Show/Hide Menu
Hide/Show Apps
Logout
Türkçe
Türkçe
Search
Search
Login
Login
OpenMETU
OpenMETU
About
About
Open Science Policy
Open Science Policy
Open Access Guideline
Open Access Guideline
Postgraduate Thesis Guideline
Postgraduate Thesis Guideline
Communities & Collections
Communities & Collections
Help
Help
Frequently Asked Questions
Frequently Asked Questions
Guides
Guides
Thesis submission
Thesis submission
MS without thesis term project submission
MS without thesis term project submission
Publication submission with DOI
Publication submission with DOI
Publication submission
Publication submission
Supporting Information
Supporting Information
General Information
General Information
Copyright, Embargo and License
Copyright, Embargo and License
Contact us
Contact us
Adversarial Attacks on Continuous Authentication Security: A Dynamic Game Approach
Date
2019-01-01
Author
Sarıtaş, Serkan
Sandberg, Henrik
Dan, Gyorgy
Metadata
Show full item record
This work is licensed under a
Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License
.
Item Usage Stats
172
views
0
downloads
Cite This
Identity theft through phishing and session hijacking attacks has become a major attack vector in recent years, and is expected to become more frequent due to the pervasive use of mobile devices. Continuous authentication based on the characterization of user behavior, both in terms of user interaction patterns and usage patterns, is emerging as an effective solution for mitigating identity theft, and could become an important component of defense-in-depth strategies in cyber-physical systems as well. In this paper, the interaction between an attacker and an operator using continuous authentication is modeled as a stochastic game. In the model, the attacker observes and learns the behavioral patterns of an authorized user whom it aims at impersonating, whereas the operator designs the security measures to detect suspicious behavior and to prevent unauthorized access while minimizing the monitoring expenses. It is shown that the optimal attacker strategy exhibits a threshold structure, and consists of observing the user behavior to collect information at the beginning, and then attacking (rather than observing) after gathering enough data. From the operator's side, the optimal design of the security measures is provided. Numerical results are used to illustrate the intrinsic trade-off between monitoring cost and security risk, and show that continuous authentication can be effective in minimizing security risk.
URI
https://hdl.handle.net/11511/94397
DOI
https://doi.org/10.1007/978-3-030-32430-8_26
Conference Name
10th International Conference on Decision and Game Theory for Security (GameSec)
Collections
Department of Electrical and Electronics Engineering, Conference / Seminar
Suggestions
OpenMETU
Core
Static Malware Detection Using Stacked BiLSTM and GPT-2
Demirci, Deniz; Sahin, Nazenin; Sirlancis, Melih; Acartürk, Cengiz (2022-01-01)
In recent years, cyber threats and malicious software attacks have been escalated on various platforms. Therefore, it has become essential to develop automated machine learning methods for defending against malware. In the present study, we propose stacked bidirectional long short-term memory (Stacked BiLSTM) and generative pre-trained transformer based (GPT-2) deep learning language models for detecting malicious code. We developed language models using assembly instructions extracted from .text sections o...
Cyber Security by a New Analogy: "The Allegory of the 'Mobile'Cave"
Canbek, Gurol (Informa UK Limited, 2018-01-01)
Mobile devices as the most pervasive technology enablers also bring new security risks in cyberspace. However, related cyber security studies mainly focus on technologies and practices rather than fundamentals and root causes. These studies may also omit the current scientific knowledge gained on other relevant or irrelevant domains that may be adapted to cyber security and ignore human nature that is more important than technology and processes. This study surveys and associates all the analogical methods ...
Graphical Passwords as Browser Extension: Implementation and Usability Study
BIÇAKCI, KEMAL; Yuceel, Mustafa; Erdeniz, Burak; Gurbaslar, Hakan; ATALAY, NART BEDİN (2009-06-19)
Today, most Internet applications still establish user authentication with traditional text based passwords. Designing a secure as well as a user-friendly password-based method has been on the agenda of security researchers for a long time. On one hand, there are password manager programs which facilitate generating site-specific strong passwords from a single user password to eliminate the memory burden due to multiple passwords. On the other hand, there are studies exploring the viability of graphical pas...
Improving the security and flexibility of one-time passwords by signature chains
Bıçakçı, Kemal; Baykal, Nazife (TÜBİTAK, 2003)
While the classical attack of ``monitor the network and intercept the password'' can be avoided by advanced protocols like SSH, one-time passwords are still considered a viable alternative or a supplement for software authentica since they are the only ones that safeguard against attacks on insecure client machines. In this paper by using public-key techniques we present a method called signature chain alternative to Lamport's hash chain to improve security and flexibility of one-time passwords. Our proposi...
Undermining User Privacy on Mobile Devices Using AI
Gulmezoglu, Berk; Zankl, Andreas; Tol, M. Caner; Islam, Saad; Eisenbarth, Thomas; Sunar, Berk (2019-01-01)
Over the past years, literature has shown that attacks exploiting the microarchitecture of modern processors pose a serious threat to user privacy. This is because applications leave distinct footprints in the processor, which malware can use to infer user activities. In this work, we show that these inference attacks can greatly be enhanced with advanced AI techniques. In particular, we focus on profiling the activity in the last-level cache (LLC) of ARM processors. We employ a simple Prime+Probe based mon...
Citation Formats
IEEE
ACM
APA
CHICAGO
MLA
BibTeX
S. Sarıtaş, H. Sandberg, and G. Dan, “Adversarial Attacks on Continuous Authentication Security: A Dynamic Game Approach,” Stockholm, İsveç, 2019, vol. 11836, Accessed: 00, 2021. [Online]. Available: https://hdl.handle.net/11511/94397.