Skip to main content
SpringerLink
Log in

Active authentication for mobile devices utilising behaviour profiling

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

With nearly 6 billion subscribers around the world, mobile devices have become an indispensable component in modern society. The majority of these devices rely upon passwords and personal identification numbers as a form of user authentication, and the weakness of these point-of-entry techniques is widely documented. Active authentication is designed to overcome this problem by utilising biometric techniques to continuously assess user identity. This paper describes a feasibility study into a behaviour profiling technique that utilises historical application usage to verify mobile users in a continuous manner. By utilising a combination of a rule-based classifier, a dynamic profiling technique and a smoothing function, the best experimental result for a users overall application usage was an equal error rate of 9.8 %. Based upon this result, the paper proceeds to propose a novel behaviour profiling framework that enables a user’s identity to be verified through their application usage in a continuous and transparent manner. In order to balance the trade-off between security and usability, the framework is designed in a modular way that will not reject user access based upon a single application activity but a number of consecutive abnormal application usages. The proposed framework is then evaluated through simulation with results of 11.45 and 4.17 % for the false rejection rate and false acceptance rate, respectively. In comparison with point-of-entry-based approaches, behaviour profiling provides a significant improvement in both the security afforded to the device and user convenience.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

Notes

  1. The boundaries defined on the numerical scale are only provided as a suggestion.

References

  1. Bishop, M.: Neural Networks for Pattern Classification. Oxford University Press, Oxford (1995)

    Google Scholar 

  2. Boukerche, A., Nitare, M.S.M.A.: Behavior-based intrusion detection in mobile phone systems. J. Parallel Distrib. Comput. 62(9), 1476–1490 (2002)

    Article  MATH  Google Scholar 

  3. Buschkes, R., Kesdogan, D., Reichl, P.: How to increase security in mobile networks by anomaly detection. In: Proceedings of the 14th Annual Computer Security Applications Conference, pp. 3–12 (1998)

  4. Clarke, N.: Transparent User Authentication. Springer, Berlin (2011)

    Book  Google Scholar 

  5. Clarke, N.L., Furnell, S.M.: Authenticating mobile phone users using keystroke analysis. Int. J. Inf. Secur. 6(1), 1–14 (2006)

    Article  Google Scholar 

  6. Clarke, N.L., Furnell, S.M.: Authentication of users on mobile telephones—a survey of attitudes and practices. Comput. Secur. 24(7), 519–527 (2005)

    Article  Google Scholar 

  7. Clarke, N.L., Mekala, A.R.: The application of signature recognition to transparent handwriting verification for mobile devices. Inf. Manag. Comput. Secur. 15(3), 214–225 (2007)

    Article  Google Scholar 

  8. Clarke, N.L., Karatzouni, S., Furnell, S.M.: Flexible and transparent user authentication for mobile devices. In: Proceedings of the 24th IFIP TC 11 International Information Security Conference, Pafos, Cyprus, May 18–20, ISBN: 978-3-642-01243-3, pp. 1–12 (2009)

  9. Credant, Phone Data makes 4.2 Million Brits Vulnerable to ID Theft, Credant, http://www.credant.com/news-a-events/press-releases/337-phone-data-makes-42-million-brits-vulnerable-to-id-theft.html (2009), Accessed: 14 June 2012

  10. DARPA, Active Authentication, DARPA, http://www.darpa.mil/OurWork/I2O/Programs/ActiveAuthentication.aspx (2011), Accessed: 17 April 2012

  11. Derawi, M.O., Nickel, C., Bours, P., Busch, C.: Unobtrusive user authentication on mobile phones using biometric gait recognition. In: Proceedings of the 2010 Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing, pp. 306–311 (2010)

  12. Eagle, N., Pentland, A., Lazer, D.: Inferring social network structure using mobile phone data. In: Proceedings of the National Academy of Sciences (PNAS), vol. 106, pp. 15274–15278 (2009)

  13. FBI, Smishing and Vishing, The FBI, http://www.fbi.gov/news/stories/2010/november/cyber112410/cyber112410 (2010), Accessed: 11 April 2012

  14. Flurry, Mobile Apps: Models, Money and Loyalty. Flurry Smartphone Industry Pulse, http://blog.urry.com/bid/26376/Mobile-Apps-Models-Money-and-Loyalty (2009), Accessed: 01 August 2012

  15. Gosset, P.: ASPeCT: Fraud Detection Concepts: Final Report. Doc Ref. AC095/VOD/W22/DS/P/18/1 (1998)

  16. Hall, J., Barbeau, M., Kranakis, E.: Anomaly based intrusion detection using mobility profiles of public transportation users. In: Proceeding of IEEE International Conference on Wireless and Mobile Computing, Networking and Communications, vol. 2, pp. 17–24 (2005)

  17. ITU, Key Global Telecom Indicators for the World Telecommunication Service Sector, International Telecommunication Union, http://www.itu.int/ITUD/ict/statistics/atglance/KeyTelecom.html (2011), Accessed 01 April 2012

  18. Jain, A.K., Duin, R.P.W., Mao, J.: Statistical pattern recognition: a review. Pattern Anal. Mach. Intell. IEEE Trans. 22(1), 4–37 (2000). doi:10.1109/34.824819

    Article  Google Scholar 

  19. Jain, A.K., Mao, J., Mohiuddin, K.M.: Artificial neural networks: a tutorial. Computer 29(3), 31–44 (1996). doi:10.1109/2.485891

    Article  Google Scholar 

  20. Kaspersky Lab, European Users Mobile Behaviour and Awareness of Mobile Threats, Kaspersky Lab ZAO, http://www.kaspersky.com/news?id=207576289 (2011), Accessed: 25 May 2012

  21. Kurkovsky, S., Syta, E.: Digital natives and mobile phones: A survey of practices and attitudes about privacy and security. In: Proceedings of the IEEE International Symposium on Technology and Society (ISTAS), pp. 441–449 (2010)

  22. Ledermuller, T., Clarke, N.L.: Risk assessment for mobile devices. In: Proceedings of Privacy and Security in Digital Business 8th International Conference, TrustBus, pp. 210–221 (2011)

  23. Power, R.: Mobility and Security: Dazzling Opportunities, Profound Challenges, McAfee, http://www.mcafee.com/us/resources/reports/rp-cylab-mobilesecurity.pdf (2011), Accessed: 1 May 2012

  24. Samfat, D., Molva, R.: IDAMN: an intrusion detection architecture for mobile networks. IEEE J. Sel. Areas Commun. 15(7), 1373–1380 (1997)

    Article  Google Scholar 

  25. Samsung., Galaxy Nexus, Samsung, http://www.samsung.com/uk/consumer/mobile-devices/smartphones/android/GT-I9250TSAXEU (2012), Accessed: 04 May 2012

  26. Securelist, Mobile Malware Evolution: An Overview, Part 3, Securelist, http://www.securelist.com/en/analysis?pubid=204792080 (2009), Accessed: 30 March 2012

  27. Shabtai, A., Kanonov, U., Elovici, Y.: Intrusion detection for mobile devices using the knowledge-based, temporal abstraction method. J. Syst. Softw. 83(8), 1524–1537 (2010)

    Article  Google Scholar 

  28. Sun, B., Chen, Z., Wang, R., Yu, F., Leung, V.C.M.: Towards adaptive anomaly detection in cellular mobile networks. In: the IEEE Consumer Communications and Networking Conference, vol. 2, pp. 666–670 (2006)

  29. Sun, B., Yu, F., Wu, K., Leung, V.C.M.: Mobility-based anomaly detection in cellular mobile networks. In: Proceedings of ACM Wireless Security (WiSe 04), pp. 61–69 (2004)

  30. Which?, 13.5 million UK mobile phone users at risk of fraud, Which? Tech Daily, http://blogs.which.co.uk/mobile/mobile-phones/13-5-million-uk-mobile-phone-users-at-risk-of-fraud/ (2011), Accessed: 31 July 2012

  31. Wolpert, D.H., Macready, W.G.: No free lunch theorems for optimization. IEEE Trans. Evolut. Comput. 1, 67–82 (1997)

    Article  Google Scholar 

  32. Woo, R., Park, A., Hazen. T.: The MIT mobile device speaker verification corpus: data collection and preliminary experiments. In: Speaker and Language Recognition Workshop, pp. 1–6 (2006)

Download references

Author information

Authors and Affiliations

  1. Centre for Security, Communications and Network Research (CSCAN), Plymouth University, Plymouth, PL4 8AA, UK

    Fudong Li, Nathan Clarke, Maria Papadaki & Paul Dowland

  2. School of Computer and Information Science, Edith Cowan University, Perth, WA, Australia

    Nathan Clarke

Authors
  1. Fudong Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nathan Clarke
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Maria Papadaki
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Paul Dowland
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Fudong Li.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Li, F., Clarke, N., Papadaki, M. et al. Active authentication for mobile devices utilising behaviour profiling. Int. J. Inf. Secur. 13, 229–244 (2014). https://doi.org/10.1007/s10207-013-0209-6

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-013-0209-6

Keywords

Search

Navigation