Title:

Intrusion detector based on mouse dynamics analysis

United States Patent Application 20040221171

Kind Code:

A1

Abstract:

A biometric intrusion detection system based on mouse dynamics analysis, the analysis of mouse dynamics for a specific user generates a number of factors (Mouse Dynamics Signature) which can be used to ensure the identity of the user, an intelligent detection technique is developed to recognize differences in behaviors and detect intrusion.

Inventors:

Ahmed, Ahmed Awad E. (Victoria, CA)
Traore, Issa (Victoria, CA)

Application Number:

10/427810

Publication Date:

11/04/2004

Filing Date:

05/02/2003

Export Citation:

Click for automatic bibliography generation

Assignee:

AHMED AHMED AWAD E.
TRAORE ISSA

Primary Class:

726/23

International Classes:

G06F21/00; (IPC1-7): G06F11/30

View Patent Images:

Download PDF 20040221171

Related US Applications:

20050182973	Information storage device, security system, access permission method, network access method and security process execution permission method	August, 2005	Funahashi et al.
20090025076	Mail certificate responder	January, 2009	Rowley
20100088753	IDENTITY AND AUTHENTICATION SYSTEM USING ALIASES	April, 2010	Ayres et al.
20080163370	Hardware-based detection and containment of an infected host computing device	July, 2008	Maynard
20020116611	Secure distributed on-line certification authority	August, 2002	Zhou et al.
20020157024	Intelligent security association management server for mobile IP networks	October, 2002	Yokote
20080201778	INTRUSION DETECTION USING SYSTEM CALL MONITORS ON A BAYESIAN NETWORK	August, 2008	Guo et al.
20050240990	Systems and methods for managing networks	October, 2005	Trutner et al.
20050044415	Network device and method available for use under non-security mode	February, 2005	Yook et al.
20090310160	PRINTED MATTER MANAGING SYSTEM	December, 2009	Kai et al.
20070300297	System and Method for Tracking the Security Enforcement in a Grid System	December, 2007	Dawson et al.

Primary Examiner:

CERVONE, MICHAEL ANTHONY

Attorney, Agent or Firm:

Ahmed Awad E. Ahmed (Victoria, BC, CA)

Claims:

1. By monitoring and analyzing mouse dynamics for a specific user over a period of time it is possible to produce what is called a ‘Mouse Dynamics Signature’, Mouse Dynamics Signature is a set of curves describing the monitored behavior and characterizing the mouse dynamics of the user over that period of time.

2. By continuously monitoring mouse dynamics on an active workstation, and comparing the calculated mouse dynamics signature over a period of time to the stored mouse signature of the user who is logged in to the workstation it is possible to detect intrusion.

Description:

BACKGROUND OF THE INVENTION

[0001] The main focus of this research is the development of an intelligent intrusion detection system that utilizes user biometric information in the identification and verification processes.

[0002] Biometric based detectors are considered of the most fast and accurate detectors, in this patent we introduce a new biometric detector, mouse dynamics detector. The detector functionality is to observe the user behavior, acquire input data, and analyze it in order to produce a list of factors characterizing the user behavior.

BRIEF SUMMARY OF THE INVENTION

[0003] By monitoring mouse dynamics information, and analyzing the characteristics of this input over different sessions it is possible to calculate a user identification signature that can be used to ensure the user identity and detect any possible intrusion or misuse of the system.

BRIEF DESCRIPTION OF THE DRAWINGS

[0004] FIG. 1 illustrates the generation of a mouse dynamics signature.

[0005] FIG. 2a shows a comparison of two mouse dynamics signatures for the same user.

[0006] FIG. 2b shows a comparison of mouse dynamics signatures for two different users.

DETAILED DESCRIPTION OF THE INVENTION

[0007] 1. Mouse Movement Analysis

[0008] In this detector mouse actions are recorded and processed on a real time basis, movement characteristics being analyzed to produce a set of factors characterizing the behavior, the aim of the research work in this area is to produce what is called a mouse dynamics signature for each registered user.

[0009] This signature is constructed from a set of factors describing the user behavior, using this signature the system will be able to detect if unauthorized user is using the system.

[0010] 2. Classification of Actions

[0011] Mouse input actions can be classified as follows:

[0012] Movement (General Movement)

[0013] Drag and Drop (the action starts with mouse button down, movement, then mouse button up)

[0014] Point & Click (mouse movement followed by a click or double click)

[0015] Silence (No Movement)

[0016] From the above mentioned classification, the analysis can be divided into two categories, movement analysis, and silence analysis; different approaches are used in each category to collect the factors characterizing it.

[0017] Following are some examples on the type of factors collected from each analysis.

[0018] Movement Analysis Examples:

[0019] Calculating the average speed compared to the traveled distance, this produces three graphs for the 3 types of movement actions

[0020] Calculating average speed compared to the movement direction, 8 different directions are considered

[0021] Calculating the average traveled distance for a specific period of time, with regards to different movement directions; from this data we can build a pattern for the use of different directions.

[0022] Silence Analysis Examples:

[0023] Calculating the average of silence periods between movements

[0024] Calculating amount of silence in a period of time

[0025] Comparing the percentage of the silence time to movement time in a period of time

[0026] Determining weights for different movement directions to answer the following questions:

[0027] What is the major movement direction to start movement after a silence period

[0028] What is the major movement direction to end with before a silence period

[0029] Factors collected from the above mentioned analysis are passed to a detection unit which uses neural networks to compare the collected input data against a pre analyzed heuristic information, produce what we call ‘suspicious ratio’, and apply a decision making algorithm to propose the proper action.

[0030] An example of the mouse dynamics signature is the traveled distance/movement speed curve (FIG. 1), a neural network is used to model this curve, the network is trained with the collected raw data, mouse dynamics signature is a curve generated from the output (movement speed) of the trained network against an input presenting the full spectrum of the traveled distances.

[0031] A learning/tuning algorithm is used to improve the efficiency of the system for a reliable and accurate detection, and decrease the false acceptance/rejection ratios.

[0032] FIG. 2 shows an example of the comparison process for two different cases, FIG. 2a shows a recorded mouse dynamics signature compared to reference signature of the same user, and FIG. 2b shows a recorded mouse dynamics signature of an intruder compared to reference signature of the logged in user.

[0033] Intrusion is detected if the difference between the curves is over a pre calculated threshold limit.

Previous Patent: System and method for monitoring software

Next Patent: Adaptive transparent encryption