Autenticação Contínua de Usuários Utilizando Contadores de Desempenho do Sistema Operacional

  • César Andrade UFAM
  • Paulo Henrique Gonçalves UFAM
  • Hendrio Bragança UFAM
  • Eduardo Souto UFAM

Resumo


Computer authentication systems based on login and password have been vulnerable to the action of unauthorized users. Currently, authentication techniques based on behavioral models predominantly use information extracted from mouse and/or keyboard to authenticate users. Operating system performance indicators can be used as an alternative. This work proposes an approach using data from performance indicators such as source data, CNN/LSTM networks for data classification, and reliability-based assessment methodology for the purpose of authenticating the user on an ongoing basis. The results obtained demonstrate the feasibility of using these attributes as the origin of the data to define a behavioral model. The best result obtained in this research is that 100% of genuine users are never inadvertently blocked and 100% of the imposters are detected after the average of three actions. Sistemas de autenticação de computadores baseados em credencias de contas (e.g. login e senha) têm sido vulneráveis à ação de usuários não autorizados. Atualmente, as técnicas de autenticação baseadas em modelos comportamentais predominantemente usam informações extraídas de mouse e/ou teclado para autenticar os usuários. Contadores de desempenho de sistema operacional podem ser utilizadas como alternativa. Este trabalho propõe uma abordagem utilizando dados de contadores de desempenho como dados de origem, redes CNN/LSTM para classificação dos dados e metodologia de avaliação baseada em nível de confiança com o propósito de autenticar o usuário de forma contínua. Os resultados obtidos demonstram a viabilidade do uso destes atributos como origem dos dados para definição de modelo comportamental. O melhor resultado obtido nesta pesquisa é que 100% dos usuários genuínos nunca são bloqueados inadvertidamente e 100% dos impostores são detectados após a média de três ações.

Referências

Ayeswarya, S. e Norman, J. (2019) “A survey on different continuous authentication systems”, International Journal of Biometrics, vol. 11, p. 67-99.

Bailey, K. O., Okolica, J. S., e Peterson, G. L. (2014) “User identification and authentication using multi-modal behavioral biometric”, Comuters & Security, 43, p. 77-89.

Cai Z., Shen, C. e Guan, X. (2014) “Mitigating Behavioral Variability for Mouse Dynamics: A Dimensionality-Reduction-Based.”, IEEE Transactions on Human-Machine Systems Volume, vol. 44, p. 244 –255.

Chen, A., Brahma, P., Wu, D. O., Ebner, N., Matthews, B., Crandall, J., Xuetao, W., Faloustsos, M. e Oliveira, D. (2016) “Cross-layer personalization as a first-class citizen for situation awareness and computer infrastructure security”, Proceedings of the 2016 New Security Paradigms Workshop on – NSPW, p. 23-35.

Deutschmann, I. e Lindholm, J. (2013) “Behavioral biometrics for DARPA’s Active Authentication program”. In Lecture Notes in Informatics (LNI), Proceedings - Series of the Gesellschaft fur Informatik (GI).

Schulz, D. A. (2006) “Mouse curve biometrics”, Proceedings of the Biometrics Symposium, Biometric Consortium Conference, IEEE, p. 1–6.

Davoudi, H. e Kabir, E. (2009) “A new distance measure for free text keystroke authentication”, 14th International CSI Computer Conference (CSICC'09), IEEE, p. 570–575.

Feher, C., Elovici, Y., Moskovitch, R., Rokach, L., e Schclar, A. (2012) “User identity verification via mouse dynamics”, Information Sciences, p. 19–36.

Fridman, L., Stolerman, A., Acharya, S., Brennan, P., Juola, P., Greenstadt, R., e Kam, M. (2015) “Multi-modal decision fusion for continuous authentication”, Computers & Electrical Engineering, 41, p. 142–156.

Malatras, A., Geneiatakis, D., e Vakalis, I. (2016) “On the efficiency of user identification: a system-based approach”, International Journal of Information Security, 16 (6), p. 653–671.

Mondal, S., e Bours, P. (2014) “Continuous authentication using fuzzy logic”, Proceedings of the 7th International Conference on Security of Information and Networks - SIN ’14.

Mondal, S., e Bours, P. (2015) “A computational approach to the continuous authentication biometric system”, Information Sciences, 304, p. 28–53.

Mondal, S., e Bours, P. (2016) “Combining keystroke and mouse dynamics for continuous user authentication and identification”, IEEE International Conference on Identity, Security and Behavior Analysis (ISBA).

Mondal, S., e Bours, P. (2017) “ A study on continuous authentication using a combination of keystroke and mouse biometrics”,Neurocomputing, 230, p. 1–22.

Hochreiter, S., e Schmidhuber, J. (1997) “Long Short-Term Memory”, Neural Computation, 9(8), p. 1735–1780.

Neha, e Chatterjee, K. (2018) “Biometric re-authentication: an approach towards achieving transparency in user authentication”, Multimedia Tools and Applications.

Rajvardhan, O. e Mrunmayee, K. (2017) “A Novel Architecture for Continuous Authentication using Behavioural Biometrics”, International Conference on Current Trends in Computer, Electrical, Electronics and Communication (CTCEEC), p. 767-771.

Ordóñez, F. J., e Roggen, D. (2016). Deep Convolutional and LSTM Recurrent Activity Recognition. Sensors, p. 1-25.

Ouch, R., Garcia-zapirain, B. e Yampolskiy, R. (2017). “Multimodal Biometric Systems : a systematic review”, Computer Science, p. 439–44.

Palaz, D., Magimai.-Doss, M. e Collobert, R. Analysis of CNN-based Speech Recognition System using Raw Speech as Input. In Proceedings of the 16th Annual Conference of International Speech Communication Association (Interspeech), Dresden, Germany, 6–10 September 2015, p. 11–15.

Bours, P. e Barghouthi, H. (2009). “Continuous Authentication using Biometric Keystroke Dynamics”. The Norwegian Information Security Conf. (NISK), p. 1–12.

Akash, S e Arya (2017). “Applications and Security of Keystroke Dynamics for User Authentication”. Arya International Journal of Computer e Mathematical Sciences IJCMS ISSN. p. 2347-8527.

Shen, C., Cai, Z. and Guan, X. (2012) ‘Continuous authentication for mouse dynamics: a pattern-growth approach’, Proc. Int. Conf. Dependable Syst. Networks.

Song, Y., Salem, B., Hershkop, S., e Stolfo, S. J. (2013) “System level user behavior biometrics using Fisher features and Gaussian mixture models”. 2013. - p. 52-59.

Sun, R., Yuan, X., He, Pan., Zhu, Q., Chen, A., Gregio, A., Oliveira, D., e Li, X.. (2017). “Learning Fast and Slow: PROPEDEUTICA for Real-time Malware Detection”.

Xiaojun, C., Zicheng, X., Yiguo, P. e Jinqiao, S.. (2013a). “A continuous re-authentication approach using ensemble learning”. Procedia Computer Science 17. p 870–78.

Nakkabi, Y., Traoré, I. e Ahmed, A., (2010). “Improving mouse dynamics biometric performance using variance reduction via extractors with separate features”, IEEE Trans. Syst.

Man Cybern. – Part A: Syst. Hum. 40, p 1345–1353.

Nan, Z., Aaron, P. e Haining, W. (2011). “An Efficient User Verification System via Mouse Movements”.
Publicado
02/09/2019
Como Citar

Selecione um Formato
ANDRADE, César; GONÇALVES, Paulo Henrique; BRAGANÇA, Hendrio; SOUTO, Eduardo. Autenticação Contínua de Usuários Utilizando Contadores de Desempenho do Sistema Operacional. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 19. , 2019, São Paulo. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2019 . p. 295-308. DOI: https://doi.org/10.5753/sbseg.2019.13979.

Artigos mais lidos do(s) mesmo(s) autor(es)