Continuous Authentication of the Smartphone user based on App Usage

Abstract

Authentication in mobile phones is done by using knowledge-based authentication schemes (passwords or numeric codes known as personal identification numbers, PINs) or biometric authentication factors (face recognition or finger-print recognition) which are usually used to unlock the device or at the entry-point of the apps. After the initial authentication, it is assumed that the user is same till the app is closed or the screen is unlocked, which makes smartphones vulnerable to unauthorized access. Therefore, there is a need for continuous authentication of the user at the application level after the initial entry-point authentication. In this report, an approach for continuous and passive authentication for the smartphones is presented based on the mobile application access behavior of the user. In this method, the data for past history of the application accesses of the user is used to extract features and then different users are differentiated based on their app access patterns. In this report, two datasets have been used and in one dataset, network traffic for each app access session is used to extract features which considerably improved the differentiation between users. The result shows that this authentication method provides a high degree of accuracy and is feasible for the continuous authentication of the user.