assess user identity. This paper describes a feasibility study into a behaviour profiling technique that utilises historical application usage to verify mobile users in a continuous manner. By utilising a combination of a rule-based classifier, a dynamic profiling technique and a smoothing function, the best experimental result for a users overall application usage was an equal error rate of 9.8 %. Based upon this result, the paper proceeds to propose a novel behaviour profiling framework that enables a user’s identity to be verified through their application usage in a continuous and transparent manner. In order to balance the trade-off between security and usability, the framework is designed in a modular way that will not reject user access based upon a single application activity but a number of consecutive abnormal application usages. The proposed framework is then evaluated through simulation with results of 11.45 and 4.17 % for the false rejection rate and false acceptance rate, respectively. In comparison with point-of-entry-based approaches, behaviour profiling provides a significant improvement in both the security afforded to the device and user convenience.


Active authentication Behaviour profiling Biometrics 


  1. 1.
    Bishop, M.: Neural Networks for Pattern Classification. Oxford University Press, Oxford (1995)Google Scholar
  2. 2.
    Boukerche, A., Nitare, M.S.M.A.: Behavior-based intrusion detection in mobile phone systems. J. Parallel Distrib. Comput. 62(9), 1476–1490 (2002)CrossRefzbMATHGoogle Scholar
  3. 3.
    Buschkes, R., Kesdogan, D., Reichl, P.: How to increase security in mobile networks by anomaly detection. In: Proceedings of the 14th Annual Computer Security Applications Conference, pp. 3–12 (1998)Google Scholar
  4. 4.
    Clarke, N.: Transparent User Authentication. Springer, Berlin (2011)CrossRefGoogle Scholar
  5. 5.
    Clarke, N.L., Furnell, S.M.: Authenticating mobile phone users using keystroke analysis. Int. J. Inf. Secur. 6(1), 1–14 (2006)CrossRefGoogle Scholar
  6. 6.
    Clarke, N.L., Furnell, S.M.: Authentication of users on mobile telephones—a survey of attitudes and practices. Comput. Secur. 24(7), 519–527 (2005)CrossRefGoogle Scholar
  7. 7.
    Clarke, N.L., Mekala, A.R.: The application of signature recognition to transparent handwriting verification for mobile devices. Inf. Manag. Comput. Secur. 15(3), 214–225 (2007)CrossRefGoogle Scholar
  8. 8.
    Clarke, N.L., Karatzouni, S., Furnell, S.M.: Flexible and transparent user authentication for mobile devices. In: Proceedings of the 24th IFIP TC 11 International Information Security Conference, Pafos, Cyprus, May 18–20, ISBN: 978-3-642-01243-3, pp. 1–12 (2009)Google Scholar
  9. 9.
    Credant, Phone Data makes 4.2 Million Brits Vulnerable to ID Theft, Credant, (2009), Accessed: 14 June 2012
  10. 10.
    DARPA, Active Authentication, DARPA, (2011), Accessed: 17 April 2012
  11. 11.
    Derawi, M.O., Nickel, C., Bours, P., Busch, C.: Unobtrusive user authentication on mobile phones using biometric gait recognition. In: Proceedings of the 2010 Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing, pp. 306–311 (2010)Google Scholar
  12. 12.
    Eagle, N., Pentland, A., Lazer, D.: Inferring social network structure using mobile phone data. In: Proceedings of the National Academy of Sciences (PNAS), vol. 106, pp. 15274–15278 (2009)Google Scholar
  13. 13.
    FBI, Smishing and Vishing, The FBI, (2010), Accessed: 11 April 2012
  14. 14.
    Flurry, Mobile Apps: Models, Money and Loyalty. Flurry Smartphone Industry Pulse, (2009), Accessed: 01 August 2012
  15. 15.
    Gosset, P.: ASPeCT: Fraud Detection Concepts: Final Report. Doc Ref. AC095/VOD/W22/DS/P/18/1 (1998)Google Scholar
  16. 16.
    Hall, J., Barbeau, M., Kranakis, E.: Anomaly based intrusion detection using mobility profiles of public transportation users. In: Proceeding of IEEE International Conference on Wireless and Mobile Computing, Networking and Communications, vol. 2, pp. 17–24 (2005)Google Scholar
  17. 17.
    ITU, Key Global Telecom Indicators for the World Telecommunication Service Sector, International Telecommunication Union, (2011), Accessed 01 April 2012
  18. 18.
    Jain, A.K., Duin, R.P.W., Mao, J.: Statistical pattern recognition: a review. Pattern Anal. Mach. Intell. IEEE Trans. 22(1), 4–37 (2000). doi: 10.1109/34.824819 CrossRefGoogle Scholar
  19. 19.
    Jain, A.K., Mao, J., Mohiuddin, K.M.: Artificial neural networks: a tutorial. Computer 29(3), 31–44 (1996). doi: 10.1109/2.485891 CrossRefGoogle Scholar
  20. 20.
    Kaspersky Lab, European Users Mobile Behaviour and Awareness of Mobile Threats, Kaspersky Lab ZAO, (2011), Accessed: 25 May 2012
  21. 21.
    Kurkovsky, S., Syta, E.: Digital natives and mobile phones: A survey of practices and attitudes about privacy and security. In: Proceedings of the IEEE International Symposium on Technology and Society (ISTAS), pp. 441–449 (2010)Google Scholar
  22. 22.
    Ledermuller, T., Clarke, N.L.: Risk assessment for mobile devices. In: Proceedings of Privacy and Security in Digital Business 8th International Conference, TrustBus, pp. 210–221 (2011)Google Scholar
  23. 23.
    Power, R.: Mobility and Security: Dazzling Opportunities, Profound Challenges, McAfee, (2011), Accessed: 1 May 2012
  24. 24.
    Samfat, D., Molva, R.: IDAMN: an intrusion detection architecture for mobile networks. IEEE J. Sel. Areas Commun. 15(7), 1373–1380 (1997)CrossRefGoogle Scholar
  25. 25.
    Samsung., Galaxy Nexus, Samsung, (2012), Accessed: 04 May 2012
  26. 26.
    Securelist, Mobile Malware Evolution: An Overview, Part 3, Securelist, (2009), Accessed: 30 March 2012
  27. 27.
    Shabtai, A., Kanonov, U., Elovici, Y.: Intrusion detection for mobile devices using the knowledge-based, temporal abstraction method. J. Syst. Softw. 83(8), 1524–1537 (2010)CrossRefGoogle Scholar
  28. 28.
    Sun, B., Chen, Z., Wang, R., Yu, F., Leung, V.C.M.: Towards adaptive anomaly detection in cellular mobile networks. In: the IEEE Consumer Communications and Networking Conference, vol. 2, pp. 666–670 (2006)Google Scholar
  29. 29.
    Sun, B., Yu, F., Wu, K., Leung, V.C.M.: Mobility-based anomaly detection in cellular mobile networks. In: Proceedings of ACM Wireless Security (WiSe 04), pp. 61–69 (2004)Google Scholar
  30. 30.
    Which?, 13.5 million UK mobile phone users at risk of fraud, Which? Tech Daily, (2011), Accessed: 31 July 2012
  31. 31.
    Wolpert, D.H., Macready, W.G.: No free lunch theorems for optimization. IEEE Trans. Evolut. Comput. 1, 67–82 (1997)CrossRefGoogle Scholar
  32. 32.
    Woo, R., Park, A., Hazen. T.: The MIT mobile device speaker verification corpus: data collection and preliminary experiments. In: Speaker and Language Recognition Workshop, pp. 1–6 (2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Fudong Li
    • 1
  • Nathan Clarke
    • 1
    • 2
  • Maria Papadaki
    • 1
  • Paul Dowland
    • 1
  1. 1.Centre for Security, Communications and Network Research (CSCAN)Plymouth UniversityPlymouthUK
  2. 2.School of Computer and Information ScienceEdith Cowan UniversityPerthAustralia

Personalised recommendations