Track: Cyber Security

Abstract

Mouse dynamic-based behavioral biometrics can provide an extra layer of security for web applications while ensuring the usability of the application. It also minimizes the password-sharing issue faced by web-based service providers. Researchers have achieved this with two different models, namely Continuous Authentication (CA) and Periodic Authentication (PA). PA model authenticates the user regularly after a set of actions or a certain time duration whereas CA model authenticates the user after every single action. These models are evaluated based on accuracy metrics such as False Acceptance Rate (FAR), False Rejection Rate (FRR), and Area Under the Curve (AUC). However, the imposter detection time is also an important factor for evaluating CA and PA models. The main two metrics that have been introduced related to imposter detection time are the Average Number of Genuine Actions (ANGA) and the Average Number of Imposter Actions (ANIA). According to the literature, most of the CA models have been developed to authenticate the user while using the computer for general purposes. However, only a few models are have been proposed to authenticate users when they are using web applications. Further, the data sets that are used to develop the above CA models are also classified into two categories as web application-based activities and general application-based activities considering the way of data collection. Patterns and variations that occur naturally when users are interacting with their web applications using mouse are called web-based mouse dynamics which are mainly captured during navigating, and reading. Among the few research conducted on web application-based mouse dynamic continues authentication models, the imposter detection time-based matrices such as ANGA and ANIA have not been considered. This paper we therefore present an approach to increase the confidentiality of web applications using a continuous authentication model optimized to reduce imposter detection time based on the user’s mouse dynamics. The proposed approach first identifies the best mouse movement features to reduce the number of mouse movements and based on those identified features, then a CA model is developed to reduce the imposter detection time. Bogazici mouse dynamic dataset is used for the training and development of the CA model since this data set contains the details such as timestamp, pointer position, and interacted application. The input data set is trained using the best models that are identified from the literature, particularly the ones with high performance for accuracy and minimal block size. Finally, an evaluation is conducted related to the accuracy and response time, and those models are compared with existing models to identify the most optimal model for web applications which reduces the imposter detection time based on mouse behavior.