Prevention or Identification of Web Intrusion via Human Computer Interaction Behaviour – A Proposal

The present work proposes a new technique for the identification or prevention of intrusion in web applications via the monitoring of the user interaction behaviour. We report preliminary results in a verification task based on a user claiming his identity and being accepted or detected as an intruder after some time of user interaction monitoring. We describe the acquisition system that enables the remote monitoring of the user human computer interaction and the recognition system that detects an intrusion in the system, and present some preliminary results. 1.0 INTRODUCTION Malicious intrusion in Internet sites either with the intention of disrupting the system or to steal information can threat the normal operation of the Web. We propose a new biometric technique capable of monitoring the user behaviour in a web site in order to prevent or detect intrusion by validating the user identity claim, normally made in a logon page. The system is based on the learnt human computer interaction behaviour of the genuine users. We developed an acquisition system, called Web Interaction Display and Monitoring (WIDAM) [3] , that collects the user interaction data by recording the mouse movements, clicks and key presses, among other interaction events, while the user is browsing a web page. The biometric system uses this last system to verify the identity of a, while he is navigating in the web page. The classification is based on statistical pattern recognition models, and is done after a period of interaction. This period can be selected in order to define the security level of the biometric system. In our preliminary results we obtained a level of security similar to other behavioural biometrics techniques if a period of 60 seconds of interaction is collected. This methodology introduces a possibility of applying an biometric layer to web systems with the present technology. We will now introduce some terminology used in the biometric area. Biometric systems can be divided in two types [7]: (1) Identity verification (or authentication) occurs when a user claims who he is and the system accepts (or declines) his claim; (2) Identity identification (sometimes called search) occurs when the system establishes a subject identity (or fails to do it) without any prior claim. Biometric techniques can also be classified according to the type of characteristics explored : (1) physiological --a physiological trait tends to be a stable physical characteristic, such as Paper presented at the RTO SCI Symposium on “Systems, Concepts and Integration (SCI) Methods and Technologies for Defence Against Terrorism,” held in London, United Kingdom, 25-27 October 2004, and published in RTO-MP-SCI-158.