This paper addresses the problem of efficient intrusion detection for mobile devices via correlating the user's location and time data. We developed two statistical profiling approaches for modeling the normal spatio-temporal behavior of the users: one based on an empirical cumulative probability measure and the other based on the Markov properties of trajectories. An anomaly is detected when the probability of a particular (location, time) evolution matching the normal behavior of a given user becomes lower than a certain threshold, determined by controlling the recall rate of the model of the normal user's behavior. We used compression techniques to reduce processing overhead while maintaining high accuracy. Our evaluation based on the Reality Mining and Geolife data sets shows that the proposed system is capable of detecting a potential intrusion within 15 min and with 94 % accuracy.
Abstract. Portable computers are used to store and access sensitive information. They are frequently used in insecure locations with little or no physical protection, and are therefore susceptible to theft and unauthorized access. We propose an implicit user re-authentication system for portable computers that requires no application changes or hardware modifications. The proposed technique observes user-specific patterns in filesystem activity and network access to build models of normal behavior. These are used to distinguish between normal use and anomalous use. We describe these automated model generation and user detection techniques, and explain how to efficiently implement them in a wireless distributed system composed of servers and battery-powered portable devices. The proposed system is able to distinguish between normal use and attack with an accuracy of approximately 90% every 5 minutes and consumes less than 12% of a typical laptop battery in 24 hours.
Abstract:Mobile devices such as smart phones and laptops are in common use and carry a vast amount of personal data. This paper presents an efficient behavior-based system for rapidly detecting the theft of mobile devices in order to protect the private data of their users. Our technique uses spatio-temporal information to construct models of user motion patters. These models are used to detect theft, which may produce anomalous spatio-temporal patterns. We consider two types of user models, each of which builds on the relationship between location and time of day. Our evaluation, based on the Reality Mining dataset, shows that our system is capable of detecting an attack within 15 minutes with 81% accuracy.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.