Authors:
Saud Alotaibi
1
;
Abdulrahman Alruban
2
;
Steven Furnell
3
and
Nathan Clarke
4
Affiliations:
1
Centre for Security, Communications and Network Research, Plymouth University, Plymouth and U.K
;
2
Centre for Security, Communications and Network Research, Plymouth University, Plymouth, U.K, Computer Sciences and Information Technology College, Majmaah University, Al Majma’ah and Saudi Arabia
;
3
Centre for Security, Communications and Network Research, Plymouth University, Plymouth, U.K, Security Research Institute, Edith Cowan University, Perth,Western Australia, Centre for Research in Information and Cyber Security, Nelson Mandela University, Port Elizabeth and South Africa
;
4
Centre for Security, Communications and Network Research, Plymouth University, Plymouth, U.K, Security Research Institute, Edith Cowan University, Perth andWestern Australia
Keyword(s):
Transparent Authentication, Behaviour Profiling, Mobile Applications, Mobile Security, Usable Security Biometric Authentication, Smartphones, Tablets.
Abstract:
The growth in smartphone usage has led to increased user concerns regarding privacy and security. Smartphones contain sensitive information, such as personal data, images, and emails, and can be used to perform various types of activity, such as transferring money via mobile Internet banking, making calls and sending emails. As a consequence, concerns regarding smartphone security have been expressed and there is a need to devise new solutions to enhance the security of mobile applications, especially after initial access to a mobile device. This paper presents a novel behavioural profiling approach to user identity verification as part of mobile application security. A study involving data collected from 76 users over a 1-month period was conducted, generating over 3 million actions based on users’ interactions with their smartphone. The study examines a novel user interaction approach based on supervised machine learning algorithms, thereby enabling a more reliable identity verific
ation method. The experimental results show that users could be distinguished via their behavioural profiling upon each action within the application, with an average equal error rate of 26.98% and the gradient boosting classifier results prove quite compelling. Based on these findings, this approach is able to provide robust, continuous and transparent authentication.
(More)