資訊安全向來為社交網路服務重要的探討議題，例如：Facebook, Youtube, Twitter……等。為保護使用者的隱私，服務提供者通常會在使用者登入時利用身份認證機制檢查其是否為合法帳號擁有者，但是使用者登入後卻沒有持續性的監控。現實生活中，人們為了使用的便利性，常常將帳號密碼儲存在瀏覽器或APIs，而且使用完從不登出，此時如果實體機器被非合法使用者竊取，私人資料便有暴露的可能。因此，我們需要持續性偵測來保護社交網路的使用者。傳統持續性偵測方法著重在分析生物資訊辨識或硬體操作軌跡，除了昂貴的監控設備，更可能造成另一層面的隱私問題。
本篇論文針對上述實體機器被非帳號擁有者竊取所造成的隱私問題，提出一種新的持續性偵測方法，此方法基於使用者使用行為，而且不需部署額外設備。首先我們從HTTP/HTTPS記錄萃取出139個足以描述行為的特徵，接著用1-norm support vector machine (SVM)剔除noise特徵，選出並排序候選特徵組，再用forward feature selection選出最終特徵組，最後smooth SVM根據最終特徵組建出偵測模型。
實驗結果顯示本篇的方法在社交網路服務使用者使用7分鐘後可以達到90%以上的偵測準確度，甚至在前2分鐘已經可以達到80%以上的水準。

The privacy and security are always the top issues when people use online social networking services (SNS) such as Facebook, Youtube, Twitter, Linkedin, etc. To protect the privacy of SNS users, the login authentication has been designed to identify the legal account users, but this process can not guarantee the security of the accounts after logging in. In real world, people are usually lazy and let browsers or SNS application programming interfaces (APIs) keep their authentication information and never log out. This situation makes their SNS accounts be accessed by others illegal account users very easily without any professional hack technology, and we called it usage stealing. To deal with this problem, a suitable continuous authentication is needed. Traditional continuous authentications are achieved by detecting the suspicious behavior of keyboard typing, mouse movement, touchscreen operation, or monitoring users' biometric information. These methods are usually limited by the monitoring environment and cost-prohibitive for servers to compute and keep the model for every individual user.
In this thesis, we propose a novel continuous authentication approach based on the user behavior. We take Facebook as our case study and analyze actions users make on it. First, gathering the chronological action list from HTTP/HTTPS POST/GET requests made by users in the observing period and extracting 139 universal features from every list. Then we use 1-norm support vector machine (SVM) for feature selection to rank every feature and select a candidate feature set before applying the forward feature selection which helps us decide the final feature set. After that, we utilize smooth SVM to build the usage stealing detection model. The result shows that our approach can achieve the accuracy over 90% after 7 minutes and even within 2 minutes, we can obtain an 80% accuracy.

[1] Livia CF Araujo, Luiz HR Sucupira Jr, Miguel G Lizarraga, Lee L Ling, and Joao BT
Yabu-Uti. User authentication through typing biometrics features. Signal Processing,
IEEE Transactions on, 53(2):851{855, 2005.
[2] Marco Balduzzi, Christian Platzer, Thorsten Holz, Engin Kirda, Davide Balzarotti,
and Christopher Kruegel. Abusing social networks for automated user pro ling. In
Recent Advances in Intrusion Detection, pages 422{441. Springer, 2010.
[3] Fabr cio Benevenuto, Tiago Rodrigues, Meeyoung Cha, and Virg lio Almeida. Char-
acterizing user behavior in online social networks. In Proceedings of the 9th ACM SIG-
COMM conference on Internet measurement conference, pages 49{62. ACM, 2009.
[4] Leyla Bilge, Thorsten Strufe, Davide Balzarotti, and Engin Kirda. All your contacts
are belong to us: automated identity theft attacks on social networks. In Proceedings
of the 18th international conference on World wide web, pages 551{560. ACM, 2009.
[5] Josh Constine. Facebook has users identify friends in photos to verify accounts.
http://www.insidefacebook.com/2010/07/26/facebook-photos-verify, 2010.
[6] Josh Constine. Facebook asks every user for a veried phone number to prevent
security disaster.
http://techcrunch.com/2012/06/14/facebook-security-tips, 2012.
[7] Nello Cristianini and John Shawe-Taylor. An introduction to support vector machines
and other kernel-based learning methods. Cambridge university press, 2000.
[8] Leucio Antonio Cutillo, Re k Molva, and Thorsten Strufe. Safebook: A privacy-
preserving online social network leveraging on real-life trust. Communications Mag-
azine, IEEE, 47(12):94{101, 2009.
[9] Alexander De Luca, Alina Hang, Frederik Brudy, Christian Lindner, and Heinrich
Hussmann. Touch me once and i know it's you!: implicit authentication based on
touch screen patterns. In Proceedings of the 2012 ACM annual conference on Human
Factors in Computing Systems, pages 987{996. ACM, 2012.
[10] Pedro Domingos. A few useful things to know about machine learning. Communi-
cation of the ACM, 55(10), Oct. 2012.
39
[11] Facebook. Facebook security.
http://www.facebook.com/security, 2012.
[12] Facebook. Removal of o ine access permission.
https://developers.facebook.com/roadmap/offline-access-removal, 2012.
[13] Lujun Fang and Kristen LeFevre. Privacy wizards for social networking sites. In
Proceedings of the 19th international conference on World wide web, pages 351{360.
ACM, 2010.
[14] Adrienne Felt and David Evans. Privacy protection for social networking apis. 2008
Web 2.0 Security and Privacy (W2SP08), 2008.
[15] Keith Hampton. Who are social networking site users?
http://pewinternet.org/Reports/2011/Technology-and-social-networks/
Part-2/Facebook-activities.aspx, 2011.
[16] Ed Hansberry. Most consumers don't lock mobile phone via pin.
http://www.informationweek.com/mobility/security/most-consumers-dont-
lock-mobile-phone-vi/231700155, 2011.
[17] Jianming He, Wesley W Chu, and Zhenyu Victor Liu. Inferring privacy informa-
tion from social networks. In Intelligence and Security Informatics, pages 154{165.
Springer, 2006.
[18] Chien-Ming Huang, Yuh-Jye Lee, Dennis Lin, and Su-Yun Huang. Model selection
for support vector machines via uniform design. Computational Statistics & Data
Analysis, 52(1):335{346, 2007.
[19] Ron Kohavi and George H John. Wrappers for feature subset selection. Arti cial
intelligence, 97(1):273{324, 1997.
[20] Balachander Krishnamurthy and Craig E Wills. Characterizing privacy in online
social networks. In Proceedings of the rst workshop on Online social networks,
pages 37{42. ACM, 2008.
[21] Balachander Krishnamurthy and Craig E Wills. On the leakage of personally identi -
able information via online social networks. In Proceedings of the 2nd ACM workshop
on Online social networks, pages 7{12. ACM, 2009.
[22] Cli AC Lampe, Nicole Ellison, and Charles Stein eld. A familiar face (book):
pro le elements as signals in an online social network. In Proceedings of the SIGCHI
conference on Human factors in computing systems, pages 435{444. ACM, 2007.
[23] Yuh-Jye Lee and Olvi Mangasarian. SSVM: A smooth support vector machine for
classi cation. Computational Optimization and Applications, 20(1):5{22, 2001.
[24] Victor C Liang and Vincent TY Ng. A collective synchronous behavior model on
social media. In Proceedings of the 2012 workshop on Data-driven user behavioral
modelling and mining from social media, pages 3{6. ACM, 2012.
40
[25] Daw-Tung Lin. Computer-access authentication with neural network based keystroke
identity veri cation. In Neural Networks, 1997., International Conference on, vol-
ume 1, pages 174{178. IEEE, 1997.
[26] Wanying Luo, Qi Xie, and Urs Hengartner. Facecloak: An architecture for user
privacy on social networking sites. In Computational Science and Engineering, 2009.
CSE'09. International Conference on, volume 3, pages 26{33. IEEE, 2009.
[27] Paul Mah. Stored passwords add to mobile security riscks.
http://www.itbusinessedge.com/cm/blogs/mah/stored-passwords-add-to-
mobile-security-risks/?cs=47183, 2011.
[28] Shah Mahmood and Yvo Desmedt. Your facebook deactivated friend or a cloaked spy.
In Pervasive Computing and Communications Workshops (PERCOM Workshops),
2012 IEEE International Conference on, pages 367{373. IEEE, 2012.
[29] Marcelo Maia, Jussara Almeida, and Virg lio Almeida. Identifying user behavior in
online social networks. In Proceedings of the 1st workshop on Social network systems,
pages 1{6. ACM, 2008.
[30] Figueiredo Mario, Nowak Robert, andWright Stephen. Gradient projection for sparse
reconstruction: Application to compressed sensing and other inverse problems. IEEE
Journal of Selected Topics in Signal Processing, 1(4):586{597, 2007.
[31] Kosinski Michal, David Stillwell, and Thore Graepel. Private traits and attributes
are predictable from digital records of human behavior. Proceedings of the National
Academy of Sciences, 2013.
[32] Fabian Monrose and Aviel D Rubin. Keystroke dynamics as a biometric for authen-
tication. Future Generation Computer Systems, 16(4):351{359, 2000.
[33] Atif Nazir, Saqib Raza, Chen-Nee Chuah, Burkhard Schipper, and CA Davis. Ghost-
busting facebook: detecting and characterizing phantom pro les in online social gam-
ing applications. Proc. of SIGCOMM WOSN, 2010.
[34] Koichiro Niinuma and Anil K Jain. Continuous user authentication using temporal
information. Defense, Security, and Sensing, 7667:76670L, 2010.
[35] Koichiro Niinuma, Unsang Park, and Anil K Jain. Soft biometric traits for continuous
user authentication. Information Forensics and Security, IEEE Transactions on, 5
(4):771{780, 2010.
[36] Maja Pusara and Carla E Brodley. User re-authentication via mouse movements.
In Proceedings of the 2004 ACM workshop on Visualization and data mining for
computer security, pages 1{8. ACM, 2004.
[37] Fabian Schneider, Anja Feldmann, Balachander Krishnamurthy, and Walter Will-
inger. Understanding online social network usage from a network perspective. In
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement confer-
ence, pages 35{48. ACM, 2009.
41
[38] Cong Tang, Keith Ross, Nitesh Saxena, and Ruichuan Chen. Whats in a name:
A study of names, gender inference, and gender behavior in facebook. In Database
Systems for Adanced Applications, pages 344{356. Springer, 2011.
[39] Lei Tang and Huan Liu. Relational learning via latent social dimensions. In Pro-
ceedings of the 15th ACM SIGKDD international conference on Knowledge discovery
and data mining, pages 817{826. ACM, 2009.
[40] Credant Technologies. Phone data makes 4.2 million brits vulnerable to id theft.
http://www.credant.com/news-a-events/press-releases/69-phone-data-
makes-42-million-brits-vulnerable-to-id-theft.html, 2012.
[41] Rob Tibshirani. Regression shrinkage and selection via the lasso. Journal of the
Royal Statistical Society. Series B (Methodological), pages 267{288, 1996.
[42] Amin Tootoonchian, Stefan Saroiu, Yashar Ganjali, and Alec Wolman. Lockr: better
privacy for social networks. In Proceedings of the 5th international conference on
Emerging networking experiments and technologies, pages 169{180. ACM, 2009.
[43] Vladimir Vapnik. The nature of statistical learning theory. springer, 1999.
[44] Ryan Wishart, Domenico Corapi, Anil Madhavapeddy, and Morris Sloman. Privacy
butler: A personal privacy rights manager for online presence. In Pervasive Comput-
ing and Communications Workshops (PERCOM Workshops), 2010 8th IEEE Inter-
national Conference on, pages 672{677. IEEE, 2010.
[45] Ian Witten, Eibe Frank, and Mark Hall. Data Mining: Practical Machine Learning
Tools and Techniques. Morgan Kaufmann, 2005.
[46] Roland HC Yap, Terence Sim, Geraldine XY Kwang, and R Ramnath. Physical
access protection using continuous authentication. In Technologies for Homeland
Security, 2008 IEEE Conference on, pages 510{512. IEEE, 2008.
[47] Sausan Yazji, Xi Chen, Robert P Dick, and Peter Scheuermann. Implicit user re-
authentication for mobile devices. In Ubiquitous Intelligence and Computing, pages
325{339. Springer, 2009.
[48] Roger Yu. Lost cellphones added up fast in 2011.
http://usatoday30.usatoday.com/tech/news/story/2012-03-22/lost-
phones/53707448/1, 2012.
[49] Elena Zheleva and Lise Getoor. To join or not to join: the illusion of privacy in
social networks with mixed public and private user pro les. In Proceedings of the
18th international conference on World wide web, pages 531{540. ACM, 2009.
[50] Bin Zhou, Jian Pei, and WoShun Luk. A brief survey on anonymization techniques
for privacy preserving publishing of social network data. ACM SIGKDD Explorations
Newsletter, 10(2):12{22, 2008.
[51] Ji Zhu, Saharon Rosset, Trevor Hastie, and Rob Tibshirani. 1-norm support vector
machines. In Advances in Neural Information Processing Systems, volume 16, pages
49{56, 2003.