Implicit authentication method for smartphone users based on
rank aggregation and random forest

Abstract

Currently, the smartphone devices have become an essential part of our daily activities. Smartphone’ users run various essential applications (such as banking and e-health Apps), which contains very confidential information (e.g., credit card number and its PIN). Typically, the smartphone’s user authentication is achieved using mechanisms (password or security pattern) to verify
the user identity. Although these mechanisms are cheap, simple, and quick enough for frequent
logins, they are vulnerable to attacks such as shoulder surfing or smudge attack. This problem
could be addressed by authenticating the users using their behaviour (i.e., touch behaviour) while
using their smartphones. Such behaviours include finger’s pressure, size, and pressure time while
tapping keys. Selecting features (from these behaviours) could play an important role in the authentication process’s performance. This paper aims to propose an efficient authentication method
providing an implicit authentication for smartphone users while not imposing an additional cost
of special hardware and addressing the limited smartphone capabilities. We first investigated feature selection techniques from the filter and wrapper approaches and then used the best one to
propose our implicit authentication method. The random forest classifier is used to evaluate these
techniques. It is also used to achieve the classification task in our authentication method. Using
a public dataset, the experimental results showed that the filter-based technique (i.e., rank aggregation) is the best feature selection to build an implicit authentication method for the smartphone
environment. It showed accuracy results around 97.80% using only 25 features out of 53 features
(i.e., require less mobile resources (memory and processing power) to authenticate users. At the
same time, the results showed that our method has less error rate: 2.03 FAR, 0.04 FRR, and 1.04
ERR, comparing to the related work. These promising results would be used to develop a mobile
application that allows implicit authentication of legitimate owners while avoiding the traditional
authentication problems and using fewer smartphone resources.