Browse > Article
http://dx.doi.org/10.13089/JKIISC.2017.27.6.1419

A Study on Unconsciousness Authentication Technique Using Machine Learning in Online Easy Payment Service  

Ryu, Gwonsang (Kongju National University)
Seo, Changho (Kongju National University)
Choi, Daeseon (Kongju National University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.27, no.6, 2017 , pp. 1419-1429 More about this Journal
Abstract
Recently, environment based authentication technique had proposed reinforced authentication, which generating statistical model per user after user login history classifies into account takeover or legitimate login. But reinforced authentication is likely to be attacked if user was not attacked in past. To improve this problem in this paper, we propose unconsciousness authentication technique that generates 2-Class user model, which trains user's environmental information and others' one using machine learning algorithms. To evaluate performance of proposed technique, we performed evasion attacks: non-knowledge attacker that does not know any information about user, and sophisticated attacker that only knows one information about user. Experimental results against non-knowledge attacker show that precision and recall of Class 0 were measured as 1.0 and 0.998 respectively, and experimental results against sophisticated attacker show that precision and recall of Class 0 were measured as 0.948 and 0.998 respectively.
Keywords
Authentication; Machine Learning; Account Takeover; Fraud Detection;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 J.A. Muir, and P.C.V. Oorschot, "Internet geolocation: evasion and counterevasion," ACM Computing Surveys (CSUR), vol. 42, no. 1, Dec. 2009.
2 Sohee Park and Daeseon Choi, "Artificial intelligence security issues," Review of The Korea Institute of Information Security & Cryptology, 27(3), pp. 27-32, Jun. 2017.
3 D. Preuveneers, and W. Joosen, "SmartAuth: dynamic context fingerprinting for continuous user authentication," Proceedings of the 30th Annual ACM Symposium on Applied Computing, pp. 2185-2191, Apr. 2015.
4 E. Maiorana, P. Campisi, N. Gonzalez-Carballo, and A. Neri, "Keystroke dynamics authentication for mobile phones," Proceedings of the 2011 ACM Symposium on Applied Computing, pp. 21-26, 2011.
5 R. Shay, S. Komanduri, P.G. Kelley, M.L. Mazurek, L. Bauer, and L.F. Cranor, "Encountering stronger password requirements: user attitudes and behaviors," Proceedings of the Sixth Symposium on Usable Privacy and Security, ACM, Jul. 2010.
6 A. Das, J. Bonneau, M. Caesar, N. Borisov, and X. Wang, "The tangled web of password reuse," Proceedings of Network and Distributed System Security Symposium, Feb. 2014.
7 F. Tari, A. Ozok, and S.H. Holden, "A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords," Proceedings of the Sixth Symposium on Usable Privacy and Security, ACM, pp. 56-66, Jul. 2006.
8 T. Feng, X. Zhao, B. Carbunar, and W. Shi, W. "Continuous mobile authentication using virtual key typing Biometrics," 12th International Conference on Trust, Security and Privacy in Computing and Communications, IEEE, pp. 1547-1552. Jul. 2013.
9 H. Crawford and E. Ahmadzadeh, "Authentication on the go: assessing the effect of movement on mobile device keystroke dynamics," In Thirteenth Symposium on Usable Privacy and Security, USENIX, pp. 163-173. Jul. 2017.
10 Seungsoo Nam, Changho Seo, and Daeseon Choi, "Mobile finger signature verification robust to skilled forgery," Journal of The Korea Institute of Information Security & Cryptology, 26(5), pp. 1161-1170, Oct. 2016.   DOI
11 L. Zhang, S. Tan, J. Yang, and Y. Chen, "Voicelive: a phoneme localization based liveness detection for voice authentication on smartphones," Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1080-1091. Oct. 2016.
12 D. Freeman, S. Jain, M. Durmuth, B. Biggio, and G. Giacinto, "Who are you? a statistical approach to measuring user authenticity," Proceedings of Network and Distributed System Security Symposium, pp. 1-15, Feb. 2016.
13 N.Z. Gong, M. Payer, R. Moazzezi, and M. Frank, "Forgery-resistant touchbased authentication on mobile devices," Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pp. 499-510, May. 2016.
14 Minwoo Kim, Seungyeon Kim, and Taekyoung Kwon, " A study of behavior based authentication using touch dynamics and application usage on android," Journal of The Korea Institute of Information Security & Cryptology, 27(2), Apr. 2017.
15 D. Liu, B. Dong, X. Gao, and H. Wang, "Exploiting eye tracking for smartphone authentication," International Conference on Applied Cryptography and Network Security, Springer, pp. 457-477, Jun. 2015.
16 I. Sluganovic, M. Roeschlin, K.B. Rasmussen, and I. Martinovic, "Using reflexive eye movements for fast challenge-response authentication," Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1056-1067, Oct. 2016.
17 S. Eberz, K.B. Rasmussen, V. Lenders, and I. Martinovic, "Preventing lunchtime attacks: fighting insider threats with eye movement biometrics," Proceedings of Network and Distributed System Security Symposium, Feb. 2015.