Modeling Human Behavior from Low-Level Input Analytics · Modeling Human Behavior from Low-Level Input Analytics Arpan Chakraborty Ph.D. Candidate David Roberts, Robert St. Amant,

Science of Security Lablet

Understanding & Accounting for Human Behavior

Modeling Human Behavior from Low-Level Input Analytics

Arpan Chakraborty

Ph.D. Candidate

David Roberts, Robert St. Amant, Titus Barik, Brent Harrison



Motivation

•How is human behavior related to security? •What can low-level input analytics tell us?

– Bot or human? – Alice or Ivan the impostor? – Deceptive behavior

Presenter

Presentation Notes

What does human behavior have to do with security? Think about users who are genuinely authenticated, but potentially harmful. Also, hard to enforce or less critical security scenarios, e.g. online testing, open voting. You would like to tell whether someone accessing your system is human or not, and if so, is behaving as expected.



•Human Interactive Proofs (HIPs) – Stop bots, spam – Explicit, interruptive

•Human Observational Proofs (HOPs)

– Identify humans using biometric signatures – Unobtrusive, but weak for behavioral analysis

Existing “Security Proofs”

Presenter

Presentation Notes

Some existing security proofs based on human interaction/behavior. For interactive proofs, the user has to actively engage in an activity not related to the intended task. Observational proofs like mouse movement signatures are less obtrusive.



Goal: Human “Subtlety” Proofs

• Passive observation of interactions • Small changes to UI • Cognitive models help

recognize behavior •Hard to deceive



Practical Applications

•Weed out bots from monetized games and social applications, including advertising

•Monitor user behavior for abnormal patterns within sensitive systems

• Identify deceptive behavior in online tests and interviews



Basis: Human Cognition

•Humans choose a cognitive strategy based on situations, conditions – What order shall I proceed in? – How much time should I spend on a task?

• Some decisions are made subconsciously

Presenter

Presentation Notes

Metacognition: Decisions that are not directly part of the task at hand, but affect how it is completed. Concept of microstrategies. E.g. when writing an exam.



•Ways of accomplishing a task that vary in timing, accuracy, payoff etc. – Think lay up vs. slam dunk

• Affected by higher-level cognitive decisions • Reflected in low-level motor behavior

Microstrategies

Presenter

Presentation Notes

Note: Lay up vs. slam dunk analogy breaks down pretty easily, but is a good example.



Microstrategies

• “When alternative microstrategies can be applied, users tend to select the one that is most efficient in the particular task context.” [Gray & Boehm-Davis, 2000]

Presenter

Presentation Notes

Wayne Gray & Deborah Boehm-Davis: Milliseconds Matter



Method: Low-Level Input Analytics

•Mouse events – Movement speed, click distribution

• Key presses – Typing speed, inter-key and inter-word pauses

• Situation-specific interactions – Correct actions, mistakes

Presenter

Presentation Notes

What are the low-level interactions we are looking at?



Test Domain: Casual Games

• Rich interaction • Goals and payoffs can be controlled • Subtle changes possible

– Little distraction from target task – Can be made part of the game!

Presenter

Presentation Notes

Why casual games? Most important reason: Can make subtle changes to elicit changes in human behavior.



I. Scrabble

• Can we tell bot vs. human from mouse behavior?

Presenter

Presentation Notes

Past project that provided a foundation for this work.



Spatial Signatures for Bot Detection

• Pixel-level signatures distinguish humans

Click Unclick



II. Concentration Game

• Conditions – Speed: Aim for less time – Accuracy: Fewer mistakes

• Study – 179 players, 10 games each

• Can we predict condition from player performance?

Presenter

Presentation Notes

Current work.



Visualizing Gameplay



Predicting Game Condition

Results: 82.4% accuracy with SVM classifier

Speed

Accuracy

Presenter

Presentation Notes

X-axis: Normalized time, Y-axis: Normalized #Mismatches Orange: Speed, Blue: Accuracy



Speed-Accuracy Tradeoffs

• Can we identify different microstrategies people use under speed/accuracy conditions? – Order of exploration – Time spent in decision-making – Speed of mouse movement – Precision of clicks within tiles

Presenter

Presentation Notes

Further questions we are exploring. Building a cognitive model to address these.



Human Memory and Cognition

•What can we tell about human memory? – Number of tiles one can remember – How accurately are locations stored – Duration one can remember a single fact – Pattern of errors due to memory failures

• Cognitive model being developed

Presenter

Presentation Notes

Note: Split out cognitive model into its own slide



III. Ninja Typing



Typing Analytics

• Basic level: Type common dictionary words • Then introduce subtle changes:

– Uncommon words – Uncommon bigrams (e.g. “ht”) – Random letters (e.g. “zhqv”)

• Observe inter-key delay, etc.



Studying Deceptive Behavior

•Words given to players before game starts • Players try to act as if words are unknown • Players incentivized for fooling system • Can we identify deceptive behavior from

low-level input analytics?

Presenter

Presentation Notes

Clues from low-level analytics: Inordinate delay before beginning to type (guilt factor), etc.



Summary

• Define low-level input metrics • Identify microstrategies, tradeoffs • Develop cognitive models of human

behavior • Recognize abnormal behavior to detect

bots, deception

Documents

Modeling Human Behavior from Low-Level Input Analytics · Modeling Human Behavior from Low-Level Input Analytics Arpan Chakraborty Ph.D. Candidate David Roberts, Robert St. Amant,