Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Emerging Technologies for Authorization and Authentication

ETAA 2020: Emerging Technologies for Authorization and Authentication pp 1–15Cite as

Deep Learning Based Sequential Mining for User Authentication in Web Applications

Part of the Lecture Notes in Computer Science book series (LNSC,volume 12515)

Abstract

Behavioral biometrics is a seamless and transparent way to authenticate or identify users through their interaction with electronic systems. It can serve as an additional security mechanism to existing security methods by continuously authenticating the users, for example when using pointing devices (e.g., mouse, touchscreen). These methods usually aim at extracting meaningful features such as curvature and acceleration using the raw mouse coordinates and ignore the specific elements the user interacts with during the movement. A possible improvement is to combine these methods with approaches that analyze the user path of elements throughout the session. One such previously suggested process proposes using a model-per-user approach, built using the traditional sequence mining algorithm Hidden Markov Model (HMM). In this paper we examine the use of deep learning sequential mining mechanisms for authentication, using mechanisms such as Long Short-Term Memory (LSTM), LSTM with Attention, and a Convolutional Neural Network (CNN). This method has the major advantage of one global model per web application, which drastically reduces the system’s required memory and storage resources. We demonstrate the competitive advantage by encouraging results in low false positive rates (FPR) ranges on an anonymized dataset collected by IBM from accounts of more than 2000 web application users.

Keywords

  • User verification
  • Continuous authentication
  • Behavioral biometrics
  • Deep learning

This is a preview of subscription content, access via your institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Yampolskiy, R.V., Govindaraju, V.: Behavioural biometrics: a survey and classification. Int. J. Biometrics 1(1), 81–113 (2008)

    CrossRef  Google Scholar 

  2. Revett, K., Jahankhani, H., de Magalhães, S.T., Santos, H.M.D.: A survey of user authentication based on mouse dynamics. In: Jahankhani, H., Revett, K., Palmer-Brown, D. (eds.) ICGeS 2008. CCIS, vol. 12, pp. 210–219. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-69403-8_25

    CrossRef  Google Scholar 

  3. Jorgensen, Z., Yu, T.: On mouse dynamics as a behavioral biometric for authentication. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, pp. 476–482, March 2011

    Google Scholar 

  4. Levi, M., Allouche, Y., Kontorovich, A.: Advanced analytics for connected car cybersecurity. In: 2018 IEEE 87th Vehicular Technology Conference (VTC Spring), pp. 1–7. IEEE, June 2018

    Google Scholar 

  5. Bergadano, F., Gunetti, D., Picardi, C.: User authentication through keystroke dynamics. ACM Trans. Inf. Syst. Security (TISSEC) 5(4), 367–397 (2002)

    CrossRef  Google Scholar 

  6. Lau, E., Liu, X., Xiao, C., Yu, X.: Enhanced user authentication through keystroke biometrics. Comput. Network Secur. 6 (2004)

    Google Scholar 

  7. Gunetti, D., Picardi, Claudia: Keystroke analysis of free text. ACM Trans. Inf. Syst. Secur. (TISSEC) 8(3), 312–347 (2005)

    CrossRef  Google Scholar 

  8. Ahmed, A.A., Traore, I.: Biometric recognition based on free-text keystroke dynamics. IEEE Trans. Cybernetics 44(4), 458–472 (2013)

    CrossRef  Google Scholar 

  9. Monaco, J.V., Bakelman, N., Cha, S. H., Tappert, C.C.: Recent advances in the development of a long-text-input keystroke biometric authentication system for arbitrary text input. In: 2013 European Intelligence and Security Informatics Conference, pp. 60–66. IEEE, August 2013

    Google Scholar 

  10. Ahmed, A.A.E., Traore, I.: A new biometric technology based on mouse dynamics. IEEE Trans. Depend. Secure Comput. 4(3), 165–179 (2007)

    CrossRef  Google Scholar 

  11. Awad, A., Ahmed, E., Traore, I.: Anomaly intrusion detection based on biometrics. In: Proceedings of the IEEE (2005)

    Google Scholar 

  12. Feher, C., Elovici, Y., Moskovitch, R., Rokach, L., Schclar, A.: User identity verification via mouse dynamics. Inf. Sci. 201, 19–36 (2012)

    CrossRef  Google Scholar 

  13. Pusara, M., Brodley, C.E.: User re-authentication via mouse movements. In: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, pp. 1–8, October 2004

    Google Scholar 

  14. Shen, C., Cai, Z., Guan, X., Du, Y., Maxion, R.A.: User authentication through mouse dynamics. IEEE Trans. Inf. Foren. Secur. 8(1), 16–30 (2012)

    CrossRef  Google Scholar 

  15. Zheng, N., Paloski, A., Wang, H.: An efficient user verification system via mouse movements. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 139–150, October 2011

    Google Scholar 

  16. Shen, C., Cai, Z., Guan, X.: Continuous authentication for mouse dynamics: a pattern-growth approach. In: IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012), pp. 1–12. IEEE (2012)

    Google Scholar 

  17. Kimon, L.B., Mirsky, Y., Rokach, L., Shapira, B.: Utilizing sequences of touch gestures for user verification on mobile devices. In: Phung, D., Tseng, V.S., Webb, G.I., Ho, B., Ganji, M., Rashidi, L. (eds.) PAKDD 2018. LNCS (LNAI), vol. 10939, pp. 816–828. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93040-4_64

    CrossRef  Google Scholar 

  18. Frank, M., Biedert, R., Ma, E., Martinovic, I., Song, D.: Touchalytics: On the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE Trans. Inf. Foren. Secur. 8(1), 136–148 (2012)

    CrossRef  Google Scholar 

  19. Feng, T., Liu, Z., Kwon, K.A., Shi, W., Carbunar, B., Jiang, Y., Nguyen, N.: Continuous mobile authentication using touchscreen gestures. In: 2012 IEEE Conference on Technologies for Homeland Security (HST), pp. 451–456. IEEE, November 2012

    Google Scholar 

  20. Zhang, H., Patel, V.M., Fathy, M., Chellappa, R.: Touch gesture-based active user authentication using dictionaries. In: 2015 IEEE Winter Conference on Applications of Computer Vision, pp. 207–214. IEEE, January 2015

    Google Scholar 

  21. Patel, V.M., Chellappa, R., Chandra, D., Barbello, B.: Continuous user authentication on mobile devices: recent progress and remaining challenges. IEEE Signal Process. Mag. 33(4), 49–61 (2016)

    CrossRef  Google Scholar 

  22. Feng, T., Yang, J., Yan, Z., Tapia, E.M., Shi, W.: Tips: context-aware implicit user identification using touch screen in uncontrolled environments. In: Proceedings of the 15th Workshop on Mobile Computing Systems and Applications, pp. 1–6, February 2014

    Google Scholar 

  23. Levi, M., Hazan, I.: User profiling using sequential mining over web elements. In: 2019 IEEE 10th International Conference on Biometrics Theory, Applications and Systems (BTAS), Tampa, FL, USA, pp. 1–6 (2019). https://doi.org/10.1109/btas46853.2019.9186005

  24. Graves, A., Mohamed, A.R., Hinton, G.: Speech recognition with deep recurrent neural networks. In: 2013 IEEE International Conference on Acoustics, Speech and Signal Processing, pp. 6645–6649. IEEE, May 2013

    Google Scholar 

  25. Sak, H., Senior, A.W., Beaufays, F.: Long short-term memory recurrent neural network architectures for large scale acoustic modeling (2014)

    Google Scholar 

  26. Chen, T., Xu, R., He, Y., Wang, X.: Improving sentiment analysis via sentence type classification using BiLSTM-CRF and CNN. Expert Syst. Appl. 72, 221–230 (2017)

    CrossRef  Google Scholar 

  27. Antal, M., Egyed-Zsigmond, E.: Intrusion detection using mouse dynamics. IET Biometrics 8(5), 285–294 (2019)

    CrossRef  Google Scholar 

  28. Hinbarji, Z., Albatal, R., Gurrin, C.: Dynamic user authentication based on mouse movements curves. In: He, X., Luo, S., Tao, D., Xu, C., Yang, J., Hasan, M.A. (eds.) MMM 2015. LNCS, vol. 8936, pp. 111–122. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-14442-9_10

    CrossRef  Google Scholar 

  29. Tan, Y.X.M., Binder, A., Roy, A.: Insights from curve fitting models in mouse dynamics authentication systems. In: 2017 IEEE Conference on Application, Information and Network Security (AINS), pp. 42–47. IEEE, November 2017

    Google Scholar 

  30. Yang, Y., Guo, B., Wang, Z., Li, M., Yu, Z., Zhou, X.: BehaveSense: Continuous authentication for security-sensitive mobile apps using behavioral biometrics. Ad Hoc Netw. 84, 9–18 (2019)

    CrossRef  Google Scholar 

  31. Jain, A., Kanhangad, V.: Exploring orientation and accelerometer sensor data for personal authentication in smartphones using touchscreen gestures. Pattern Recogn. Lett. 68, 351–360 (2015)

    CrossRef  Google Scholar 

  32. Ngyuen, T., Voris, J.: Touchscreen biometrics across multiple devices. In: SOUPS (2017)

    Google Scholar 

  33. Paszke, A., et al.: Automatic differentiation in pytorch (2017)

    Google Scholar 

  34. Kingma, D.P., Ba, J.: Adam: a method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014)

Download references

Author information

Authors and Affiliations

  1. IBM Cybersecurity Center of Excellence, Beer Sheva, Israel

    Matan Levi & Itay Hazan

Authors
  1. Matan Levi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Itay Hazan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Matan Levi .

Editor information

Editors and Affiliations

  1. Istituto di Informatica e Telematica, Consiglio Nazionale delle Ricerche, Pisa, Pisa, Italy

    Dr. Andrea Saracino

  2. Institute of Informatics and Telematics, Pisa, Italy

    Paolo Mori

Rights and permissions

Reprints and Permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Levi, M., Hazan, I. (2020). Deep Learning Based Sequential Mining for User Authentication in Web Applications. In: Saracino, A., Mori, P. (eds) Emerging Technologies for Authorization and Authentication. ETAA 2020. Lecture Notes in Computer Science(), vol 12515. Springer, Cham. https://doi.org/10.1007/978-3-030-64455-0_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-64455-0_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-64454-3

  • Online ISBN: 978-3-030-64455-0

  • eBook Packages: Computer ScienceComputer Science (R0)

search

Navigation