Active Authentication on Mobile Devices via Stylometry, Application Usage, Web Browsing, and GPS Location
Active authentication is the problem of continuously verifying the identity of a person based on behavioral aspects of their interaction with a computing device. In this paper, we collect and analyze behavioral biometrics data from 200 subjects, each using their personal Android mobile device for a period of at least 30 days. This data set is novel in the context of active authentication due to its size, duration, number of modalities, and absence of restrictions on tracked activity. The geographical colocation of the subjects in the study is representative of a large closed-world environment such as an organization where the unauthorized user of a device is likely to be an insider threat: coming from within the organization. We consider four biometric modalities: 1) text entered via soft keyboard, 2) applications used, 3) websites visited, and 4) physical location of the device as determined from GPS (when outdoors) orWiFi (when indoors).We implement and test a classifier for each modality and organize the classifiers as a parallel binary decision fusion architecture. We are able to characterize the performance of the system with respect to intruder detection time and to quantify
EXISTING SYSTEM :
The window of time based on which an active authentication system is tasked with making a binary decision is relatively short and thus contains a highly variable set of biometric information. Depending on the task the user is engaged in, some of the biometric classifiers may providemore data than others. For example, as the user chats with a friend via SMS, the text-based classifiers will be actively flooded with data, while the web browsing based classifiers may only get a few infrequent events. This motivates the recent work on multimodal authentication systems where the decisions of multiple classifiers are fused together . In this way, the verification process is more robust to the dynamic nature of human-computer interaction. The current approaches to the fusion of classifiers center around max, min, median, or majority vote combinations  With the rise of smartphone usage, active authentication on mobile devices has begun to be studied in the last few years. The large number of available sensors makes for a rich feature space to explore. Ultimately, the question is the one that we ask in this paper: what modality contributes the most to a decision fusion system toward the goal of fast, accurate verification of identity? Most of the studies focus on a single modality. For example, gait pattern was considered in  achieving an EER of 0.201 (20.1%) for 51 subjects during two short sessions, where each subject was tasked with walking down a hallway. Some studies have incorporated multiple modalities. Stylometry is the study of linguistic style. It has been extensively applied to the problems of authorship attribution, identification, and verification. See  for a thorough summary of stylometric studies in each of these three problem domains along with their study parameters and the resulting accuracy. These studies traditionally use large sets of features (see Table II in ) in combination with support vector machines (SVMs) that have proven to be effective in highdimensional feature space , even in cases when the number of features exceeds the number of samples. Nevertheless, with these approaches, often more than 500 words are required to achieve adequately low error rates . This makes them impractical for the application of real-time active authentication on mobile devices where text data comes in short bursts. While the other three modalities are not well investigated in the context of active authentication, this is not true for stylometry.
We propose to use decision fusion to asynchronously integrate the four modalities and make serial authentication decisions. While we consider here a specific set of binary classifiers, the strength of our decision-level approach is that additional classifiers can be added without having to change the basic fusion rule. Moreover, it is easy to evaluate the marginal improvement of any added classifier to the overall performance of the system.We evaluate the multimodal continuous authentication system by characterizing the error rates of local classifier decisions, fused global decisions, and the contribution of each local classifier to the fused decision. The novel aspects of our work include the scope of the data set, the particular portfolio of behavioral biometrics in the context of mobile devices, and the extent of temporal performance analysis. we consider the problem of active authentication on mobile devices, where the variety of available sensor data is much greater than on the desktop, but so is the variety of behavioral profiles, device form factors, and environments in which the device is used. Active authentication is the approach of verifying a user’s identity continuously based on various sensors commonly available on the device. We study four representative modalities of stylometry (text analysis), application usage patterns, web browsing behavior, and physical location of the device. These modalities were chosen, in part, due to their relatively low power consumption. In the remainder of the paper these four modalities will be referred to as TEXT, APP, WEB, and LOCATION, respectively. We consider the tradeoff between intruder detection time and detection error asmeasured by false accept rate (FAR) and false reject rate (FRR). The analysis is performed on a data set collected by the authors of 200 subjects using their personal Android mobile device for a period of at least 30 days. To the best of our knowledge, this data set is the first of its kind studied in active authentication literature, due to its large size , the duration of tracked activity , and the absence of restrictions on usage patterns and on the form factor of the mobile device. The geographical colocation of the participants, in particular, makes the data set a good representation of an environment such as a closed-world organization where the unauthorized user of a particular device will most likely come from inside the organization.
In this paper, we proposed a parallel binary decision-level fusion architecture for classifiers based on four biometric modalities: text, application usage, web browsing, and location. Using this fusion method we addressed the problem of active authentication and characterized its performance on a real-world data set of 200 subjects, each using their personal Android mobile device for a period of at least 30 days. The authentication system achieved an equal error rate (ERR) of 0.05 (5%) after 1 minute of user interaction with the device, and an EER of 0.01 (1%) after 30 minutes. We showed the performance of each individual classifier and its contribution to the fused global decision. The location-based classifier, while having the lowest firing rate, contributes the most to the performance of the fusion system.
 M. Duggan, “Cell phone activities 2013,” PewResearchCenter, Washington, DC, USA, 2013.
 S. Egelman et al., “Are you ready to lock?” in Proc. ACM SIGSAC Conf. Comput. Commun. Security, 2014, pp. 750–761.
 M. Harbach, E. von Zezschwitz, A. Fichtner, A. De Luca, and M. Smith, “Its a hard lock life: A field study of smartphone (un) locking behavior and risk perception,” in Proc. SOUPS, 2014, pp. 1–18.
 D. Van Bruggen et al., “Modifying smartphone user locking behavior,” in Proc. 9th Symp. Usable Privacy Security, 2013, pp. 1–14.
 C. Shen, Z. Cai, X. Guan, and J.Wang, “On the effectiveness and applicability of mouse dynamics biometric for static authentication: A benchmark study,” in Proc. IEEE 5th IAPR ICB, 2012, pp. 378–383.
 A. Fridman et al., “Decision fusion for multimodal active authentication,” IEEE IT Professional, vol. 15, no. 4, pp. 29–33, Jul. 2013.
 M. O. Derawi, C. Nickel, P. Bours, and C. Busch, “Unobtrusive user-authentication on mobile phones using biometric gait recognition,” in Proc. IEEE 6th Int. Conf. IIH-MSP, 2010, pp. 306–311.
 F. Li, N. Clarke, M. Papadaki, and P. Dowland, “Active authentication for mobile devices utilising behaviour profiling,” Int. J. Inf. Security, vol. 13, no. 3, pp. 229–244, Jun. 2014.
 T. Sim, S. Zhang, R. Janakiraman, and S. Kumar, “Continuous verification using multimodal biometrics,” IEEE Trans. Pattern Anal. Mach. Intell., vol. 29, no. 4, pp. 687–700, Apr. 2007.
 J. Kittler, M. Hatef, R. Duin, and J. Matas, “On combining classifiers,” IEEE Trans. Pattern Anal. Mach. Intell., vol. 20, no. 3, pp. 226–239, Mar. 1998