This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Swipe Gesture based Continuous Authentication for Mobile Devices
Before building the classifier models we first apply the fea-
ture selection technique [10]. Let F = 1, 2, 3, ...m be the
total feature set, where m is the number of feature attributes.
The feature subset A ⊆ F is based on the maximization of
460
the Sn with Genetic Algorithm as a feature subset searching
technique where,
Sn = sup∣
∣MVCDF (xAg )−MVCDF (xA
i )∣
∣
MVCDF () → Multivariate Cumulative
Distribution Function
xAg → Genuine user feature subset data
xAi → Imposter user feature subset data
4. Methodology
This section describes the methodology we have fol-
lowed to carry out research.
4.1. Trust Model
The concept of Trust Model was first introduced by
Bours [3] in behavioural biometrics based CA. In this model
the behaviour of the current user is compared to the template
of the genuine user. Based on each single action performed
by the current user, the trust in the genuineness of the user
will be adjusted. If the trust of the system in the genuine-
ness of the user is too low, then the user will be locked out
of the system. More specifically, if the trust drops below a
pre-defined threshold Tlockout then the system locks itself
and will require static authentication of the user to continue
working.
The basic idea is that the trust of the system in the gen-
uineness of the current user depends on the deviations from
the way this user performs various actions on the system. If
a specific action is performed in accordance with how the
genuine user would perform the task (i.e. as it is stored in
the template), then the system’s trust in the genuineness of
this user will increase, which is called a Reward. If there is
a large deviation between the behaviour of the genuine and
current user, then the trust of the system in the current user
will decrease, which is called a Penalty. The amount of
change of the trust level can be fixed or variable [3]. A small
deviation from the behaviour of the user, when compared to
the template, could lead to a small decrease in trust, while a
large deviation could lead to a larger decrease.
In this research, we implemented a dynamic Trust Model
[13]. The model uses several parameters to calculate the
change in trust and to return the system trust in the genuine-
ness of the current user after the each separate action per-
formed by the user. All the parameters for this trust model
can be user specific. Also, for each user the parameters can
be different for different kind of actions.
Algorithm 1, shows the proposed Trust Model algorithm.
The change of trust (∆Trust) is calculated according to
Equation 1 and depends on the classification score of the
current action performed by the user as well as on 4 param-
eters. The parameter A represents the threshold value be-
tween penalty and reward. If the classification score of the
current action (sci) is exactly equal to this threshold then
∆Trust = 0. If sci > A then ∆Trust > 0, i.e. a reward
is given and if sci < A then ∆Trust < 0, i.e. the trust de-
creases because of a penalty. Furthermore, the parameter
B is the width of the sigmoid for this function (see Figure
4), while the parameters C and D are the upper limits of
the reward and the penalty. In Figure 4, we have shown the
∆Trust produced by the Equation 1 based on the classifica-
tion score of the current action for various sets of parame-
ters.
Algorithm 1: Algorithm for Trust Model.
Data:
sci → Classification score for the ith action
A → Threshold for penalty or reward
B → Width of the sigmoid
C → Maximum reward
D → Maximum penalty
Ti−1 → System trust after (i− 1)th action
Result:
Ti → System trust on the user after ith action
begin
∆Trust(sci) = min{−D + (D × (1 + 1
C)
1
C+ exp(− sci−A
B)), C}
(1)
Ti = min{max{Ti−1 +∆Trust(sci), 0}, 100}(2)
end
4.2. System Architecture
In this section, we discuss the methodology of our sys-
tem. The system was divided into two basic phases (see
Figure 5).
In the training phase, the training data (see Section 3.1) is
used to build the classifier models and the models are stored
in a database for use during the testing phase (marked as
dotted arrow). Each genuine user has his/her own classifier
models and training features.
In the testing phase, we use the test data which was sep-
arated from the training data for comparison. In the com-
parison, we use the models and training features stored in
the database and obtain the classifier score (probability) of
each sample of the test data according to the performed ac-
tion. This score will then be used to update the trust value
461
0 0.2 0.4 0.6 0.8 1−3
−2
−1
0
1
2
3
Classifier Score (sc)
∆T
rust(s
c)
A = 0.5, B = 0.1, C = 1, D = 1
0 0.2 0.4 0.6 0.8 1−3
−2
−1
0
1
2
3
Classifier Score (sc)
∆T
rust(s
c)
A = 0.7, B = 0.1, C = 1, D = 1
0 0.2 0.4 0.6 0.8 1−3
−2
−1
0
1
2
3
Classifier Score (sc)
∆T
rust(s
c)
A = 0.5, B = 0.05, C = 1, D = 1
0 0.2 0.4 0.6 0.8 1−3
−2
−1
0
1
2
3
Classifier Score (sc)
∆T
rust(s
c)
A = 0.5, B = 0.1, C = 2, D = 2
Figure 4. Score sc vs. ∆Trust(sc) from Equation 1 for different
parameters.
Trust in the trust model (see Section 4.1). Finally, the trust
value Trust is used in the decision module, to determine if
the user will be locked out or can continue to use the device.
This decision is made based on the current trust value and
the lockout threshold (Tlockout).
For each action performed by the current user, the sys-
tem calculates the score for that action (see for details the
subsections in Section 3.2) and used that to calculate the
change in trust according to Equation 2. Parameters A, B,
C, and D in Equation 2 dependent on the user’s behaviour
and are optimized according to that. In our experiment, we
used linear search to optimize the parameters.
Build Classifier
Models
Swipe Feature Extraction
Store Profiles
Matching Module Trust Model
Decision Module
Con
tinu
e
Loc
k ou
t
Testing Pipeline
Template Creation Pipeline Static Login
Figure 5. Block Diagram of the proposed system.
4.3. Performance Measure
In the testing phase will we measure the performance of
the system in terms of Average Number of Genuine Actions
(ANGA) and Average Number of Impostor Actions (ANIA)
[12]. The details explanation of the performed actions is
given in Section 2.
0 10 20 30 40 50 60 70 80 90 10085
90
95
100
Event Number
Trus
t lev
el
N1
Rese
t Sys
tem
Tru
st
N2
Rese
t Sys
tem
Tru
st
N3
Rese
t Sys
tem
Tru
st
N4
Rese
t Sys
tem
Tru
st
N5
Rese
t Sys
tem
Tru
st
Figure 6. Trust for impostor test set.
In Figure 6, we see how the trust level changes when we
compare a model with test data of an impostor user. The
trust will drop (in this example) 5 times below the lock-
out threshold (Tlockout marked with a red line) within 100
user actions. The value of ANIA in this example equals1
5
∑
5
i=1Ni. We can calculate ANGA in the same way, if
the genuine user is locked out based on his own test data.
Our goal is obviously to have ANGA as high as possible,
while at the same time the ANIA value must be as low as
possible. The last is obviously to assure that an impostor
user can do as little harm as possible, hence he/she must be
detected as quick as possible. In our analysis, whenever a
user is locked out, we reset the trust value to 100 to simulate
a new session starting after the set of actions that lead to this
lockout. In Figure 6, we can clearly see that the trust is set
back 5 times to 100.
4.3.1 FNMR / FMR to ANGA / ANIA Conversion
In this section, we show how, for a PA system, we can ex-
press FNMR and FMR in terms of ANGA and ANIA. As-
sume FNMR equals p and the system operates on chunks of
m actions. The genuine user can always do m actions and
with probability (1 − p) he can continue and do m more
actions. After that, again with probability (1 − p), he can
do m more actions, etc. So in total we find:
ANGA = m+ (1− p)×m+ (1− p)2 ×m+
(1− p)3 ×m...
So, ANGA =m
1− (1− p)=
m
p
Similarly if FMR is p, then the imposter user can always do
m actions and with the probability of p he can continue and
do m more actions. After that again with probability p he
can do m more actions, etc. So in total we find:
ANIA = m+ p×m+ p2 ×m+ p3 ×m...
So, ANIA =m
1− p
462
For example, Frank et al. [8] got an EER of 3% with chunks
of 12 actions. So, p = 0.03 and m = 12; so ANGA =12
0.03= 400 and ANIA = 12
1−0.03= 12. It is clear that an
impostor can do at least m actions in a PA system because
such a system checks the identity of the user for the first
time after m actions.
5. Result Analysis
In this section, we analyse the results that we obtained
from our performance analysis. We divide our analysis into
three major parts based on the verification process (see Sec-
tion 3.1). As mentioned before, in this research the total
number of data sets of genuine users is 71 and hence, the
total number of data sets of impostor users is 4970 (71 ×70). We report the results from a one-hold-out cross val-
idation test in terms of ANIA and ANGA along with the
total number of impostors not detected for different lockout
threshold (Tlockout). Also, we report the results with the
user specific lockout threshold (Tus) where, the threshold
for lockout will satisfy 50 ≤ Tus < min(Trustgenuine).Besides reporting the performance in terms of ANIA and
ANGA and in terms of the 4 categories described below,
will we also report the results in terms of FMR and FNMR.
We do realize that this is a slight abuse of terminology in
the context of continuous authentication with our analysis
methods, but we decided to do so to clarify the results in
known terminology.
Interpretation of the tables: When we present the re-
sults from our analysis, the results are shown for 4 possi-
ble categories. The categories are divided based on genuine
user lockout (+ if the genuine user is not locked out and −in case of lock out) and non-detection of impostor users (+if an impostor user is locked out and − otherwise). Each of
the 71 users can thus be classified of 4 categories:
• All Positive (+ / +) : This is the best case category. In
this category, the genuine user is never locked out, and
all the 70 impostors are detected as impostors.
• Positive vs. Negative (+ / -) : In this category, the
genuine user is not locked out but some impostors are
not detected by the system.
• Negative vs. Positive (- / +) : In this category, the
genuine user is locked out by the system, but on the
other hand are all impostors detected.
• All Negative (- / -) : This is the worst case category. In
this category, the genuine user is locked out by the sys-
tem and also, some of the impostors are not detected.
The column # Users shows how many users fall within
each of the 4 categories (i.e. the values sum up to 71 for
Set-1 and 51 for Set-2). In the column ANGA a value
will indicate the Average Number of Genuine Actions in
case indeed genuine users are locked out by the system. If
the genuine users are not locked out, then we actually can-
not calculate ANGA. The column ANIA will display the
Average Number of Impostor Actions, and is based on all
impostors that are detected. The actions of the impostors
that are not detected are not used in this calculation, but the
number of impostors that is not detected is given in the col-
umn # Imp. ND. This number should be seen in relation to
the number of users in that particular category. For example,
in the Set-1 ’+ / -’ category described in Table 1, we see
that # Users equals 3, i.e. there are 3 × 70 = 210 impostor
test sets, and only 4 imposters within these 210 impostors
are not found by the system as being an impostor.
5.1. Result
Table 1 shows the optimal result we got from this anal-
ysis for VP-1. The table is divided into two parts, based
on the dataset used (i.e. Set-1 and Set-2). For Set-1
In total 68 users qualify for the best category for the user
specific lockout threshold; whereas for the fixed threshold,
this number drops to 63. We can observe from the table
that if we go from a user specific lockout threshold (Tus) to
fixed lockout threshold (Tlockout = 90) the results are get-
ting worse. For the fixed lockout threshold, the number of
best performing users are decreasing, and the numbers for
Positive vs. Negative are increasing. We also see that for
Set-2 all the 51 users satisfied the best case category for
the user specific lockout threshold.
Table 2 displays the optimal result from the analysis for
VP-2. We can clearly observe that all the 51 users satisfied
the best case category for the user specific lockout threshold
scheme on Set-2, but the ANIA increases from 5 for VP-1
to 6 for VP-2. Finally Table 3 shows the optimal result we
got from this analysis for VP-3.
It is not surprising that from Tables 1 to 3 we consistently
see that the personal threshold performs better than the fixed
system threshold.
We first applied the methods proposed by Mondal and
Bours [12] for VP-1 on Set-1 (i.e. Static Trust Model
with Support Vector Machine as a classifier) and obtained
an ANIA of 7 for only 22 users in the best category when
using a user specific lockout threshold. Table 4 shows the
result obtained from this analysis. We observe the signif-
icant improvement of the results when in this research by
comparing the result in Tables 1 and 4.
Table 4. Results for VP-1 on Set-1 by using analysis method
from [12].
Categories # User ANGA ANIA # Imp. ND
+ / + 22 7
+ / - 47 37 269
- / +
- / - 2 113 117 28
463
Table 1. Results for VP-1 with the analysis method.
Tlockout CategoriesSet-1 Set-2
# User ANGA ANIA # Imp. ND # User ANGA ANIA # Imp. ND
Tus
+ / + 68 4 51 5
+ / - 3 14 4
- / +
- / -
90
+ / + 63 14 47 19
+ / - 8 25 20 4 37 5
- / +
- / -
Table 2. Results for VP-2 with the analysis method.
Tlockout CategoriesSet-1 Set-2
# User ANGA ANIA # Imp. ND # User ANGA ANIA # Imp. ND
Tus
+ / + 66 4 51 6
+ / - 5 15 10
- / +
- / -
90
+ / + 56 15 48 19
+ / - 15 22 27 3 36 3
- / +
- / -
We also report the overall system performance in terms
of FMR and FNMR, although we are aware that this is a
slight abuse of terminology in the context of continuous au-
thentication with our analysis methods. In this case we con-
sider FMR as the probability that an impostor user is not
detected when his test data is compared to the classification
model of a genuine user. Each impostor data was tested
against 71 genuine users for Set-1 and 51 for Set-2,
which means that the total number of impostor tests equals
71×70 = 4970 for Set-1 and 51×50 = 2550 for Set-2.
Similarly we also define the FNMR here as the probability
that a genuine user is falsely locked out by the system.
We report here the FNMR and FMR values for all the
tests done in previous section. We will restrict ourselves to
only the optimal settings, i.e. the user dependent threshold
Tus. For example we see in Table 1, in that case none of the
genuine user is locked out and that 4 impostor users are not
detected (category +/-). This implies that FNMR = 0%and FMR = 4/4970 = 0.08%. All the results are pre-
sented in Table 5. In this table are the verification pro-
cesses by the columns and the rows represent the dataset
(i.e. Set-1 and Set-2).
Table 5. Results in terms of (FNMR, FMR).
Data Set VP-1 VP-2 VP-3
Set-1 (0%, 0.08%) (0%, 0.2%) (0%, 0.06%)
Set-2 (0%, 0%) (0%, 0%) (0%, 0.04%)
Our major focus in this research was to develop a proper
CA system, which can react every action performed by
the user. A change of the pre-processing can influence
the results (i.e. a different feature extraction process, a dif-
ferent feature selection techniques or the choice of classi-
fiers). The goal in [1] was user identification and the au-
thors showed that could reach a 95% accuracy when using
chunk of 10 actions.
5.2. Comparison with Previous Research
Due to its novelty, we have found few research which
have addressed the continuous authentication by using mo-
bile swipe gesture [7, 8, 15]. Table 6, shows the previous
research results in terms of ANIA/ANGA by using the con-
version technique describe in section 4.3.1. We can clearly
see that our methods outperform these researches. The
database we used is also large when compared to these three
researches which provides statistical significance of this re-
search.
The major limitation of the state-of-the-art research is
that they use fixed chunks of data (i.e. m actions) for analy-
sis. An impostor can perform m actions before his identity
is checked, even if a 0% EER rate is achieved. In fact, this
is no longer CA, but at best periodic authentication. This
limitation is mitigated by our proposed scheme.
464
Table 3. Results for VP-3 with the analysis method.
Tlockout CategoriesSet-1 Set-2
# User ANGA ANIA # Imp. ND # User ANGA ANIA # Imp. ND
Tus
+ / + 68 4 50 5
+ / - 3 10 3 1 27 1
- / +
- / -
90
+ / + 57 14 49 17
+ / - 14 19 22 2 40 4
- / +
- / -
Table 6. Previous research results with our conversion method.
Ref # Users FNMR FMR Blocksize ANGA ANIA
[8] 41 3% 3% 12 400 12
[15] 30 2.62% 2.62% 6 229 6
[7] 23 9% 7% 8 89 9
6. Conclusion
Our analysis was extensive in the sense that we applied
three different verification processes and all different com-
binations of the settings with two separate sets of data. Al-
though we applied the analysis in this research to a dataset
with continuous swipe gesture data, are the techniques gen-
eral enough that they can also be applied to, for exam-
ple, keystroke dynamics data or any other biometric data
that can be used for continuous authentication on mobile
devices. We have shown that our results improve signifi-
cantly over the previously known performance results, even
though it is hard to compare the results in a straightforward
manner. In the future we intend to perform a context inde-
pendent long term experiment for continuous authentication
to provide a deployable security solution.
References
[1] M. Antal, L. Z. Szabo, and Z. Bokor. Identity information
revealed from mobile touch gestures. Studia Universitatis
Babes-Bolyai, Informatica, LIX:1–14, 2014.
[2] D. Ballabio and M. Vasighi. A matlab toolbox for self orga-
nizing maps and supervised neural network learning strate-
gies. Chemometrics and Intelligent Laboratory Systems,
118(0):24 – 32, 2012.
[3] P. Bours. Continuous keystroke dynamics: A different per-
spective towards biometric evaluation. Information Security
Technical Report, 17:36–43, 2012.
[4] Z. Cai, C. Shen, M. Wang, Y. Song, and J. Wang. Mobile
authentication through touch-behavior features. In Biomet-
ric Recognition, volume 8232 of Lecture Notes in Computer
Science, pages 386–393. Springer, 2013.
[5] A. De Luca, A. Hang, F. Brudy, C. Lindner, and H. Huss-
mann. Touch me once and i know it’s you!: Implicit authen-
tication based on touch screen patterns. In SIGCHI Con-
ference on Human Factors in Computing Systems, CHI ’12,
pages 987–996. ACM, 2012.
[6] T. Feng, Z. Liu, K.-A. Kwon, W. Shi, B. Carbunar, Y. Jiang,
and N. Nguyen. Continuous mobile authentication using
touchscreen gestures. In IEEE Conference on Technologies
for Homeland Security (HST’12), pages 451–456, Nov 2012.
[7] T. Feng, J. Yang, Z. Yan, E. M. Tapia, and W. Shi. Tips:
Context-aware implicit user identification using touch screen
in uncontrolled environments. In 15th Workshop on Mo-
bile Computing Systems and Applications (HotMobile ’14),
pages 9:1–9:6. ACM, 2014.
[8] M. Frank, R. Biedert, E. Ma, I. Martinovic, and D. Song.
Touchalytics: On the applicability of touchscreen input
as a behavioral biometric for continuous authentication.
IEEE Transactions on Information Forensics and Security,
8(1):136–148, Jan 2013.
[9] J. Kittler, M. Hatef, R. P. W. Duin, and J. Matas. On combin-
ing classifiers. IEEE Trans. on Pattern Analysis and Machine
Intelligence, 20(3):226–239, 1998.
[10] C. Lazar, J. Taminau, S. Meganck, D. Steenhoff, A. Co-
letta, C. Molter, V. de Schaetzen, R. Duque, H. Bersini, and
A. Nowe. A survey on filter techniques for feature selection
in gene expression microarray analysis. IEEE/ACM Trans.
on Computational Biology and Bioinformatics, 9(4):1106–
1119, 2012.
[11] Y. Meng, D. S. Wong, and L.-F. Kwok. Design of touch
dynamics based user authentication with an adaptive mech-
anism on mobile phones. In 29th Annual ACM Symposium
on Applied Computing, SAC ’14, pages 1680–1687. ACM,
2014.
[12] S. Mondal and P. Bours. Continuous authentication using
mouse dynamics. In Int. Conf. of the Biometrics Special In-
terest Group (BIOSIG’13), pages 1–12, Sept 2013.
[13] S. Mondal and P. Bours. A computational approach to the
continuous authentication biometric system. Information
Sciences, 304:28 – 53, 2015.
[14] I. T. Nabney. Netlab: Algorithms for Pattern Recognition,
volume XVIII of Advances in Computer Vision and Pattern
Recognition. Springer, 2002.
[15] X. Zhao, T. Feng, and W. Shi. Continuous mobile authenti-
cation using a novel graphic touch gesture feature. In 2013
IEEE Int. Conf. on Biometrics: Theory, Applications and