Upload
ngonhu
View
220
Download
0
Embed Size (px)
Citation preview
Science of Security Lablet
Understanding & Accounting for Human Behavior
Modeling Human Behavior from Low-Level Input Analytics
Arpan Chakraborty
Ph.D. Candidate
David Roberts, Robert St. Amant, Titus Barik, Brent Harrison
Science of Security Lablet
Understanding & Accounting for Human Behavior
Motivation
•How is human behavior related to security? •What can low-level input analytics tell us?
– Bot or human? – Alice or Ivan the impostor? – Deceptive behavior
Science of Security Lablet
Understanding & Accounting for Human Behavior
•Human Interactive Proofs (HIPs) – Stop bots, spam – Explicit, interruptive
•Human Observational Proofs (HOPs)
– Identify humans using biometric signatures – Unobtrusive, but weak for behavioral analysis
Existing “Security Proofs”
Science of Security Lablet
Understanding & Accounting for Human Behavior
Goal: Human “Subtlety” Proofs
• Passive observation of interactions • Small changes to UI • Cognitive models help
recognize behavior •Hard to deceive
Science of Security Lablet
Understanding & Accounting for Human Behavior
Practical Applications
•Weed out bots from monetized games and social applications, including advertising
•Monitor user behavior for abnormal patterns within sensitive systems
• Identify deceptive behavior in online tests and interviews
Science of Security Lablet
Understanding & Accounting for Human Behavior
Basis: Human Cognition
•Humans choose a cognitive strategy based on situations, conditions – What order shall I proceed in? – How much time should I spend on a task?
• Some decisions are made subconsciously
Science of Security Lablet
Understanding & Accounting for Human Behavior
•Ways of accomplishing a task that vary in timing, accuracy, payoff etc. – Think lay up vs. slam dunk
• Affected by higher-level cognitive decisions • Reflected in low-level motor behavior
Microstrategies
Science of Security Lablet
Understanding & Accounting for Human Behavior
Microstrategies
• “When alternative microstrategies can be applied, users tend to select the one that is most efficient in the particular task context.” [Gray & Boehm-Davis, 2000]
Science of Security Lablet
Understanding & Accounting for Human Behavior
Method: Low-Level Input Analytics
•Mouse events – Movement speed, click distribution
• Key presses – Typing speed, inter-key and inter-word pauses
• Situation-specific interactions – Correct actions, mistakes
Science of Security Lablet
Understanding & Accounting for Human Behavior
Test Domain: Casual Games
• Rich interaction • Goals and payoffs can be controlled • Subtle changes possible
– Little distraction from target task – Can be made part of the game!
Science of Security Lablet
Understanding & Accounting for Human Behavior
I. Scrabble
• Can we tell bot vs. human from mouse behavior?
Science of Security Lablet
Understanding & Accounting for Human Behavior
Spatial Signatures for Bot Detection
• Pixel-level signatures distinguish humans
Click Unclick
Science of Security Lablet
Understanding & Accounting for Human Behavior
II. Concentration Game
• Conditions – Speed: Aim for less time – Accuracy: Fewer mistakes
• Study – 179 players, 10 games each
• Can we predict condition from player performance?
Science of Security Lablet
Understanding & Accounting for Human Behavior
Visualizing Gameplay
Science of Security Lablet
Understanding & Accounting for Human Behavior
Predicting Game Condition
Results: 82.4% accuracy with SVM classifier
Speed
Accuracy
Science of Security Lablet
Understanding & Accounting for Human Behavior
Speed-Accuracy Tradeoffs
• Can we identify different microstrategies people use under speed/accuracy conditions? – Order of exploration – Time spent in decision-making – Speed of mouse movement – Precision of clicks within tiles
Science of Security Lablet
Understanding & Accounting for Human Behavior
Human Memory and Cognition
•What can we tell about human memory? – Number of tiles one can remember – How accurately are locations stored – Duration one can remember a single fact – Pattern of errors due to memory failures
• Cognitive model being developed
Science of Security Lablet
Understanding & Accounting for Human Behavior
III. Ninja Typing
Science of Security Lablet
Understanding & Accounting for Human Behavior
Typing Analytics
• Basic level: Type common dictionary words • Then introduce subtle changes:
– Uncommon words – Uncommon bigrams (e.g. “ht”) – Random letters (e.g. “zhqv”)
• Observe inter-key delay, etc.
Science of Security Lablet
Understanding & Accounting for Human Behavior
Studying Deceptive Behavior
•Words given to players before game starts • Players try to act as if words are unknown • Players incentivized for fooling system • Can we identify deceptive behavior from
low-level input analytics?
Science of Security Lablet
Understanding & Accounting for Human Behavior
Summary
• Define low-level input metrics • Identify microstrategies, tradeoffs • Develop cognitive models of human
behavior • Recognize abnormal behavior to detect
bots, deception