Implicit authentication method for smartphone users based on rank aggregation and random forest

Abstract

Currently, the smartphone devices have become an essential part of our daily activities. Smartphone’ users run various essential applications (such as banking and e-health Apps), which contains very confidential information (e.g., credit card number and its PIN). Typically, the smartphone’s user authentication is achieved using mechanisms (password or security pattern) to verify the user identity. Although these mechanisms are cheap, simple, and quick enough for frequent logins, they are vulnerable to attacks such as shoulder surfing or smudge attack. This problem could be addressed by authenticating the users using their behaviour (i.e., touch behaviour) while using their smartphones. Such behaviours include finger’s pressure, size, and pressure time while tapping keys. Selecting features (from these behaviours) could play an important role in the authentication process’s performance. This paper aims to propose an efficient authentication method providing an implicit authentication for smartphone users while not imposing an additional cost of special hardware and addressing the limited smartphone capabilities. We first investigated feature selection techniques from the filter and wrapper approaches and then used the best one to propose our implicit authentication method. The random forest classifier is used to evaluate these techniques. It is also used to achieve the classification task in our authentication method. Using a public dataset, the experimental results showed that the filter-based technique (i.e., rank aggregation) is the best feature selection to build an implicit authentication method for the smartphone environment. It showed accuracy results around 97.80% using only 25 features out of 53 features (i.e., require less mobile resources (memory and processing power) to authenticate users. At the same time, the results showed that our method has less error rate: 2.03 FAR, 0.04 FRR, and 1.04 ERR, comparing to the related work. These promising results would be used to develop a mobile application that allows implicit authentication of legitimate owners while avoiding the traditional authentication problems and using fewer smartphone resources.