Mario Frank scite author profile

We investigate whether a classifier can continuously authenticate users based on the way they interact with the touchscreen of a smart phone. We propose a set of 30 behavioral touch features that can be extracted from raw touchscreen logs and demonstrate that different users populate distinct subspaces of this feature space. In a systematic experiment designed to test how this behavioral pattern exhibits consistency over time, we collected touch data from users interacting with a smart phone using basic navigation maneuvers, i.e., up-down and left-right scrolling. We propose a classification framework that learns the touch behavior of a user during an enrollment phase and is able to accept or reject the current user by monitoring interaction with the touch screen. The classifier achieves a median equal error rate of 0% for intra-session authentication, 2%-3% for inter-session authentication and below 4% when the authentication test was carried out one week after the enrollment phase. While our experimental findings disqualify this method as a standalone authentication mechanism for long-term authentication, it could be implemented as a means to extend screen-lock time or as a part of a multi-modal biometric authentication system.

show abstract

SybilBelief: A Semi-Supervised Learning Approach for Structure-Based Sybil Detection

Gong

Frank

Mittal

2014

IEEE Trans.Inform.Forensic Secur.

162

105

View full text Add to dashboard Cite

show abstract

A probabilistic approach to hybrid role mining

Frank

Streich

Basin

et al. 2009

View full text Add to dashboard Cite

Role mining algorithms address an important access control problem: configuring a role-based access control system. Given a direct assignment of users to permissions, role mining discovers a set of roles together with an assignment of users to roles. The results should closely agree with the direct assignment. Moreover, the roles should be understandable from the business perspective in that they reflect functional roles within the enterprise. This requires hybrid role mining methods that work with both direct assignments and business information from the enterprise. In this paper, we provide statistical measures to analyze the relevance of different kinds of business information for defining roles. We then present an approach that incorporates relevant business information into a probabilistic model with an associated algorithm for hybrid role mining. Experiments on actual enterprise data show that our algorithm yields roles that both explain the given user-permission assignments and are meaningful from the business perspective.

show abstract

Multi-assignment clustering for Boolean data

Streich

Frank

Basin

et al. 2009

View full text Add to dashboard Cite

Mining Permission Request Patterns from Android and Facebook Applications

Frank

Dong

Felt

et al. 2012

View full text Add to dashboard Cite

Android and Facebook provide third-party applications with access to users' private data and the ability to perform potentially sensitive operations (e.g., post to a user's wall or place phone calls). As a security measure, these platforms restrict applications' privileges with permission systems: users must approve the permissions requested by applications before the applications can make privacy-or security-relevant API calls. However, recent studies have shown that users often do not understand permission requests and lack a notion of typicality of requests. As a first step towards simplifying permission systems, we cluster a corpus of 188,389 Android applications and 27,029 Facebook applications to find patterns in permission requests. Using a method for Boolean matrix factorization for finding overlapping clusters, we find that Facebook permission requests follow a clear structure that exhibits high stability when fitted with only five clusters, whereas Android applications demonstrate more complex permission requests. We also find that low-reputation applications often deviate from the permission request patterns that we identified for high-reputation applications suggesting that permission request patterns are indicative for user satisfaction or application quality.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Mario Frank

Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication

SybilBelief: A Semi-Supervised Learning Approach for Structure-Based Sybil Detection

A probabilistic approach to hybrid role mining

Multi-assignment clustering for Boolean data

Mining Permission Request Patterns from Android and Facebook Applications

Contact Info

Product

Resources

About