Browse > Article
http://dx.doi.org/10.13089/JKIISC.2016.26.6.1493

A Real-Time User Authenticating Method Using Behavior Pattern Through Web  

Jang, Jin-gu (Center for Information Security Technologies, Korea University)
Moon, Jong Sub (Center for Information Security Technologies, Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.26, no.6, 2016 , pp. 1493-1504 More about this Journal
Abstract
As cyber threats have been increased over the Internet, the invasions of personal information are constantly occurring. A malicious user can access the Web site as a normal user using leaked personal information and does illegal activities. This paper proposes an effective method which authenticates a genuine user with real-time. The method use the user's profile which is a record of user's behavior created by Membership Analysis(MA) and Markov Chain Model(MCM). In addition to, user's profile is augmented by a Time Weight(TW) which reflects the user's tendency. This method can detect a malicious user who camouflage normal user. Even if it is a genuine user, it can be determined as an abnomal user if the user acts beyond the record profile. The result of experiment showed a high accuracy, 96%, for the correct user.
Keywords
Machine Learning; Markov Chain Model; Membership Analysis; Time Weight;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Pannell, Grant, and Helen Ashman. "User modelling for exclusion and anomaly detection: a behavioural intrusion detection system." International Conference on User Modeling, Adaptation, and Personalization. Springer Berlin Heidelberg, LNCS 6075, pp. 207-218, 2010.
2 Alexandre, Thomas J. "Biometrics on smart cards: An approach to keyboard behavioral signature." Future Generation Computer Systems, vol. 13, no. 1, pp. 19-26, Jul. 1997.   DOI
3 Ling, Li, Sui Song, and C. N. Manikopoulos. "Windows nt user profiling for masquerader detection." 2006 IEEE International Conference on Networking, Sensing and Control. IEEE, pp. 386-391, Apr. 2006.
4 Vizer, Lisa M., Lina Zhou, and Andrew Sears. "Automated stress detection using keystroke and linguistic features: An exploratory study." International Journal of Human-Computer Studies, vol. 67, no. 10, pp. 870-886, Aug. 2009.   DOI
5 Bhaskaran, Nisha, et al. "Deceit detection via online behavioral learning." Proceedings of the 2011 ACM Symposium on Applied Computing. ACM, pp 29-30, Mar. 2011.
6 Ju, Wen-Hua, and Yehuda Vardi. "A hybrid high-order Markov chain model for computer intrusion detection." Journal of Computational and Graphical Statistics, vol. 10. no. 2, pp. 277-295, Jan. 2001.   DOI
7 Ye, Nong, Yebin Zhang, and Connie M. Borror. "Robustness of the Markov-chain model for cyber-attack detection." IEEE Transactions on Reliability, 53(1), pp. 116-123, Mar 2004.   DOI
8 Jongho Choy et al "Application of Hidden Markov Model to Intrusion Detection System." Journal of KISS : Software and Applications, vol. 2, no. 6, pp. 429-438, Jun. 2001.
9 J.M. Estevez-Tapiador, P. Garcia-Teodoro, J.E. DiazVerdejo, "Measuring Normality in HTTP Traffic for Anomaly-Based Intrusion Detection." in. Computer Networks, vol. 45, no. 2, pp. 175-193, Jun 2004.   DOI
10 Zadeh, Lotfi A. "Fuzzy sets." Informationand control, vol. 8, no. 3, pp. 338-353, Jun 1965.   DOI
11 Umphress, David, and Glen Williams. "Identity verification through keyboard characteristics." International journal of man-machine studies, vol. 23, no. 3, pp. 263-273, Apr. 1985.   DOI
12 Monthly Electronic Technology. "Electronics Dictionaries." Seongandang, pp. 643, 2005.
13 Diaconis, Persi, and David Freedman. "de Finetti's theorem for Markov chains." The Annals of Probability, vol. 8, no, 1, pp. 115-130, Feb. 1980.   DOI
14 Sokolova, Marina, and Guy Lapalme. "A systematic analysis of performance measures for classification tasks." Information Processing & Management, vol. 45, no. 4, pp. 427-437, Jul. 2009.   DOI
15 Huang, Xinyi, et al. "Robust multi-factor authentication for fragile communications." IEEE Transactions on Dependable and Secure Computing, vol. 11, no. 6, pp. 568-581. Nov. 2014.   DOI
16 Peng, Jian, Kim-Kwang Raymond Choo, and Helen Ashman. "User profiling in intrusion detection: A review." Journal of Network and Computer Applications, vol. 72, pp. 14-27, Jul. 2016.   DOI
17 Bergadano, Francesco, Daniele Gunetti, and Claudia Picardi. "User authentication through keystroke dynamics." ACM Transactions on Information and System Security (TISSEC), vol. 5, no. 4, pp. 367-397 Nov. 2002.   DOI
18 Revett, Kenneth. "A bioinformatics based approach to user authentication via keystroke dynamics." International Journal of Control, Automation and Systems, vol. 7, no. 1, pp. 7-15, Mar. 2009.   DOI