报告题目：Risk-Based Authentication Scheme Using Biometrics in Web Environment Systems
主讲人：Nazarbayev University, IEEE Fellow, Mohammad S. Obaidat教授
报告摘要：Existing risk-based authentication systems rely on basic web communication information such as the source IP address or the velocity of transactions performed by a specific account, or originating from a certain IP address. Such information can easily be spoofed, and as such, put in question the robustness and reliability of the proposed systems.
Risk-based authentication can be applied from two different perspectives: proactively and reactively. When applied proactively, risk-based authentication can be integrated with the login process and used to block from the beginning access to users flagged as risky. In contrast, reactive risk-based authentication can be used to identify and revert ongoing or completed transactions considered as risky. Although proactive risk-based authentication may be considered as more desirable than reactive risk-based authentication, the cost of a misclassification error is far greater in the former than in the latter. In other words, more stringent accuracy requirements underlie proactive approaches compared to reactive ones. Actually, each category is adequate for specific scenarios. While proactive risk-based authentication is important in situations where confidentiality is essential such as in military or intelligence transactions, reactive risk-based authentication may be enough in situations where integrity is the primary concern. For instance, in online banking transactions, malicious transactions can be reverted (immediately) by the end of the session if the user is classified as risky.
In this talk, we present our biometrics-based security schemes that are based on keystroke dynamics, which are considered breakthrough techniques. We then introduce our new online biometric risk-based authentication system that provides more robust user identity information by combining mouse dynamics and keystroke dynamics biometrics in a multimodal framework. Experimental evaluation of our proposed model with 24 participants yields an Equal Error Rate of 8.21%, which is promising considering that we are dealing with free text and free mouse movements, and the fact that many web sessions tend to be very short. Moreover, we believe this performance is good for reactive risk-based authentication, where the goal is not to prevent the user from using the system, but rather to identify malicious sessions and trigger appropriate risk mitigation measures.
主讲人简介：Professor Mohammad S. Obaidat is an internationally known academic /researcher /scientist /scholar. He received his Ph.D. degree in Computer Engineering with a minor in Computer Science from the Electrical and Computer Engineering (ECE) Department, The Ohio State University, Columbus, USA. He has received extensive research funding and published about One Thousand (1000) refereed technical articles-About half of them are journal articles, over 65 books, and over 65 Book Chapters. He is Editor-in-Chief of 3 scholarly journals and an editor of many other international journals. He is the founding Editor-in-Chief of Wiley Security and Privacy Journal.
Among his previous positions are Advisor to the President of Philadelphia University for Research, Development and Information Technology, President of the Society for Molding and Simulation International, SCS, Senior Vice President of SCS, Dean of the College of Engineering at Prince Sultan University, Chair and tenured Professor at the Department of Computer and Information Science and Director of the MS Graduate Program in Data Analytics at Fordham University, Chair and tenured Professor of the Department of Computer Science and Director of the Graduate Program at Monmouth University. He is now a Full Professor at Nazarbayev University, Astana, Kazakhstan, a Full Professor at King Abdullah II School of Information Technology, University of Jordan, The PR of China Ministry of Education Distinguished Overseas Professor at the University of Science and Technology Beijing, China and an Honorary Distinguished Professor at the Amity University- A Global University.
He has chaired numerous (Over 160) international conferences and has given numerous (Over 150) keynote speeches worldwide. He founded or co-founded four international conferences. He has served as ABET/CSAB evaluator and on IEEE CS Fellow Evaluation Committee. He has served as IEEE CS Distinguished Speaker/Lecturer and an ACM Distinguished Lecturer. Since 2004 has been serving as an SCS Distinguished Lecturer. He received many best paper awards for his papers including ones from IEEE ICC and IEEE GlobeCom international conferences. He also received many worldwide awards for his technical contributions including: SCS prestigious McLeod Founder's Award, Presidential Service Award, SCS Hall of Fame –Lifetime Achievement Award for his technical contribution to modeling and simulation and for his outstanding visionary leadership and dedication to increasing the effectiveness and broadening the applications of modeling and simulation worldwide. He was awarded in 2017 the IEEE CITS Hall of Fame Distinguished and Eminent Award. He received very recently the 2018 IEEE ComSoc Technical Committee on Communications Software- 2018 Technical Achievement Award on original significant technical contribution to cybersecurity, computer networks, and wireless networks. He has been awarded the Amity University Distinguished Honorary Professor Award. He also received the Distinguished Professor Award from University of Science and Technology-Beijing, China, and the SCS Outstanding Service Award. He is a Life Fellow of IEEE and a Fellow of SCS.