Continuous Authentication of Smartphones Based on Application Usage

An empirical investigation of active/continuous authentication for smartphones is presented by exploiting users’ unique application usage data, i.e., distinct patterns of use, modeled by a Markovian process. Specifically, variations of hidden Markov models (HMMs) are evaluated for continuous user verification, and challenges due to the sparsity of session-wise data, an explosion of states, and handling unforeseen events in the test data are tackled. Unlike traditional approaches, the proposed formulation utilizes the complete app-usage information to achieve low latency. Through experimentation, empirical assessment of the impact of unforeseen events, i.e., unknown applications and unforeseen observations, on user verification is done via a modified edit-distance algorithm for sequence matching. It is found that for enhanced verification performance, unforeseen events should be considered. For validation, extensive experiments on two distinct datasets, namely, UMDAA-02 and Securacy, are performed. Using the marginally smoothed HMM a low equal error rate (EER) of 16.16% is reached for the Securacy dataset and the same method is found to be able to detect an intrusion within ~2.5 min of application use.

Mahbub Upal, Komulainen Jukka, Ferreira Denzil, Chellappa Rama

A1 Journal article – refereed

U. Mahbub, J. Komulainen, D. Ferreira and R. Chellappa, "Continuous Authentication of Smartphones Based on Application Usage," in IEEE Transactions on Biometrics, Behavior, and Identity Science, vol. 1, no. 3, pp. 165-180, July 2019. doi: 10.1109/TBIOM.2019.2918307