A4 Article in conference proceedings
Estimating Accuracy of Mobile-Masquerader Detection Using Worst-Case and Best-Case Scenario (2006)

Mazhelis, O., Puuronen, S., & Raento, M. (2006). Estimating Accuracy of Mobile-Masquerader Detection Using Worst-Case and Best-Case Scenario. In P. Ning, S. Qing, & N. Li (Eds.), Information and communications security : 8th international conference, ICICS 2006, Raleigh, NC, USA, December 4-7, 2006 : proceedings (pp. 302-321). Springer. Lecture Notes in Computer Science, 4307. https://doi.org/10.1007/11935308_22

JYU authors or editors

Publication details

All authors or editors: Mazhelis, Oleksiy; Puuronen, Seppo; Raento, Mika

Parent publication: Information and communications security : 8th international conference, ICICS 2006, Raleigh, NC, USA, December 4-7, 2006 : proceedings

Parent publication editors: Ning, Peng; Qing, Sihan; Li, Ninghui

Place and date of conference: Raleigh, NC, USA, 4.-7.12.2006

ISBN: 978-3-540-49496-6

eISBN:  978-3-540-49497-3

Journal or series: Lecture Notes in Computer Science

ISSN: 0302-9743

eISSN: 1611-3349

Publication year: 2006

Number in series: 4307

Pages range: 302-321

Number of pages in the book: 558

Publisher: Springer

Place of Publication: Berlin

Publication country: Germany

Publication language: English

DOI: https://doi.org/10.1007/11935308_22

Publication open access: Not open

Publication channel open access: 

Abstract

In order to resist an unauthorized use of the resources accessible through mobile terminals, masquerader detection means can be employed. In this paper, the problem of mobile-masquerader detection is approached as a classification problem, and the detection is performed by an ensemble of one-class classifiers. Each classifier compares a measure describing user behavior or environment with the profile accumulating the information about past behavior and environment. The accuracy of classification is empirically estimated by experimenting with a dataset describing the behavior and environment of two groups of mobile users, where the users within groups are affiliated with each other. It is assumed that users within a group have similarities in their behavior and environment and hence are more difficult to differentiate, as compared with distinguishing between the users of different groups. From the practical detection perspective, the former case corresponds to the “worst-case” scenario where the masquerader has a rich knowledge of the user behavior and environment and is able to mimic them, while the latter case corresponds to the “best-case” scenario, where the masquerader makes little or no attempt to mimic the behavior and environment of the user. The classification accuracies are also evaluated for different levels of false rejection errors. The obtained results indicate that, when smaller values of false rejection errors are required, ensembles of few best-performing classifiers are preferable, while a five-classifier ensemble achieves better accuracy when higher levels of false rejection errors are tolerated.

Keywords: mobile devices; users; recognition

Free keywords: Intrusion Detection; Anomaly Detection; Mobile Terminal; Legitimate User

Contributing organizations

Ministry reporting: Yes

Preliminary JUFO rating: Not rated