Roman V. Yampolskiy

Behavioural biometrics: a survey and classification

This study is a survey and classification of the state-of-the-art in behavioural biometrics which is based on skills, style, preference, knowledge, motor-skills or strategy used by people while accomplishing different everyday tasks such as driving an automobile, talking on the phone or using a computer. The authors examine current research in the field and analyse the types of features used to describe different types of behaviour. After comparing accuracy rates for verification of users using different behavioural biometric approaches, researchers address privacy issues which arise or might arise in the future with the use of behavioural biometrics.

Embedded noninteractive continuous bot detection

Multiplayer online computer games are quickly growing in popularity, with millions of players logging in every day. While most play in accordance with the rules set up by the game designers, some choose to utilize artificially intelligent assistant programs, a.k.a. bots, to gain an unfair advantage over other players. In this article we demonstrate how an embedded noninteractive test can be used to prevent automatic artificially intelligent players from illegally participating in online game-play. Our solution has numerous advantages over traditional tests, such as its nonobtrusive nature, continuous verification, and simple noninteractive and outsourcing-proof design.

Anomaly Detection Based Intrusion Detection

This paper is devoted to the problem of neural networks as means of intrusion detection. We show that properly trained neural networks are capable of fast recognition and classification of different attacks. The advantage of the taken approach allows us to demonstrate the superiority of the neural networks over the systems that were created by the winner of the KDD Cups competition and later researchers due to their capability to recognize an attack, to differentiate one attack from another, i.e. classify attacks, and, the most important, to detect new attacks that were not included into the training set. The results obtained through simulations indicate that it is possible to recognize attacks that the intrusion detection system never faced before on an acceptably high level

Human Computer Interaction Based Intrusion Detection

In this paper we survey the state of the art in human computer interaction based biometrics which are based on abilities, style, preference, knowledge, or strategy used by people while working with a computer. We examine current research and analyze the types of features used to describe HCI behavior. After comparing accuracy rates for verification of users using different HCI-based biometric approaches we address privacy issues which arise with the use of HCI dependant biometrics. Finally, we present results of our experiments with behavior-based intrusion detection in online game networks based on the strategy utilized by the players

Mimicry Attack on Strategy-Based Behavioral Biometric

Biometric security measures are becoming a popular approach to securing computer systems, computer networks, as well as access to workplaces and recreational facilities. Unfortunately biometric systems can be a target of impersonation attacks, making their security questionable. In this paper we concentrate on ways of spoofing behavioral biometrics and analyze the types of spoofing attacks which can be employed against biometric systems. The concept of strategy-based behavioral biometrics is introduced followed by our experimental results from spoofing security systems based on strategy-based biometric technology. Finally an existing methodology is suggested to counteract spoofing attacks against behavior-based biometric systems.

Direct and Indirect Human Computer Interaction Based Biometrics

In this paper we survey the state of the art in direct and indirect human computer interaction based biometrics. Direct HCI biometrics are based on abilities, style, preference, knowledge, or strategy used by people while working with a computer. The indirect HCI-based biometrics are events that can be obtained by monitoring users’ HCI behavior indirectly via observable low-level actions of computer software. We examine current research and analyze the types of features used to describe HCI behavior. After comparing accuracy rates for verification of users using different HCI- based biometric approaches we address privacy issues which arise with the use of HCI dependant biometrics. Finally, we present results of our experiments with direct and indirect HCI-based behavioral biometrics employed as a part of an intrusion detection system.

Behavioral Biometrics for Verification and Recognition of Malicious Software Agents

Homeland security requires technologies capable of positive and reliable identification of humans for law enforcement, government, and commercial applications. As artificially intelligent agents improve in their abilities and become a part of our everyday life, the possibility of using such programs for undermining homeland security increases. Virtual assistants, shopping bots, and game playing programs are used daily by millions of people. We propose applying statistical behavior modeling techniques developed by us for recognition of humans to the identification and verification of intelligent and potentially malicious software agents. Our experimental results demonstrate feasibility of such methods for both artificial agent verification and even for recognition purposes.

Analyzing User Password Selection Behavior for Reduction of Password Space

This paper presents a comprehensive survey of recent literature on the topic of password dictionaries for alphanumeric and graphical user authentication approaches including some password schemes proposed by the author. After different methods used for reduction of password space are introduced, they are analyzed and compared with the intent of finding a common flaw of user authentication mechanisms, which allows for the development of such password dictionaries by hackers. Our conclusion is that any user authentication system, which allows users to exercise choice in selection of their passwords, is vulnerable to the password space reduction methods presented in this paper and so should not be utilized

Use of behavioral biometrics in intrusion detection and online gaming

Behavior based intrusion detection is a frequently used approach for insuring network security. We expend behavior based intrusion detection approach to a new domain of game networks. Specifically, our research shows that a unique behavioral biometric can be generated based on the strategy used by an individual to play a game. We wrote software capable of automatically extracting behavioral profiles for each player in a game of Poker. Once a behavioral signature is generated for a player, it is continuously compared against players current actions. Any significant deviations in behavior are reported to the game server administrator as potential security breaches. Our algorithm addresses a well-known problem of user verification and can be re-applied to the fields beyond game networks, such as operating systems and non-game networks security.

Secure Network Authentication with PassText

Network security partially depends on reliable user authentication; unfortunately currently used passwords are not completely secure. We have designed an authentication schema with a password, which is easy to remember and can be relatively quickly provided to the system, while at the same time remaining impossible to break with brute force alone. We have also proposed a novel measure of password length and compared password spaces of many popular alphanumeric and graphical authentication schemas against the one proposed in this paper