Characteristics and Measures for Mobile-Masquerader Detection

  • Oleksiy Mazhelis
  • Seppo Puuronen
Conference paper
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 193)


Personal mobile devices, as mobile phones, smartphones, and communicators can be easily lost or stolen. Due to the functional abilities of these devices, their use by an unintended person may result in a severe security incident concerning private or corporate data and services. Organizations develop their security policy and mobilize preventive techniques against unauthorized use. Current solutions, however, are still breakable and there still exists strong need for means to detect user substitution when it happens. A crucial issue in designing such means is to define what measures to monitor.

In this paper, an attempt is made to identify suitable characteristics and measures for mobile-user substitution detection. Our approach is based on the idea that aspects of user behavior and environment reflect user’s personality in a recognizable way. The paper provides a tentative list of individual behavioral and environmental aspects, along with characteristics and measures to represent them.


Mobile Terminal Security User Profiling Masquerader Detection 


  1. [1]
    D. Anderson, T. Lunt, H. Javitz, A. Tamaru, and A. Valdes. Detecting unusual program behavior using the statistical components of NIDES. SRI Technical Report SRI-CRL-95-06, Computer Science Laboratory, SRI International, Menlo Park, California, May 1995.Google Scholar
  2. [2]
    Debra Anderson, Thane Frivold, and Alfonso Valdes. Next-generation intrusion detection expert system (NIDES): A summary. Technical Report SRI-CSL-95-07, Computer Science Laboratory, SRI International, Menlo Park, California, May 1995.Google Scholar
  3. [3]
    A. Bandura. Social Foundations of Thought and Action: A Social Cognitive Theory. Englewood Cliffs, NJ: Prentice Hall, 1986.Google Scholar
  4. [4]
    Albert Bandura. Social cognitive theory. Annals of Child Development, 6:1–60, 1989.Google Scholar
  5. [5]
    C.S. Carver and M.F. Scheier. Perspectives on personality. Allyn and Bacon, Boston, 4 edition, 2000.Google Scholar
  6. [6]
    Nathan L. Clarke, Steven M. Furnell, Philip M. Rodwell, and Paul L. Reynolds. Acceptance of subscriber authentication methods for mobile telephony devices. Computers & Security, 21(3):220–228, 2002.CrossRefGoogle Scholar
  7. [7]
    H. J. Eysenck. The structure of human personality. Methuen, London, 3 edition, 1970.Google Scholar
  8. [8]
    Anup K. Ghosh, Aaron Schwartzbard, and Michael Schatz. Learning program behavior profiles for intrusion detection. In 1 st USENIX Workshop on Intrusion Detection and Network Monitoring, pages 51–62, Berkeley, CA, USA, April 1999. USENIX Association.Google Scholar
  9. [9]
    Steven A. Hofmeyr, Stephanie Forrest, and Anil Somayaji. Intrusion detection using sequences of system calls. Journal of Computer Security, 6(3):151–180, 1998.Google Scholar
  10. [10]
    Terran Lane. Machine Learning Techniques for the Computer Security Domain of Anomaly Detection. Ph.D. thesis, Purdue University, W. Lafayette, IN, 2000.Google Scholar
  11. [11]
    Terran Lane and Carla E. Brodley. Temporal sequence learning and data reduction for anomaly detection. ACM Transactions on Information and System Security, 2(3):295–331, 1999.CrossRefGoogle Scholar
  12. [12]
    Wenke Lee and Salvatore Stolfo. A framework for constructing features and models for intrusion detection systems. ACM Transactions on Information and System Security (TISSEC), 3(4):227–261, 2000.CrossRefGoogle Scholar
  13. [13]
    Roy A. Maxion and Tahlia N. Townsend. Masquerade detection using truncated command lines. In Proceedings of the International Conference on Dependable Systems and Networks, pages 219–228, Los Alamitos, California, June 2002. IEEE Computer Society Press.Google Scholar
  14. [14]
    R. R. McCrae and Jr. Costa, P. T. Handbook of personality: Theory and research, chapter A five-factor theory of personality, pages 139–154. Guilford, New York, 2nd edition, 1999.Google Scholar
  15. [15]
    John McHugh. Intrusion and intrusion detection. International Journal of Information Security, 1(1):14–35, 2001.zbMATHGoogle Scholar
  16. [16]
    Pointsec Mobile Technologies. Half of all corporate PDAs unprotected despite employer risk. Pointsec News Letter 2, Available from (read 25.04.2005), June 2004.Google Scholar
  17. [17]
    Joseph R. Royce and Arnold Powell. Theory of personality and individual differences: factors, systems and processes. Englewood Cliffs, NJ: Prentice Hall, 1983.Google Scholar
  18. [18]
    Jake Ryan, Meng-Jang Lin, and Risto Miikkulainen. Intrusion detection with neural networks. In Michael I. Jordan, Michael J. Kearns, and Sara A. Solla, editors, Advances in Neural Information Processing Systems, pages 943–949, Cambridge, MA, USA, 1998. The MIT Press.Google Scholar
  19. [19]
    Karlton Sequeira and Mohammed Zaki. ADMIT: anomaly-based data mining for intrusions. In David Hand, Daniel Keim, and Raymond Ng, editors, Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining, pages 386–395, Edmonton, Alberta, Canada, 2002. ACM Press.Google Scholar
  20. [20]
    Jude Shavlik and Mark Shavlik. Selection, combination, and evaluation of effective software sensors for detecting abnormal computer usage. In Proceedings of the 2004 ACM SIGKDD international conference on Knowledge discovery and data mining, pages 276–285. ACM Press, 2004.Google Scholar
  21. [21]
    Bo Sun, Fei Yu, Kui Wu, and Victor C. M. Leung. Mobility-based anomaly detection in cellular mobile networks. In Markus Jakobsson and Adrian Perrig, editors, Proceedings of the 2004 ACM workshop on Wireless security, pages 61–69. ACM Press, 2004.Google Scholar
  22. [22]
    A. Sundaram. An introduction to intrusion detection. ACM Crossroads, 2(4):3–7, 1996.CrossRefGoogle Scholar
  23. [23]
    S. Upadhyaya, R. Chinchani, and K. Kwiat. An analytical framework for reasoning about intrusions. In 20th IEEE Symposium on Reliable Distributed Systems pages 99–108, New Orleans, LA, October 2001.Google Scholar
  24. [24]
    Dit-Yan Yeung and Yuxin Ding. Host-based intrusion detection using dynamic and static behavioral models. Pattern Recognition, 36(l):229–243, 2003.CrossRefzbMATHGoogle Scholar
  25. [25]
    Yongguang Zhang and Wenke Lee. Intrusion detection techniques for mobile wireless networks. Wireless Networks, 9(5):545–556, 2003.CrossRefGoogle Scholar

Copyright information

© International Federation for Information Processing 2005

Authors and Affiliations

  • Oleksiy Mazhelis
    • 1
  • Seppo Puuronen
    • 2
  1. 1.Information Technology Research InstituteUniversity of JyväskyläJyväskyläFinland
  2. 2.Department of Computer Science and Information SystemsUniversity of JyväskyläJyväskyläFinland

Personalised recommendations