A Correlation Framework for Continuous User Authentication Using Data Mining |
The ever-increasing security breaches by both external and internal intruders highlight the lack of security measures in many current systems. Extensive work has been carried out to address this problem, for example by enhancing the initial login stage in order to overcome the security flaws of traditional authentication methods. However, in the event that an unauthorised user compromises a systems initial authentication, the user is in the position to do virtually anything without being further challenged. This has caused interest in the concept of continuous authentication during a user?s active session based upon their behaviour characteristics, which inevitably involves the analysis of vast amounts of data. Whereas most reported work in this area uses statistical approaches to model the temporal regularities exhibited by users, this paper presents a series of comparative studies carried out using Data Mining techniques and algorithms. It presents the result of the analysis carried out and discusses a proposed systematic correlation framework for continuous user authentication using the Data Mining methodology adopted in the comparative studies. This paper shows how the correlation framework could be used to automate the analysis of the generated audit data as well as the processes involved in authenticating users in a networked environment.
Singh H, Furnell SM, Haskell-Dowland PS (Dowland PS), Lines BL, Kaur S