Visible to the public Identifying users with application-specific command streams

TitleIdentifying users with application-specific command streams
Publication TypeConference Paper
Year of Publication2014
AuthorsEl Masri, A., Wechsler, H., Likarish, P., Kang, B.B.
Conference NamePrivacy, Security and Trust (PST), 2014 Twelfth Annual International Conference on
Date PublishedJuly
KeywordsActive Authentication, active authentication model, AdaBoost, application-specific command streams, area under the curve, AUC, authentication, Behavioral biometrics, biometrics (access control), Classification algorithms, GUI-based application, Hidden Markov models, human computer interaction, human-computer interaction, Intrusion detection, Keyboards, learning (artificial intelligence), machine learning, machine learning algorithms, message authentication, Mice, Microsoft, MS Word commands, Radio frequency, random forests, receiver operating characteristic, RF, ROC curve, sensitivity analysis, user command streams, user identification, user profiles, user-issued commands
Abstract

This paper proposes and describes an active authentication model based on user profiles built from user-issued commands when interacting with GUI-based application. Previous behavioral models derived from user issued commands were limited to analyzing the user's interaction with the *Nix (Linux or Unix) command shell program. Human-computer interaction (HCI) research has explored the idea of building users profiles based on their behavioral patterns when interacting with such graphical interfaces. It did so by analyzing the user's keystroke and/or mouse dynamics. However, none had explored the idea of creating profiles by capturing users' usage characteristics when interacting with a specific application beyond how a user strikes the keyboard or moves the mouse across the screen. We obtain and utilize a dataset of user command streams collected from working with Microsoft (MS) Word to serve as a test bed. User profiles are first built using MS Word commands and identification takes place using machine learning algorithms. Best performance in terms of both accuracy and Area under the Curve (AUC) for Receiver Operating Characteristic (ROC) curve is reported using Random Forests (RF) and AdaBoost with random forests.

DOI10.1109/PST.2014.6890944
Citation Key6890944