Intelligent User Profiling Based on Sensors and Location Data to Detect Intrusions on Mobile Devices

Intelligent User Profiling Based on Sensors and Location Data to Detect Intrusions on Mobile Devices

Pedro Miguel Sánchez Sánchez (Universidad de Murcia, Spain), José María Jorquera Valero (Universidad de Murcia, Spain), Alberto Huertas Celdran (Waterford Institute of Technology, Ireland) and Gregorio Martínez Pérez (Universidad de Murcia, Spain)
Copyright: © 2020 |Pages: 25
DOI: 10.4018/978-1-7998-2242-4.ch001

Abstract

Continuous authentication systems are considered as a promising solution to secure access to mobile devices. Their main benefit is the improvement of the users' experience when they use the services or applications of their mobile device. Specifically, continuous authentication avoids having to remember or possess any key to access an application or service that requires authentication. In this sense, having the user authenticated permanently increases the security of the device. It also allows the user interaction with applications to be much more fluid, simple, and satisfactory. This chapter proposes a new continuous authentication system for mobile devices. The system acquires data from the device sensors and the GPS location to create a dataset that represents the user's profile or normal behaviour. Then, the proposed system uses Machine Learning algorithms based on anomaly detection to perform user identification in real time. Several experiments have been carried out to demonstrate the performance and usefulness of the proposed solution.
Chapter Preview
Top

1. Introduction

Nowadays, the use of mobile devices has become a daily activity for the majority of the population of industrialized countries, for example, there are 2.71 billion smartphone users in the world today (2019) (Deyan, 2019). Within this wide range of mobile devices, there is a huge variety in terms of usage, from a private and personal usage such as social networks, take pictures or videos, online banking or entertainment, to a professional usage as the generation of invoices or consult customer data. The sensitive information stored in the devices and its usage is extremely important (Huertas, García, Gil & Martínez, 2016) so several knowledge management measures (Turulja & Bajgoric, 2018; Zenko, Mulej & Potocan, 2017) must be taken. The private information should be protected, so, most users restrict access to this information by controlling the access to the device. For that, it is necessary to make use of authentication mechanisms.

The fact of securing or protecting devices is usually done by establishing unlock patterns, pins or passwords that only the owner (or persons authorized to use the device) knows. The password gives access to the device until it is locked again by the user. In this way, an unauthorized person who has managed to know the password can access the content of the device without major impediment (Winkler, 2016). The companies that manufacture mobile devices are aware of the previous problem, thus, current devices implement new access control mechanisms and techniques. These techniques are related to biometric aspects (Wayman, Jain, Maltoni & Maio, 2005), such as fingerprint or facial recognition. They allow unlocking the device without having to enter a password. Besides, authentication is done using something that the user “is” and not something that “knows”, which complicates unauthorized access and impersonation of the owner's identity. However, these methods are not 100% functional and there are situations in which they do not work properly such as low light devices, dirty fingers, or hardware restrictions. Thus, it is still necessary to have a password set as an auxiliary measure for these cases.

Aware of this situation, in recent years, numerous cybersecurity researchers have made efforts to solve the problems mentioned above. In this context, a possible solution is to perform periodic evaluation of the actions that the user is performing with the device to identify anomalous behaviours that allow to determine that the device is being used by an unauthorized external person. This new authentication system is called continuous authentication (Deutschmann, Nordström & Nilson, 2013), and its main objective is to identify the user who uses the device constantly and not in a timely manner as the traditional authentication systems mentioned above. In order to identify the user continuously as intended, it is necessary to determine a dataset that models the behaviour of the user or users. This dataset is called the user profile and is used to compare with the current usage or behaviour of the mobile device. Thus, if the behaviour is known, the user will be someone authorized. In contrast, if it is an anomalous behaviour, the user will be taken as intruder.

Nowadays, the current continuous authentication systems present several open challenges. Among them, the following ones are highlighted:

  • The systems obtaining the best results in terms of precision using supervised ML algorithms cannot detect intruders whose data are not previously available.

  • Most of the current solutions do not adapt to gradual changes in the behaviour of the user who owns the device.

  • No existing solution takes into account changes in user’s behaviour relative to the time of day or day of the week.

  • Some solutions do not combine different dimensions, or they do not perform an optimal combination of them.

  • It is not taken into account the usability of these systems and the battery consumption.

Complete Chapter List

Search this Book:
Reset