Deep Learning Based Sequential Mining for User Authentication in Web Applications

Biometric authentication is being increasingly used in various applications to identify people using various traits. This can be of use in various applications like forensics, passport control, etc. In the rapidly growing era of internet, it is necessary to restrict access to data on the web. Security and customer usage are some of the essential parameters which should be taken care of in a web biometric system. Also, biometric technology has been implemented on social media platforms so as to save users from cyber-attacks and breach of privacy. This chapter provides an overview of how a web biometric system works, with an approach to use deep learning algorithms to identify traits like face, iris, and fingerprints. Such techniques can also be used to authenticate people in e-commerce applications. Further, the authors discuss the implementation of biometric verification techniques on social networking platforms like Facebook, Twitter, etc.

Download Full-text

Web application authentication using ZKP and novel 6D chaotic system

Indonesian Journal of Electrical Engineering and Computer Science ◽

10.11591/ijeecs.v20.i3.pp1522-1529 ◽

2020 ◽

Vol 20 (3) ◽

pp. 1522

Author(s):

Shatha J. Mohammed ◽

Sadiq A. Mehdi

Keyword(s):

Chaotic System ◽

Web Application ◽

Web Applications ◽

Random Number ◽

User Authentication ◽

Internet Services ◽

Bottom Line ◽

Zero Knowledge ◽

Frequent Use ◽

Significant Process

<span>Text password has long been a dominant approach to user authentication used by a huge quantity of Internet services. Web applications are now widely used for the implementation of a range of significant services. The securing of such applications has thus become a significant process. Currently the frequent use of passwords and the need for them make them more vulnerable to theft or guesswork. In the proposed research, the researcher designed an algorithm that has the ability to perform registration or to access web applications safely. The researcher designed an algorithm in the proposed research, which has the ability to securely perform registration or access web applications. The proposed idea based on the notion of Zero-knowledge proof. A complex generation of random number initiated by proposed novel 6D-Hyper chaotic system. The bottom line is that both parties (web application, user), have a secret number. These two numbers used to do the process of registration without requiring a password. Results from the research showed the importance of the proposed method by which the keys were managed and distributed in a safe and effective way.</span>

Download Full-text

A Hybrid Deep Learning System for Real-World Mobile User Authentication Using Motion Sensors

Sensors ◽

10.3390/s20143876 ◽

2020 ◽

Vol 20 (14) ◽

pp. 3876 ◽

Cited By ~ 3

Author(s):

Tiantian Zhu ◽

Zhengqiu Weng ◽

Guolang Chen ◽

Lei Fu

Keyword(s):

Feature Extraction ◽

Deep Learning ◽

Mobile Devices ◽

Real World ◽

Large Scale ◽

User Authentication ◽

Mobile User ◽

Learning System ◽

Support Vector ◽

Motion Sensors

With the popularity of smartphones and the development of hardware, mobile devices are widely used by people. To ensure availability and security, how to protect private data in mobile devices without disturbing users has become a key issue. Mobile user authentication methods based on motion sensors have been proposed by many works, but the existing methods have a series of problems such as poor de-noising ability, insufficient availability, and low coverage of feature extraction. Based on the shortcomings of existing methods, this paper proposes a hybrid deep learning system for complex real-world mobile authentication. The system includes: (1) a variational mode decomposition (VMD) based de-noising method to enhance the singular value of sensors, such as discontinuities and mutations, and increase the extraction range of the feature; (2) semi-supervised collaborative training (Tri-Training) methods to effectively deal with mislabeling problems in complex real-world situations; and (3) a combined convolutional neural network (CNN) and support vector machine (SVM) model for effective hybrid feature extraction and training. The training results under large-scale, real-world data show that the proposed system can achieve 95.01% authentication accuracy, and the effect is better than the existing frontier methods.

Download Full-text

Webshell detection with byte-level features based on deep learning

Journal of Intelligent & Fuzzy Systems ◽

10.3233/jifs-200314 ◽

2021 ◽

Vol 40 (1) ◽

pp. 1585-1596

Author(s):

Xiao Zhongzheng ◽

Nurbol Luktarhan

Keyword(s):

Deep Learning ◽

Web Applications ◽

Detection Efficiency ◽

Source Code ◽

Detection Methods ◽

Web Page ◽

Matching Method ◽

Network Intrusion ◽

Signature Matching ◽

And Control

A webshell is a common tool for network intrusion. It has the characteristics of considerable threat and good concealment. An attacker obtains the management authority of web services through the webshell to penetrate and control web applications smoothly. Because webshell and common web page features are almost identical, it can evade detection by traditional firewalls and anti-virus software. Moreover, with the application of various anti-detection feature hiding techniques to the webshell, it is difficult to detect new patterns in time based on the traditional signature matching method. Webshell detection has been proposed based on deep learning. First, a dataset is opcoded, and the source code and opcode code features are fused. Second, the processed dataset is reduced using the SRNN and an attention mechanism, and the capsule network improves complete predictions for unknown pages. Experiments prove that the algorithm has higher detection efficiency and accuracy than traditional webshell detection methods, and it can also detect new types of webshell with a certain probability.

Download Full-text

Secure Fingerprint Authentication Using Deep Learning and Minutiae Verification

Journal of Intelligent Systems ◽

10.1515/jisys-2018-0289 ◽

2019 ◽

Vol 29 (1) ◽

pp. 1379-1387 ◽

Cited By ~ 1

Author(s):

V.M. Praseetha ◽

Saad Bayezeed ◽

S. Vadivel

Keyword(s):

Neural Network ◽

Deep Learning ◽

Convolutional Neural Network ◽

User Authentication ◽

Optical Image ◽

Deep Convolutional Neural Network ◽

False Identification ◽

Fingerprint Verification ◽

Fingerprint Biometrics ◽

The Given

Abstract Nowadays, there has been an increase in security concerns regarding fingerprint biometrics. This problem arises due to technological advancements in bypassing and hacking methodologies. This has sparked the need for a more secure platform for identification. In this paper, we have used a deep Convolutional Neural Network as a pre-verification filter to filter out bad or malicious fingerprints. As deep learning allows the system to be more accurate at detecting and reducing false identification by training itself again and again with test samples, the proposed method improves the security and accuracy by multiple folds. The implementation of a novel secure fingerprint verification platform that takes the optical image of a fingerprint as input is explained in this paper. The given input is pre-verified using Google’s pre-trained inception model for deep learning applications, and then passed through a minutia-based algorithm for user authentication. Then, the results are compared with existing models.

Download Full-text

Gait-Based Implicit Authentication Using Edge Computing and Deep Learning for Mobile Devices

Sensors ◽

10.3390/s21134592 ◽

2021 ◽

Vol 21 (13) ◽

pp. 4592

Author(s):

Xin Zeng ◽

Xiaomei Zhang ◽

Shuqun Yang ◽

Zhicai Shi ◽

Chihung Chi

Keyword(s):

Deep Learning ◽

Mobile Devices ◽

User Authentication ◽

False Positive Rate ◽

True Positive Rate ◽

Edge Computing ◽

Behavior Modeling ◽

Security And Privacy ◽

Positive Rate ◽

Edge Based

Implicit authentication mechanisms are expected to prevent security and privacy threats for mobile devices using behavior modeling. However, recently, researchers have demonstrated that the performance of behavioral biometrics is insufficiently accurate. Furthermore, the unique characteristics of mobile devices, such as limited storage and energy, make it subject to constrained capacity of data collection and processing. In this paper, we propose an implicit authentication architecture based on edge computing, coined Edge computing-based mobile Device Implicit Authentication (EDIA), which exploits edge-based gait biometric identification using a deep learning model to authenticate users. The gait data captured by a device’s accelerometer and gyroscope sensors is utilized as the input of our optimized model, which consists of a CNN and a LSTM in tandem. Especially, we deal with extracting the features of gait signal in a two-dimensional domain through converting the original signal into an image, and then input it into our network. In addition, to reduce computation overhead of mobile devices, the model for implicit authentication is generated on the cloud server, and the user authentication process also takes place on the edge devices. We evaluate the performance of EDIA under different scenarios where the results show that i) we achieve a true positive rate of 97.77% and also a 2% false positive rate; and ii) EDIA still reaches high accuracy with limited dataset size.

Download Full-text

Security user authentication procedures of web-applications

Ukrainian Information Security Research Journal ◽

10.18372/2410-7840.16.6936 ◽

2014 ◽

Vol 16 (2) ◽

Author(s):

Михаил Владимирович Коломыцев ◽

Светлана Александровна Носок ◽

Николай Владленович Грайворонский

Keyword(s):

Web Applications ◽

User Authentication

Download Full-text

Sanare: Pluggable Intrusion Recovery for Web Applications

10.36227/techrxiv.13725991 ◽

2021 ◽

Author(s):

David Matos ◽

Miguel Correia ◽

Miguel Pardal

Keyword(s):

Deep Learning ◽

Web Services ◽

Data Storage ◽

Web Applications ◽

Storage Systems ◽

Source Code ◽

Profound Knowledge ◽

Recovery System ◽

The Web ◽

Intrusion Recovery

<p>Web applications are exposed to many threats and, despite the best defensive efforts, are often successfully attacked. Reverting the effects of an attack on the state of such an application requires a profound knowledge about the application, to understand what data did the attack corrupt. Furthermore, it requires knowing what steps are needed to revert the effects without modifying legitimate data created by legitimate users. Existing intrusion recovery systems are capable of reverting the effects of the attack but they require modifications to the source code of the application, which may be unpractical. We present Sanare, a pluggable intrusion recovery system designed for web applications that use different data storage systems to keep their state. Sanare does not require any modification to the source code of the application or the web server. Instead, it uses Matchare, a new deep learning scheme we introduce to learn the matches between the HTTP requests and the database statements, file system operations and web services requests that the HTTP requests caused. We evaluated Sanare with three open source web applications: WordPress, GitLab and ownCloud. In our experiments Matchare achieved precision and recall higher than 97.5%.</p>

Download Full-text

Deep Learning Approaches for Continuous Authentication Based on Activity Patterns Using Mobile Sensing

Sensors ◽

10.3390/s21227519 ◽

2021 ◽

Vol 21 (22) ◽

pp. 7519

Author(s):

Sakorn Mekruksavanich ◽

Anuchit Jitpattanakul

Keyword(s):

Deep Learning ◽

Credit Card ◽

User Authentication ◽

Binary Classification ◽

Activity Patterns ◽

Personal Data ◽

Security And Privacy ◽

Sensor Data ◽

Learning Approaches ◽

Continuous Authentication

Smartphones as ubiquitous gadgets are rapidly becoming more intelligent and context-aware as sensing, networking, and processing capabilities advance. These devices provide users with a comprehensive platform to undertake activities such as socializing, communicating, sending and receiving e-mails, and storing and accessing personal data at any time and from any location. Nowadays, smartphones are used to store a multitude of private and sensitive data including bank account information, personal identifiers, account passwords and credit card information. Many users remain permanently signed in and, as a result, their mobile devices are vulnerable to security and privacy risks through assaults by criminals. Passcodes, PINs, pattern locks, facial verification, and fingerprint scans are all susceptible to various assaults including smudge attacks, side-channel attacks, and shoulder-surfing attacks. To solve these issues, this research introduces a new continuous authentication framework called DeepAuthen, which identifies smartphone users based on their physical activity patterns as measured by the accelerometer, gyroscope, and magnetometer sensors on their smartphone. We conducted a series of tests on user authentication using several deep learning classifiers, including our proposed deep learning network termed DeepConvLSTM on the three benchmark datasets UCI-HAR, WISDM-HARB and HMOG. Results demonstrated that combining various motion sensor data obtained the highest accuracy and energy efficiency ratio (EER) values for binary classification. We also conducted a thorough examination of the continuous authentication outcomes, and the results supported the efficacy of our framework.

Download Full-text