Mitigating insider threat by profiling users based on mouse usage pattern: ensemble learning and frequency domain analysis

Exploring novel security layers in academia and industry is always a concern due to the types of malware developing currently. Adding a widely applicable security layer into existing ones in terms of verification can be achieved by profiling users by their behaviors. A great candidate may be mouse dynamics. The nature of behavioral biometry based on mouse dynamics contains less sensitive data and still can perform well enough. We present a verification model based on assigning legality scores to individual mouse actions and aggregate these scores to assign a legality probability to the whole session while investigating frequency domain features of movement sequences. How the combinational schemes can improve the performance of the overall system is also investigated. The publicly known Balabit Dataset which contains 10 users’ training and test sessions is used for evaluation. The classifiers are trained with only training sessions and evaluated on test sessions. After extensive several experiments, equal error rate with a value of 7.46% and area under the receiver operating characteristic curve with a value of 96.47% are achieved.