Detecting abnormal user behavior through pattern-mining input device analytics
Article No.: 11, Pages 1 - 13
Abstract
This paper presents a method for detecting patterns in the usage of a computer mouse that can give insights into user's cognitive processes. We conducted a study using a computer version of the Memory game (also known as the Concentration game) that allowed some participants to reveal the content of the tiles, expecting their low-level mouse interaction patterns to deviate from those of normal players with no access to this information. We then trained models to detect these differences using task-independent input device features. The models detected cheating with 98.73% accuracy for players who cheated or did not cheat consistently for entire rounds of the game, and with 89.18% accuracy for cases in which players enabled and then disabled cheating within rounds.
References
[1]
A. A. E. Ahmed and I. Traore. A new biometric technology based on mouse dynamics. IEEE Transactions on Dependable and Secure Computing, 4(3): 165--179, 2007.
[2]
E. Arroyo, T. Selker, and W. Wei. Usability tool for analysis of web designs using mouse tracks. In CHI'06 extended abstracts on Human factors in computing systems, pages 484--489, 2006.
[3]
T. Barik, B. E. Harrison, D. L. Roberts, and X. Jiang. Spatial game signatures for bot detection in social games. In AIIDE, 2012.
[4]
M. Blum, L. Von Ahn, J. Langford, and N. Hopper. The captcha project, "completely automatic public turing test to tell computers and humans apart". School of Computer Science, Carnegie-Mellon University, http://www.captcha.net, 2000.
[5]
L. Breiman. Random forests. Machine learning, 45(1): 5--32, 2001.
[6]
M. Chen, J. R. Anderson, and M. Sohn. What can a mouse cursor tell us more? correlation of eye/mouse movements on web browsing. In Extended Abstracts CHI 2001, 2001.
[7]
Ellipsis. Human presence, Jan 2015.
[8]
P. M. Fitts. The information capacity of the human motor system in controlling the amplitude of movement. Journal of Experimental Psychology, 47(6): 381--391, 1954.
[9]
Google. Google recaptcha, Jan 2015.
[10]
W. D. Gray and D. A. Boehm-Davis. Milliseconds matter: An introduction to microstrategies and to their use in describing and predicting interactive behavior. Journal of Experimental Psychology: Applied, 6(4): 322, 2000.
[11]
W. D. Gray and W. T. Fu. Soft constraints in interactive behavior: The case of ignoring perfect knowledge in-the-world for imperfect knowledge in-the-head. Cognitive Science, 28(3): 359--382, 2004.
[12]
E. Kirda, C. Kruegel, G. Banks, G. Vigna, and R. Kemmerer. Behavior-based spyware detection. In Usenix Security, volume 6, 2006.
[13]
P. Kirkpatrick. Probability theory of a simple card game. The Mathematics Teacher, pages 245--248, 1954.
[14]
T. Lunt, R. Jagannathan, R. Lee, A. Whitehurst, and S. Listgarten. Knowledge-based intrusion detection. In AI Systems in Government Conference, 1989., Proceedings of the Annual, pages 102--107, Mar 1989.
[15]
F. Monrose and A. Rubin. Authentication via keystroke dynamics. In Proceedings of the 4th ACM conference on Computer and communications security, pages 48--56, 1997.
[16]
S. T. Mueller and C. T. Weidemann. Alphabetic letter identification: effects of perceivability, similarity, and bias. Acta Psychologica, 139(1): 19--37, 2012.
[17]
B. Pan, H. Hembrooke, G. Gay, L. Granka, M. Feusner, and J. Newman. The determinants of web page viewing behavior: An eye tracking study. In Proceedings of Eye Tracking Research Assocation Conference (ETRA), 2004.
[18]
F. Pedregosa, G. Varoquaux, A. Gramfort, V. Michel, B. Thirion, O. Grisel, M. Blondel, P. Prettenhofer, R. Weiss, V. Dubourg, J. Vanderplas, A. Passos, D. Cournapeau, M. Brucher, M. Perrot, and E. Duchesnay. Scikit-learn: Machine learning in Python. Journal of Machine Learning Research, 12: 2825--2830, 2011.
[19]
A. G. Pennington, J. D. Strunk, J. L. Griffin, C. A. Soules, G. R. Goodson, and G. R. Ganger. Storage-based intrusion detection: Watching storage activity for suspicious behavior. School of Computer Science, Carnegie Mellon University, 2002.
[20]
K. Revett, H. Jahankhani, S. T. Magalhaes, and H. M. D. Santos. A survey of user authentication based on mouse dynamics. Global E-Security, pages 210--219, 2008.
[21]
C. v. Rijsbergen. Information retrieval. 1979. Btterworths, London, 1997.
[22]
R. Thawonmas, Y. Kashifuji, and K.-T. Chen. Detection of mmorpg bots based on behavior analysis. In Proceedings of the 2008 International Conference on Advances in Computer Entertainment Technology, pages 91--94. ACM, 2008.
[23]
J. Yan and A. S. El Ahmad. Usability of captchas or usability issues in captcha design. In Proceedings of the 4th Symposium on Usable Privacy and Security, SOUPS '08, pages 44--52, New York, NY, USA, 2008. ACM.
Index Terms
- Detecting abnormal user behavior through pattern-mining input device analytics
Recommendations
Game Analytics for Game User Research, Part 1: A Workshop Review and Case Study
The emerging field of game user research (GUR) investigates interaction between players and games and the surrounding context of play. Game user researchers have explored methods from, for example, human-computer interaction, psychology, interaction ...
A Camera-Based Input Device for Large Interactive Displays
Humanýcomputer interaction using large-format displays is an active area of research that focuses on how humans can better work with computers or other machines. For this to happen, there must be an enabling technology that creates the interface between ...
Multi-touch surface as input device
ITS '10: ACM International Conference on Interactive Tabletops and SurfacesIn consideration of the rapid development of displays and multi-touch technologies, many workspaces could feature integrated multi-touch displays in the near future and therefore the possibility of using them as input devices for other computers needs ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Copyright © 2015 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
- US Army Research Office: US Army Research Office
- NSF: National Science Foundation
- University of Illinois at Urbana-Champaign
- National Security Agency: National Security Agency
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 21 April 2015
Check for updates
Qualifiers
- Research-article
Funding Sources
- National Security Agency
Conference
HotSoS '15
Sponsor:
- US Army Research Office
- NSF
- National Security Agency
Acceptance Rates
HotSoS '15 Paper Acceptance Rate 13 of 22 submissions, 59%;
Overall Acceptance Rate 34 of 60 submissions, 57%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 214Total Downloads
- Downloads (Last 12 months)2
- Downloads (Last 6 weeks)0
Reflects downloads up to 13 Nov 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in