{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,16]],"date-time":"2026-04-16T12:41:55Z","timestamp":1776343315052,"version":"3.51.2"},"reference-count":63,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2020,12,17]],"date-time":"2020-12-17T00:00:00Z","timestamp":1608163200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Proc. ACM Interact. Mob. Wearable Ubiquitous Technol."],"published-print":{"date-parts":[[2020,12,17]]},"abstract":"The shortcomings of the traditional password-based authentication mechanism are becoming increasingly apparent as we transition from \"one user - one device\" to a richer \"multiple users - multiple devices\" computing paradigm. The currently dominant research direction focuses on on-device biometrics, which require sensitive information, such as images of a user's face, to be constantly streamed from a single recording source, often the device on which a user is getting authenticated. Instead, in this work we explore the possibilities offered by heterogeneous devices that opportunistically collect non-sensitive data in smart environments. We construct an IoT testbed in which we gather data pertaining to a person's movement in space, interaction with certain physical objects, PC terminal usage, and keyboard typing, and construct machine learning models capturing the person's behaviour traits. We commence our examination with models constructed from data sensed during a previously-completed task run and with such models we achieve up to 68% user identification accuracy (c.f. 7% baseline) among up to 20 individuals. Taking into account the limits of behaviour persistence we then revise our approach to continuously refine the model with the most recently sampled sensor data. This method allows us to achieve 99.3% user verification accuracy and successfully prevent a session takeover attack within 12 seconds with less than 1% of false attack detection.<\/jats:p>","DOI":"10.1145\/3432206","type":"journal-article","created":{"date-parts":[[2020,12,18]],"date-time":"2020-12-18T15:39:14Z","timestamp":1608305954000},"page":"1-29","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":22,"title":["Not Quite Yourself Today"],"prefix":"10.1145","volume":"4","author":[{"given":"Andra\u017e","family":"Kra\u0161ovec","sequence":"first","affiliation":[{"name":"University of Ljubljana, Ljubljana, Slovenia"}]},{"given":"Daniel","family":"Pellarini","sequence":"additional","affiliation":[{"name":"University of Ljubljana, Ljubljana, Slovenia"}]},{"given":"Dimitrios","family":"Geneiatakis","sequence":"additional","affiliation":[{"name":"European Commission, Joint Research Centre (JRC), Ispra, Ispra (VA), Italy"}]},{"given":"Gianmarco","family":"Baldini","sequence":"additional","affiliation":[{"name":"European Commission, Joint Research Centre (JRC), Ispra, Ispra (VA), Italy"}]},{"given":"Veljko","family":"Pejovi\u0107","sequence":"additional","affiliation":[{"name":"University of Ljubljana, Ljubljana, Slovenia"}]}],"member":"320","published-online":{"date-parts":[[2020,12,18]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2018.00042"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516674"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991091"},{"key":"e_1_2_1_4_1","volume-title":"Anazida Zainal, Huwaida Tagelsir Elshoush, and Fatin Elhaj.","author":"Alhaj Taqwa Ahmed","year":"2016"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/3214261"},{"key":"e_1_2_1_6_1","volume-title":"Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC '12)","author":"Aviv Adam J.","year":"2095"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2994620.2994621"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/581271.581272"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/2702123.2702252"},{"key":"e_1_2_1_10_1","doi-asserted-by":"crossref","unstructured":"Tadeusz Cali\u0144ski and Harabasz JA. 1974. A Dendrite Method for Cluster Analysis. Communications in Statistics - Theory and Methods 3 (01 1974) 1--27. https:\/\/doi.org\/10.1080\/03610927408827101 Tadeusz Cali\u0144ski and Harabasz JA. 1974. A Dendrite Method for Cluster Analysis. Communications in Statistics - Theory and Methods 3 (01 1974) 1--27. https:\/\/doi.org\/10.1080\/03610927408827101","DOI":"10.1080\/03610927408827101"},{"key":"e_1_2_1_11_1","volume-title":"A Novel Filter Feature Selection Method Using Rough Set for Short Text Data. Expert Systems with Applications","author":"Cekik Rasim","year":"2020"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3212725.3212732"},{"key":"e_1_2_1_13_1","unstructured":"Centrify. 2019. Privileged Access Management in the Modern Threatscape. https:\/\/www.centrify.com\/resources\/centrify-privileged-access-management-in-the-modern-threatscape-2019\/ Centrify. 2019. Privileged Access Management in the Modern Threatscape. https:\/\/www.centrify.com\/resources\/centrify-privileged-access-management-in-the-modern-threatscape-2019\/"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2017.06.012"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/3290607.3312986"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2013.05.005"},{"key":"e_1_2_1_17_1","volume-title":"IEEE International Conference of the Biometrics Special Interest Group (BIOSIG'13)","author":"Deutschmann Ingo","year":"2013"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660273"},{"key":"e_1_2_1_19_1","volume-title":"Continuous Mobile Authentication Using Virtual Key Typing Biometrics. In 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications. 1547--1552","author":"Feng T."},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2012.2225048"},{"key":"e_1_2_1_21_1","volume-title":"Chang Tsun Li, and Yosi Keller","author":"Guan Yu","year":"2014"},{"key":"e_1_2_1_22_1","volume-title":"Proceedings of the Tenth USENIX Conference on Usable Privacy and Security (SOUPS '14)","author":"Harbach Marian","year":"2014"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3328919"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/WIFS.2017.8267670"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/BTAS.2012.6374552"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3003733.3003764"},{"key":"e_1_2_1_27_1","volume-title":"Research in Attacks","author":"Khan Hassan"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2017.201"},{"key":"e_1_2_1_29_1","first-page":"215","article-title":"Workarounds to computer access in healthcare organizations: you want my password or a dead patient","volume":"15","author":"Koppel Ross","year":"2015","journal-title":"ITCH"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1103\/PhysRevE.69.066138"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/502152.502153"},{"key":"e_1_2_1_32_1","volume-title":"International Journal of Information Security 13 (06","author":"Li Fudong","year":"2013"},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2841347"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3359303"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/TBIOM.2019.2918307"},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-016-0340-2"},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/34.908974"},{"key":"e_1_2_1_38_1","volume-title":"Quantile Regression Forests. Journal of Machine Learning Research","author":"Meinshausen Nicolai","year":"2006"},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/1460412.1460445"},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/2307636.2307666"},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISBA.2016.7477228"},{"key":"e_1_2_1_42_1","volume-title":"Thirteenth Symposium on Usable Privacy and Security ({SOUPS}","author":"Naeini Pardis Emami","year":"2017"},{"key":"e_1_2_1_43_1","volume-title":"The House That Knows You: User Authentication Based on IoT Data. CoRR abs\/1908.00592","author":"Ongun Talha","year":"2019"},{"key":"e_1_2_1_44_1","volume-title":"Continuous User Authentication on Mobile Devices: Recent progress and remaining challenges","author":"Patel Vishal M.","year":"2016"},{"key":"e_1_2_1_45_1","volume-title":"International Journal of Advanced Engineering Research and Science (IJAERS)","author":"Roy Soumen","year":"2015"},{"key":"e_1_2_1_46_1","volume-title":"Applications, Challenges and Solutions","author":"Roy Soumen","year":"2017"},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/3267323.3268950"},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2015.06.013"},{"key":"e_1_2_1_49_1","volume-title":"International Conference on Information Security. Springer, 99--113","author":"Shi Elaine","year":"2010"},{"key":"e_1_2_1_50_1","volume-title":"Hien Thi Thu Truong, and N. Asokan","author":"Shrestha Babins","year":"2014"},{"key":"e_1_2_1_51_1","volume-title":"Balagani","author":"Sitova Zdenka","year":"2015"},{"key":"e_1_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2013.33"},{"key":"e_1_2_1_53_1","volume-title":"Internet of Things (IoT) connected devices installed base worldwide from 2015 to","year":"2025"},{"key":"e_1_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/3351262"},{"key":"e_1_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCAIS.2012.6466615"},{"key":"e_1_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/3264948"},{"key":"e_1_2_1_57_1","volume-title":"2017 2nd International conferences on Information Technology, Information Systems and Electrical Engineering (ICITISEE). 342--347","author":"Ratna Wati Dwi Ana","year":"2017"},{"key":"e_1_2_1_58_1","volume-title":"Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems (CHI '19)","author":"Wolf Flynn"},{"key":"e_1_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/2185448.2185465"},{"key":"e_1_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1504\/IJBM.2008.018665"},{"key":"e_1_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.adhoc.2018.09.015"},{"key":"e_1_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2010.03.001"},{"key":"e_1_2_1_63_1","volume-title":"DeepKey: An EEG and Gait Based Dual-Authentication System. CoRR abs\/1706.01606","author":"Zhang Xiang","year":"2017"}],"container-title":["Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3432206","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3432206","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:47:09Z","timestamp":1750193229000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3432206"}},"subtitle":["Behaviour-Based Continuous Authentication in IoT Environments"],"short-title":[],"issued":{"date-parts":[[2020,12,17]]},"references-count":63,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2020,12,17]]}},"alternative-id":["10.1145\/3432206"],"URL":"https:\/\/doi.org\/10.1145\/3432206","relation":{},"ISSN":["2474-9567"],"issn-type":[{"value":"2474-9567","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,12,17]]},"assertion":[{"value":"2020-12-18","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}