Continuous Authentication System Using Online Activities
The 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications (IEEE TrustCom-18), 2018/8
機械学習 (Machine Learning) セキュリティ・プライバシー (Security & Privacy)
- This paper poses the question, “Is it possible to identify users with just a set of Web activity logs?” The answer is yes: we can provide a continuous authentication system that does not require explicit actions by the users while monitoring their interactions regarding what they do for services as well as how they use their devices. We propose an activity-based authentication (ABA) system for active authentication that continuously verifies the identity of a user accessing multiple online services by means of their activity histories. ABA involves a machine-learning technique for authentication with a bagging- data-summarization approach, as it is difficult to identify users by using small logs. We assessed the performance and effect of various activity features extracted from the activity logs of 1,000 users of commercially deployed Web sites. Our findings provide valuable insights to guide the development of an authentication system utilizing the online activities of users.