ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
User re-authentication via mouse movements
Full text PdfPdf (179 KB)
Source Conference on Computer and Communications Security archive
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security table of contents
Washington DC, USA
SESSION: DMSEC session table of contents
Pages: 1 - 8  
Year of Publication: 2004
ISBN:1-58113-974-8
Authors
Maja Pusara  Purdue University
Carla E. Brodley  Tufts University
Sponsors
ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 16,   Downloads (12 Months): 153,   Citation Count: 4
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1029208.1029210
What is a DOI?

ABSTRACT

We present an approach to user re-authentication based on the data collected from the computer's mouse device. Our underlying hypothesis is that one can successfully model user behavior on the basis of user-invoked mouse movements. Our implemented system raises an alarm when the current behavior of user X, deviates sufficiently from learned "normal" behavior of user X. We apply a supervised learning method to discriminate among k users. Our empirical results for eleven users show that we can differentiate these individuals based on their mouse movement behavior with a false positive rate of 0.43% and a false negative rate of 1.75%. Nevertheless, we point out that analyzing mouse movements alone is not sufficient for a stand-alone user re-authentication system.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
S. Axelsson. On a difficulty of intrusion detection. In Proceedings of the Recent Advances in Intrusion Detection Conference, 1999.
2
Kristin P. Bennett , Colin Campbell, Support vector machines: hype or hallelujah?, ACM SIGKDD Explorations Newsletter, v.2 n.2, p.1-13, Dec. 2000  [doi>10.1145/380995.380999]
 
3
U. B. Consortium. "Face recognition". www.vitro.bloomington.in.us: 8080/ BC, 2004.
 
4
Scott Coull , Joel Branch , Boleslaw Szymanski , Eric Breimer, Intrusion Detection: A Bioinformatics Approach, Proceedings of the 19th Annual Computer Security Applications Conference, p.24, December 08-12, 2003
 
5
J. G. Daugman, High Confidence Visual Recognition of Persons by a Test of Statistical Independence, IEEE Transactions on Pattern Analysis and Machine Intelligence, v.15 n.11, p.1148-1161, November 1993  [doi>10.1109/34.244676]
 
6
Dorothy E. Denning, An intrusion-detection model, IEEE Transactions on Software Engineering, v.13 n.2, p.222-232, Feb. 1987  [doi>10.1109/TSE.1987.232894]
 
7
D. E. Denning and P. G. Neumann. "Requirements and model for IDES - A real-time intrusion detection system". Technical report, Computer Science Laboratory, SRI International, Menlo Park, CA, 1985.
 
8
D. Endler, Intrusion Detection Applying Machine Learning to Solaris Audit Data, Proceedings of the 14th Annual Computer Security Applications Conference, p.268, December 07-11, 1998
 
9
Henry Hanping Feng , Oleg M. Kolesnikov , Prahlad Fogla , Wenke Lee , Weibo Gong, Anomaly Detection Using Call Stack Information, Proceedings of the 2003 IEEE Symposium on Security and Privacy, p.62, May 11-14, 2003
10
Stephanie Forrest , Steven A. Hofmeyr , Anil Somayaji, Computer immunology, Communications of the ACM, v.40 n.10, p.88-96, Oct. 1997  [doi>10.1145/262793.262811]
 
11
Yoav Freund, Boosting a weak learning algorithm by majority, Information and Computation, v.121 n.2, p.256-285, Sept. 1995  [doi>10.1006/inco.1995.1136]
 
12
T. Gear. "Voice recognition solutions". www.transcriptiongear.com, 2004.
 
13
Anup K. Ghosh , Aaron Schwartzbard , Michael Schatz, Learning Program Behavior Profiles for Intrusion Detection, Proceedings of the Workshop on Intrusion Detection and Network Monitoring, p.51-62, April 09-12, 1999
 
14
J. Goecks and J. Shavlik. "Automatically labeling web pages based on normal user actions". In Procedings of the IJCAI Workshop on Machine Learning for Information Filtering, July 1999.
 
15
S. A. Hofmeyr, S. Forrest, and A. Somayaji. "Intrusion detection using sequences of system calls". Journal of Computer Security, 6(3):151--180, 1998.
 
16
C. Hsu and C. Lin. "A comparison of methods for multi-class support vector machines". IEEE Transactions on Neural Networks, 13:415--425, 2002.
 
17
S. HTT. "Access control". www.htt.com, 2004.
 
18
Koral Ilgun , R. A. Kemmerer , Phillip A. Porras, State Transition Analysis: A Rule-Based Intrusion Detection Approach, IEEE Transactions on Software Engineering, v.21 n.3, p.181-199, March 1995  [doi>10.1109/32.372146]
 
19
C. Ko, G. Fink, and K. Levitt. "Automated detection of vulnerabilities in priviledged programs by execution monitoring". In Proceedings of the Tenth Annual Computer Security Applications Conference, pages 134--144, December 1994.
 
20
C. E. Landwehr, Protecting unattended computers without software, Proceedings of the 13th Annual Computer Security Applications Conference, p.274, December 08-12, 1997
21
Terran Lane , Carla E. Brodley, Temporal sequence learning and data reduction for anomaly detection, ACM Transactions on Information and System Security (TISSEC), v.2 n.3, p.295-331, Aug. 1999  [doi>10.1145/322510.322526]
 
22
W. Lee, S. J. Stolfo, and K. W. Mok. "A data mining framework for building intrusion detection models". In Proceedings of the IEEE Symposium on Security and Privacy, pages 120--132, 1999.
 
23
Yingjiu Li , Ningning Wu , Sean Wang , Sushil Jajodia, Enhancing profiles for anomaly detection using time granularities, Journal of Computer Security, v.10 n.1-2, p.137-157, 2002
 
24
T. F. Lunt, A. Tamaru, F. Gilham, R. Jagannathan, P. G. Neumann, H. S. Javitz, A. Valdes, and T. D. Garvey. "A real-time intrusion detection expert system IDES - Final report". Technical Report SRI-CSL-92-05, SRI Computer Science Laboratory, SRI International, February 1992.
25
Carla Marceau, Characterizing the behavior of a program using multiple-length N-grams, Proceedings of the 2000 workshop on New security paradigms, p.101-110, September 18-21, 2000, Ballycotton, County Cork, Ireland  [doi>10.1145/366173.366197]
 
26
J. A. Marin, D. Ragsdale, and J. Surdu. "A hybrid approach to profile creation and intrusion detection". In Proceedings of DARPA Information Survivability Conference and Exposition, pages 12--14, June 2001.
 
27
Christoph Michael , Anup K. Ghosh, Using Finite Automata to Mine Execution Data for Intrusion Detection: A Preliminary Report, Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection, p.66-79, October 02-04, 2000
28
Fabian Monrose , Aviel Rubin, Authentication via keystroke dynamics, Proceedings of the 4th ACM conference on Computer and communications security, p.48-56, April 01-04, 1997, Zurich, Switzerland  [doi>10.1145/266420.266434]
 
29
J. Ross Quinlan, C4.5: programs for machine learning, Morgan Kaufmann Publishers Inc., San Francisco, CA, 1993
 
30
R. Quinlan. Data mining tools See5 and C5.0. www.rulequest.com/see5-info.html, 2003.
31
Mohan Rajagopalan , Saumya K. Debray , Matti A. Hiltunen , Richard D. Schlichting, Profile-directed optimization of event-based programs, Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation, June 17-19, 2002, Berlin, Germany
 
32
I. Recognition. "Hand geometry technology". www.recogsys.com, 2004.
 
33
Robert E. Schapire, A Brief Introduction to Boosting, Proceedings of the Sixteenth International Joint Conference on Artificial Intelligence, p.1401-1406, July 31-August 06, 1999
 
34
M. Schonlau, W. DuMouchel, W. Ju, A. F. Karr, M. Theus, and Y. Vardi. "Computer intrusion: Detecting masquerades". 16(1):58-74. February 2001.
 
35
I. Security. "Index security: Biometric fingerprint ID". www.index-security.com, 2004.
36
Karlton Sequeira , Mohammed Zaki, ADMIT: anomaly-based data mining for intrusions, Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining, July 23-26, 2002, Edmonton, Alberta, Canada  [doi>10.1145/775047.775103]
 
37
J. Shavlik, M. Shavlik, and M. Fahland. "Evaluating software sensors for actively profiling Windows 2000 users". In Proceedings of the Fourth International Symposium on Recent Advances in Intrusion Detection, October 2001.
 
38
L. Thalheim, J. Krissler, and P. M. Ziegler. "Body check: Biometrics defeated". www.heise.de/ct/english/02/11/114/, June 2002.
 
39
David Wagner , Drew Dean, Intrusion Detection via Static Analysis, Proceedings of the 2001 IEEE Symposium on Security and Privacy, p.156, May 14-16, 2001
40
David Wagner , Paolo Soto, Mimicry attacks on host-based intrusion detection systems, Proceedings of the 9th ACM conference on Computer and communications security, November 18-22, 2002, Washington, DC, USA  [doi>10.1145/586110.586145]
 
41
C. Warrender, S. Forrest, and B. A. Pearlmutter. "Detecting intrusions using system calls: Alternative data models". In Proceedings of the IEEE Symposium on Security and Privacy, pages 133--145, 1999.
 
42
Andreas Wespi , Marc Dacier , Hervé Debar, Intrusion Detection Using Variable-Length Audit Trail Patterns, Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection, p.110-129, October 02-04, 2000
 
43
R. Wright. "2003 CSI/FBI computer security survey". http://www.security.fsu.edu/docs/FBI2003.pdf, 2003.
 
44
N. Ye. "A Markov chain model of temporal behavior for anomaly detection". In Proceedings of the 2000 IEEE Systems, Man, and Cybernetics Information Assurance and Security Workshop, 2000, pages 171--174, 2000.

CITED BY  4
Kuan-Ta Chen , Li-Wen Hong, User identification based on game-play activity patterns, Proceedings of the 6th ACM SIGCOMM workshop on Network and system support for games, p.7-12, September 19-20, 2007, Melbourne, Australia
Eric S Imsand , John A Hamilton, Jr., Impact of daily computer usage on GUI usage analysis, Proceedings of the 4th annual conference on Information security curriculum development, September 28-28, 2007, Kennesaw, Georgia
Ahmed Awad E. Ahmed , Issa Traore, A New Biometric Technology Based on Mouse Dynamics, IEEE Transactions on Dependable and Secure Computing, v.4 n.3, p.165-179, July 2007
Benjamin Liebald , Dan Roth , Neelay Shah , Vivek Srikumar, Proactive intrusion detection, Proceedings of the 23rd national conference on Artificial intelligence, p.772-777, July 13-17, 2008, Chicago, Illinois

INDEX TERMS

Primary Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)


General Terms:
Human Factors, Performance, Security


Keywords:
anomaly detection, mouse dynamics, user re-authentication

Collaborative Colleagues:
Maja Pusara: colleagues
Carla E. Brodley: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player