Issa Traore

A New Biometric Technology Based on Mouse Dynamics

In this paper, we introduce a new form of behavioral biometrics based on mouse dynamics, which can be used in different security applications. We develop a technique that can be used to model the behavioral characteristics from the captured data using artificial neural networks. In addition, we present an architecture and implementation for the detector, which cover all the phases of the biometric data flow including the detection process. Experimental data illustrating the experiments conducted to evaluate the accuracy of the proposed detection technique are presented and analyzed. Specifically, three series of experiments are conducted. The main experiment, in which 22 participants are involved, reproduces real operating conditions in computing systems by giving participants an individual choice of operating environments and applications; 284 hours of raw mouse data are collected over 998 sessions, with an average of 45 sessions per user. The two other experiments, involving seven participants, provided a basis for studying the confounding factors arising from the main experiment by fixing the environment variables. In the main experiment, the performance results presented using receiver operating characteristic (ROC) curves and a confusion matrix yield at the crossover point (that is, the threshold set for an equal error rate) a false acceptance rate (FAR) of 2.4649 percent and a false rejection rate (FRR) of 2.4614 percent.

Detecting New Forms of Network Intrusion Using Genetic Programming

How to find and detect novel or unknown network attacks is one of the most important objectives in current intrusion detection systems. In this paper, a rule evolution approach based on Genetic Programming (GP) for detecting novel attacks on networks is presented and four genetic operators, namely reproduction, mutation, crossover, and dropping condition operators, are used to evolve new rules. New rules are used to detect novel or known network attacks. A training and testing dataset proposed by DARPA is used to evolve and evaluate these new rules. The proof of concept implementation shows that a rule generated by GP has a low false positive rate (FPR), a low false negative rate and a high rate of detecting unknown attacks. Moreover, the rule base composed of new rules has high detection rate with low FPR. An alternative to the DARPA evaluation approach is also investigated.

Botnet detection based on traffic behavior analysis and flow intervals

Botnets represent one of the most serious cybersecurity threats faced by organizations today. Botnets have been used as the main vector in carrying many cyber crimes reported in the recent news. While a significant amount of research has been accomplished on botnet analysis and detection, several challenges remain unaddressed, such as the ability to design detectors which can cope with new forms of botnets. In this paper, we propose a new approach to detect botnet activity based on traffic behavior analysis by classifying network traffic behavior using machine learning. Traffic behavior analysis methods do not depend on the packets payload, which means that they can work with encrypted network communication protocols. Network traffic information can usually be easily retrieved from various network devices without affecting significantly network performance or service availability. We study the feasibility of detecting botnet activity without having seen a complete network flow by classifying behavior based on time intervals. Using existing datasets, we show experimentally that it is possible to identify the presence of existing and unknown botnets activity with high accuracy even with very small time windows.

Detecting P2P botnets through network behavior analysis and machine learning

Botnets have become one of the major threats on the Internet for serving as a vector for carrying attacks against organizations and committing cybercrimes. They are used to generate spam, carry out DDOS attacks and click-fraud, and steal sensitive information. In this paper, we propose a new approach for characterizing and detecting botnets using network traffic behaviors. Our approach focuses on detecting the bots before they launch their attack. We focus in this paper on detecting P2P bots, which represent the newest and most challenging types of botnets currently available. We study the ability of five different commonly used machine learning techniques to meet online botnet detection requirements, namely adaptability, novelty detection, and early detection. The results of our experimental evaluation based on existing datasets show that it is possible to detect effectively botnets during the botnet Command-and- Control (C&C) phase and before they launch their attacks using traffic behaviors only. However, none of the studied techniques can address all the above requirements at once.

Improving Mouse Dynamics Biometric Performance Using Variance Reduction via Extractors With Separate Features

The European standard for access control imposes stringent performance requirements on commercial biometric technologies that few existing recognition systems are able to meet. In this correspondence paper, we present the first mouse dynamics biometric recognition system that fulfills this standard. The proposed system achieves notable performance improvement by developing separate models for separate feature groups involved. The improvements are achieved through the use of a fuzzy classification based on the Learning Algorithm for Multivariate Data Analysis and using a score-level fusion scheme to merge corresponding biometric scores. Evaluation of the proposed framework using mouse data from 48 users achieves a false acceptance rate of 0% and a false rejection rate of 0.36%.

Biometric Recognition Based on Free-Text Keystroke Dynamics

Accurate recognition of free text keystroke dynamics is challenging due to the unstructured and sparse nature of the data and its underlying variability. As a result, most of the approaches published in the literature on free text recognition, except for one recent one, have reported extremely high error rates. In this paper, we present a new approach for the free text analysis of keystrokes that combines monograph and digraph analysis, and uses a neural network to predict missing digraphs based on the relation between the monitored keystrokes. Our proposed approach achieves an accuracy level comparable to the best results obtained through related techniques in the literature, while achieving a far lower processing time. Experimental evaluation involving 53 users in a heterogeneous environment yields a false acceptance ratio (FAR) of 0.0152% and a false rejection ratio (FRR) of 4.82%, at an equal error rate (EER) of 2.46%. Our follow-up experiment, in a homogeneous environment with 17 users, yields FAR=0% and FRR=5.01%, at EER=2.13%.

Authorship verification for short messages using stylometry

Authorship verification can be checked using stylometric techniques through the analysis of linguistic styles and writing characteristics of the authors. Stylometry is a behavioral feature that a person exhibits during writing and can be extracted and used potentially to check the identity of the author of online documents. Although stylometric techniques can achieve high accuracy rates for long documents, it is still challenging to identify an author for short documents, in particular when dealing with large authors populations. These hurdles must be addressed for stylometry to be usable in checking authorship of online messages such as emails, text messages, or twitter feeds. In this paper, we pose some steps toward achieving that goal by proposing a supervised learning technique combined with n-gram analysis for authorship verification in short texts. Experimental evaluation based on the Enron email dataset involving 87 authors yields very promising results consisting of an Equal Error Rate (EER) of 14.35% for message blocks of 500 characters.

The Proactive and Reactive Digital Forensics Investigation Process: A Systematic Literature Review

Recent papers have urged the need for new forensic techniques and tools able to investigate anti-forensics methods, and have promoted automation of live investigation. Such techniques and tools are called proactive forensic approaches, i.e., approaches that can deal with digitally investigating an incident while it occurs. To come up with such an approach, a Systematic Literature Review (SLR) was undertaken to identify and map the processes in digital forensics investigation that exist in literature. According to the review, there is only one process that explicitly supports proactive forensics, the multicomponent process [1]. However, this is a very high-level process and cannot be used to introduce automation and to build a proactive forensics system. As a result of our SLR, a derived functional process that can support the implementation of a proactive forensics system is proposed.

Biometric Authentication Using Mouse Gesture Dynamics

The mouse dynamics biometric is a behavioral biometric technology that extracts and analyzes the movement characteristics of the mouse input device when a computer user interacts with a graphical user interface for identification purposes. Most of the existing studies on mouse dynamics analysis have targeted primarily continuous authentication or user reauthentication for which promising results have been achieved. Static authentication (at login time) using mouse dynamics, however, appears to face some challenges due to the limited amount of data that can reasonably be captured during such a process. In this paper, we present a new mouse dynamics analysis framework that uses mouse gesture dynamics for static authentication. The captured gestures are analyzed using a learning vector quantization neural network classifier. We conduct an experimental evaluation of our framework with 39 users, in which we achieve a false acceptance ratio of 5.26% and a false rejection ratio of 4.59% when four gestures were combined, with a test session length of 26.9 s. This is an improvement both in the accuracy and validation sample, compared to the existing mouse dynamics approaches that could be considered adequate for static authentication. Furthermore, to our knowledge, our work is the first to present a relatively accurate static authentication scheme based on mouse gesture dynamics.

Combining Mouse and Keystroke Dynamics Biometrics for Risk-Based Authentication in Web Environments

Existing risk-based authentication systems rely on basic web communication information such as the source IP address or the velocity of transactions performed by a specific account, or originating from a certain IP address. Such information can easily be spoofed, and as such, put in question the robustness and reliability of the proposed systems. In this paper, we propose a new online risk-based authentication system that provides more robust user identity information by combining mouse dynamics and keystroke dynamics biometrics in a multimodal framework. Experimental evaluation of our proposed model with 24 participants yields an Equal Error Rate of 8.21%, which is promising considering that we are dealing with free text and free mouse movements, and the fact that many web sessions tend to be very short.