| Active, or continuous, authentication is gradually gaining grounds as the preferred method of personal authentication. This is due to the limited nature of standard authentication methods that are unable to guarantee user identity beyond initial authentication. While research in the area of active authentication has explored and proposed various techniques to overcome this problem, we present two new behavioral-based biometric models for active authentication that expand on current research in terms of performance and scope using adaptive user profiles and their dynamics over time. The novel active authentication models are complementary to each other and include: (1) Application Commands Streams Authentication Model (ACSAM) and (2) Scrolling Behavior Authentication Model (SBAM).;ACSAM is based on the commands a user issues while interacting with a GUI-based application. In this model, supervised learning methods including Random Forests, AdaBoost, Decision Trees and Naive Bayes are used to predict whether the authenticated user editing a document is legitimate or not. Random Forests bested all the other learning methods considered in correctly identifying the user with an average of 95.43% accuracy (number of users correctly classified), while achieving an F1-measure and Area Under the Curve (AUC) of 0.953 and 0.735 respectively.;SBAM is based on a user's document scrolling behavior. In this model, both classification and clustering techniques are used to authenticate the identified user as legitimate or not. For classification, supervised learning methods including Random Forests, AdaBoost and AD Trees (Alternative Decision Trees) are used. While classification using Random Forests with sub-sampling yielded an average of 98.24% accuracy, it was biased towards the majority class (impostors). This was evident when examining the F1-measure for the rare class (legitimate users), which at best achieved 0.50 accuracy. Alternatively, unsupervised learning using K-means clustering was shown to narrow down the possibility that a given scrolling behavior belongs to a particular set of users. Towards that end, two approaches were applied to mitigate the unbalanced authentication aspect. The first approach focused on ranking the users with 58% and 80% of the time the actual user ranked in the top 5 and 10 users, respectively. The second approach focused on feasibility sets (or multiple ID sets) with 83% of the time the actual user within the correct set of possible user profiles. |
