1,720,969 research outputs found
Demo: A Multimodal Behavioral Biometric Scheme for Smartphone User Authentication (MBBS)
No full textIn this demo paper, we introduce MBBS - a tetra-model behavioral biometric authentication scheme for smartphones. MBBS leverages four modalities: the way a smartphone user (i) swipes on the touchscreen, (ii) taps any combination of "text-independent" 8-digit numbers, (iii) writes his name on the touchscreen, and (iv) the hand's micro-movements he makes during this entry process, to authenticate users. Additionally, MBBS includes a Generative Adversarial Network (GAN-powered) data augmentation architecture to enhance the overall accuracy and security. To this end, we aim to demonstrate the effectiveness of MBBS firstly on "real" users' samples and later on the augmented samples comprising of "real" and "GAN-generated" samples, on a real Android device. MBBS is likely to enjoy maximum usability since it does not require users to remember any secret. Further, it exploits the users' familiarity with the processes and it increases the accuracy (by employing GAN in real time) without requiring a large sample size from users. Preliminary results in terms of performance, security, and usability analysis also show a positive opinion about our developed mechanism
ClapAuth: A Gesture-Based User-Friendly Authentication Scheme to Access a Secure Infrastructure
No full textIn this paper we propose a gesture-based user-friendly smartwatch-based user authentication scheme called CLAPAUTH to authenticate the users to gain physical access to a secure infrastructure. In CLAPAUTH users are authenticated by performing clapping actions, while wearing their smartwatch in one hand. CLAPAUTH, while users perform clapping gestures, profiles them by collecting data from their smartwatches' built-in accelerometer and gyroscope sensors. We have evaluated the proposed scheme on a publicly available dataset by using state-of-the-art n-class machine learning classifiers, namely Random Forest (RF), Artificial Neural Network (ANN), and K-Nearest Neighbors (KNN). KNN outperformed other two classifiers and attained 93.3% TAR at the cost of 0.22% FAR. CLAPAUTH could be widely accepted as it utilizes users' familiarity with a common action, such as clapping, and users are not required to remember any secret code or gesture
MalwD&C: A Quick and Accurate Machine Learning-Based Approach for Malware Detection and Categorization
Full text linkMalware, short for malicious software, is any software program designed to cause harm to a computer or computer network. Malware can take many forms, such as viruses, worms, Trojan horses, and ransomware. Because malware can cause significant damage to a computer or network, it is important to avoid its installation to prevent any potential harm. This paper proposes a machine learning-based malware detection method called MalwD&C to allow the secure installation of Programmable Executable (PE) files. The proposed method uses machine learning classifiers to analyze the PE files and classify them as benign or malware. The proposed MalwD&C scheme was evaluated on a publicly available dataset by applying several machine learning classifiers in two settings: two-class classification (malware detection) and multi-class classification (malware categorization). The results showed that the Random Forest (RF) classifier outperformed all other chosen classifiers, achieving as high as 99.56% and 97.69% accuracies in the two-class and multi-class settings, respectively. We believe that MalwD&C will be widely accepted in academia and industry due to its speed in decision making and higher accuracy
Multitrait Selfie: Low-Cost Multimodal Smartphone User Authentication
No full textBiometric identification is biometric-based authentication on mobile devices that nowadays has become ubiquitous, especially in unattended (e.g., access control for banks) and consumer (e.g., mobile phone unlocking) applications. While, face, fingerprint and inherent behavioral biometrics using inbuilt sensors such as accelerometer for smartphones person authentication, they have yet not achieved the desired or required level of efficiency, security and usability. This chapter presents an uncontrolled multibiometric smartphone framework utilizing multitrait selfie and behavioral biometrics. In particular, the presented system authenticates subject by ocular and face selfie features. This new multimodal biometric system also takes silently into account micro-movements of the phone, movements of the user’s finger on the touchscreen while user is capturing the multitrait selfie and entering passcode simultaneously in a split-screen mode of the smartphone. Addition of micro-movements behaviors enhances not only the performance but also robustness against noise and spoofing attacks. For this study, we collected a mobile multimodal dataset (MultiTouchMove) of touchstroke and phone-movement patterns in the wild from 95 subjects, which is made publicly available by the authors. Preliminary experimental analysis, using public MOBIO Face, VISOB ocular, and MultiTouchMove mobile datasets, on accuracy and usability shows promising results
Machine Learning-Based Dynamic Attribute Selection Technique for DDoS Attack Classification in IoT Networks
Full text linkThe exponential growth of the Internet of Things (IoT) has led to the rapid expansion of interconnected systems, which has also increased the vulnerability of IoT devices to security threats such as distributed denial-of-service (DDoS) attacks. In this paper, we propose a machine learning pipeline that specifically addresses the issue of DDoS attack detection in IoT networks. Our approach comprises of (i) a processing module to prepare the data for further analysis, (ii) a dynamic attribute selection module that selects the most adaptive and productive features and reduces the training time, and (iii) a classification module to detect DDoS attacks. We evaluate the effectiveness of our approach using the CICI-IDS-2018 dataset and five powerful yet simple machine learning classifiers-Decision Tree (DT), Gaussian Naive Bayes, Logistic Regression (LR), K-Nearest Neighbor (KNN), and Random Forest (RF). Our results demonstrate that DT outperforms its counterparts and achieves up to 99.98% accuracy in just 0.18 s of CPU time. Our approach is simple, lightweight, and accurate for detecting DDoS attacks in IoT networks
Risk-Driven Behavioral Biometric-based One-Shot-cum-Continuous User Authentication Scheme
Full text linkThe paper presents a risk-driven behavioral biometric-based user authentication scheme for smartphones. Our scheme delivers one-shot-cum-continuous authentication, thus not only authenticates users at the start of the application sign-in process but also, throughout the active user session. The scheme leverages the widely used PIN/password-based authentication technology by giving flexibility to users to enter any random 8-digit alphanumeric text, instead of pre-configured PIN/Passwords. Internally, the scheme exploits two behavioral biometric traits, i.e., touch-timing-differences of the entered strokes and the hand-movement gesture recorded during the random text entry, to authenticate users. And, for the entire user session, the scheme continuously authenticates the user by computing the risk-score every time the user initiates a sensitive activity. If the risk-score is higher than the predefined threshold, the current user session terminates. Afterward, the scheme requests the user to re-authenticate. Thus, our scheme serves three main objectives: Firstly, it offers users the flexibility to enter an 8 - digit random alphanumeric text as their secret enhancing the usability of PIN/password-based schemes. Secondly, it strengthens the security of PIN/password-based schemes as verification decision is not binary, and mimicking the invisible touch-timings and hand-movements simultaneously, could be extremely difficult as our security analysis determined. Lastly, the scheme does not require any dedicated device (e.g., a smart token for OTP generation) for 2-factor authentication. The results obtained on 11,400 user-samples (collected by 3 days in-the-wild testing) and user-experience responses (received from the Software Usability Scale(4) survey) of 95 testers demonstrate our scheme as an accurate and acceptable user authentication scheme
TrojanDetector: A Multi-Layer Hybrid Approach for Trojan Detection in Android Applications
Full text linkTrojan Detection-the process of understanding the behaviour of a suspicious file has been the talk of the town these days. Existing approaches, e.g., signature-based, have not been able to classify them accurately as Trojans. This paper proposes TrojanDetector-a simple yet effective multi-layer hybrid approach for Trojan detection. TrojanDetector analyses every downloaded application and extracts and correlates its features on three layers (i.e., application-, user-, and package layer) to identify it as either a benign application or a Trojan. TrojanDetector adopts a hybrid approach, combining static and dynamic analysis characteristics, for feature extraction from any downloaded application. We have evaluated our scheme on three publicly available datasets, namely (i) CCCS- CIC-AndMal-2020, (ii) Cantagio-Mobile, and (iii) Virus share, by using simple yet state-of-the-art classifiers, namely, random forest (RF), decision tree (DT), support vector machine (SVM), and logistic regression (LR) in binary-class settings. SVM outperformed its counterparts and attained the highest accuracy of 96.64%. Extensive experimentation shows the effectiveness of our proposed Trojan detection scheme
SWIPEGAN
No full textBehavioral biometric-based smartphone user authentication schemes based on touch/swipe have shown to provide the desired usability. However, their accuracy is not yet considered up to the mark. This is primarily due to the lack of a sufficient number of training samples, e.g., swiping gestures1: users are reluctant to provide many. Consequently, the application of such authentication techniques in the real world is still limited.
To overcome the shortage of training samples and make behavioral biometric-based schemes more accurate, we propose the usage of Generative Adversarial Networks (GAN) for generating synthetic samples, in our case, or swiping gestures. GAN is an unsupervised approach for synthetic data generation and has already been used in a wide range of applications, such as image and video generation. However, their use in behavioral biometric-based user authentication schemes has not been explored yet. In this paper, we propose SWIPEGAN - to generate swiping samples to be used for smartphone user authentication. Extensive experimentation and evaluation show the quality of the generated synthetic swiping samples and their efficacy in increasing the accuracy of the authentication scheme
A Real-Time Hybrid Approach to Combat In-Browser Cryptojacking Malware
Full text linkCryptojacking is a type of computer piracy in which a hacker uses a victim's computer resources, without their knowledge or consent, to mine for cryptocurrency. This is made possible by new memory-based cryptomining techniques and the growth of new web technologies such as WebAssembly, allowing mining to occur within a browser. Most of the research in the field of cryptojacking has focused on detection methods rather than prevention methods. Some of the detection methods proposed in the literature include using static and dynamic features of in-browser cryptojacking malware, along with machine learning algorithms such as Support Vector Machine (SVM), Random Forest (RF), and others. However, these methods can be effective in detecting known cryptojacking malware, but they may not be able to detect new or unknown variants. The existing prevention methods are shown to be effective only against web-assembly (WASM)-based cryptojacking malware and cannot handle mining service-providing scripts that use non-WASM modules. This paper proposes a novel hybrid approach for detecting and preventing web-based cryptojacking. The proposed approach performs the real-time detection and prevention of in-browser cryptojacking malware, using the blacklisting technique and statistical code analysis to identify unique features of non-WASM cryptojacking malware. The experimental results show positive performances in the ease of use and efficiency, with the detection accuracy improved from 97% to 99.6%. Moreover, the time required to prevent already known malware in real time can be decreased by 99.8%
- …
