User Identification by Observing Interactions with GUIs.

Given our increasing reliance on computing devices, the security of such devices becomes ever more important. In this work, we are interested in exploiting user behaviour as a means of reducing the potential for masquerade attacks, which occur when an intruder manages to breach the system and act as an authorised user. This could be possible by using stolen passwords or by taking advantage of unlocked, unattended devices. Once the attacker has passed the authentication step, they may have full access to that machine including any private data and software. Continuous identification can be used as an effective way to prevent such attacks, where the identity of the user is checked continuously throughout the session. In addition to security purposes, a reliable dynamic identification system would be of interest for user profiling and recommendation. In this paper, we present a method for user identification which relies on modeling the behaviours of a user when interacting with the graphical user interface of a computing device. A publiclyavailable logging tool has been developed specifically to passively capture human-computer interactions. Two experiments have been conducted to evaluate the model, and the results show the effectiveness and reliability of the method for the dynamic user identification.