Informatics, TU Vienna

User Mobility Patterns

A Gold Mine for Intrusion Detection of Mobile Devices.

Abstract

Theft of confidential data by unauthorized users accounts for much of the financial losses due to computer crime. However, most user authentication techniques for portable computers require explicit authentication. In the first part of this talk, we present an implicit re-authentication schemes for portable devices that monitors the user specific patterns based on file system and network activities. The various parameters relevant to these activities are mapped into a multidimensional vector space and a k-means clustering algorithm is used to construct a normal user model. Intruders are detected by measuring the distance between two distribution vectors.

While the above activities are useful for some types of devices, smart phones enable us to track the user behavior by observing spatio-temporal patterns. In the second part of our talk we present two statistical profiling techniques that allow us to detect anomalies corresponding to intruder patterns. Our techniques fall in the category of non-parametric collective detection anomaly models. Probabilities are extracted from the traces and anomalies correspond to a low probability region of the stochastic model. The first technique takes into account the location-in –time of users and computes the cumulative probabilities of trace samples. The second, considers also the transition probabilities between locations to construct the Markov sequence probabilities of trace samples. We present the results of our experimental evaluation based on the Reality Mining and Geolife data sets that show that our system is capable of detecting a potential intruder with 90-95 % accuracy.

Biography

Peter Scheuermann is a Professor of Electrical Engineering and Computer Science at Northwestern University. He has held visiting professor positions with the Free University of Amsterdam, the Technical University of Berlin, the Swiss Federal Institute of Technology, Zurich and University of Melbourne. Dr. Scheuermann has served on the editorial board of the Communications of ACM, The VLDB Journal, IEEE Transactions on Knowledge and Data Engineering and is currently an associate editor of Data and Knowledge Engineering, Wireless Networks and ACM Transactions on Spatial Algorithms and Systems (TSAS). Among his professional activities, he has served as General chair of the ACM-SIGMOD Conference in 1988, General chair of the ER ‘2003 Conference and more recently as Program Co-Chair of the ACM-SIGPATIAL conference in 2009. His research interests are in spatio-temporal databases, mobile computing, sensor networks, data warehousing and data mining. He has published more than 140 journal and conference papers. His research has been funded by NSF, NASA, HP, Northrop Grumman, and BEA, among others. Peter Scheuermann is a Fellow of IEEE and AAAS.

Note

This talk is organized by the Vienna PhD School of Informatics and part of the lecture series "Current Trends in Computer Science".