Mimi Wang

A continuous identity verification method based on free-text keystroke dynamics

Currently, existing continuous identity verification methods mostly need to analyze a lot of keystroke data to ensure the authentication credibility. To achieve certification results with less data, in the paper, a new continuous verification method is proposed. This method, based on free-text keystroke dynamics, excavates the nearest character sequences of the users from their typing patterns, then builds Gaussian model based on the users nearest character sequences, and at last grades the attempts to verify identity of the users based on Gaussian probability density function. Experimental results demonstrate that efficacy of the proposed method with accuracy of 90.5%, which achieve a false-alarm-rate of 5.3% under thirty characters. In the field of continuous identity verification, our method can be applied to reduce the verification cycle and ensure the reliability of the verification.

A Kind of Identity Authentication Method Based on Browsing Behaviors

Due to the continued growth threat in Phishing, a kind of stable identity authentication method is highly needed based on individual characteristics just like browsing behaviors. Most of the existing researches focused on browsing behavior patterns of group users are used in personal recommendation, website structure optimization or web prediction. In order to ensure the validity of user identity and the security of e-commerce, we construct personalized user browsing behavior model based on ARM (Association Rule Mining) from Web usage log. We compare real-time browsing behaviors with history model to identify a users real identity in Web pages accessed. According to the results of the experiments, for the illegal users, this method can attain 91.3% detection rate with below 10% false alarm rate. Thus, it can achieve high real-time and recognition efficiency.

A kind of mouse behavior authentication method on dynamic soft keyboard

Existing researches on user mouse authentication mostly focus on fixed tracks, which leads to the lack of practicability. This paper is not restricted to fixed tracks and models the non-fixed mouse behavior pattern. By simulating scenarios of dynamic soft keyboard, mouse behavior data in relatively free tracks is collected. New mouse characteristics are proposed based on the behavioral trait. Mouse behavior feature vector is obtained by using a combination of Cumulative Distribution Function (CDF) and Plus-L Minus-R Selection (LRS). The Support Vector Machine (SVM) algorithm is adopted to build patterns, and the majority voting method is used for user authentication. Experimental results demonstrate the efficacy of the proposed method with a classification accuracy of 96.3%, which achieves a FAR of 1.98%, and a FRR of 2.10%. The proposed method can be adopted in non-fixed traces, which can be used as an assistant method for password authentication mechanism in real-world dynamic soft keyboard scenarios.

A behavioral authentication method for mobile gesture against resilient user posture

The password pattern has become a widely used mobile authentication method. However, there are still some potential security problems since the passwords are easy to be cracked by some malicious software. An important research direction of improving its security is adding behavior pattern into the password pattern. The existing methods mainly used users gesture behavior data such as the location, pressure and contact area of finger collected by touch screen to build a behavior authentication model, which did not consider the influence of users posture on users gesture behavior. This paper aims to propose a gesture authentication construction method that is resilient against the change of users posture. Firstly, for the posture behavior data collected by mobiles orientation sensor and acceleration sensor, we use K-means algorithm to get users postures. Secondly, we train a gesture authentication sub-model for each posture based on the data collected by touch screen. Finally, we give a behavior authentication method based on these models. Our experimental result shows that the method achieves an effect of 4.36% False Acceptance Rate (FAR) and 5.03% False Rejection Rate (FRR).

Modeling and Vulnerable Points Analysis for E-commerce Transaction System with a Known Attack

With the rapid development of network and mobile terminal, online trading has become more and more widespread. However, E-commerce transaction systems aren’t completely strong due to the openness of network. Some points of a system is vulnerable in the real world and thus they can be utilized by attackers and cheaters. We focus on E-commerce transaction systems with attacks, and propose a kind of Petri nets called VET-net (Vulnerable E-commerce Transaction nets) to model them. A VET-net considers both normal actions belonging to the related system and malicious actions ones such as tampering with a data. Based on VET-net, this paper proposes the concepts of vulnerable points and vulnerable levels in order to describe the cause and levels of vulnerability. And then it uses the dynamic sling method to locate the vulnerable points. A real example is used to illustrate the effectiveness and rationality of our concepts and method.

Computation of Secure Consistency for Real Systems

In real applications, many systems have the different security, but their securities are considered to be consistent. In other words, two workflow net systems with different security policies, are thought to be completely similar (i.e., their similarity degree is 1) by the formula proposed by Mendling et al. However, we find that their definition is not accurate. The reason is that the related definition does not accurately feature the relations of transitions. Therefore, this paper refines the relations of transitions based on event relations in the branching processes. And then to distinguish these two systems, we define the security consistency and security consistency degree, and propose a new formula to compute the security similarity degree of two nets. Additionally, this paper utilizes some examples to show these definitions, computation as well as the advantages.