FAR FRR and user interaction

Hi;

I am implementing a program that records user behavior and since i need to write something technical on it, i need to refer FAR, FRR concepts.

My primary problem is that how can generate those values? Or what is the statistical approach? (Number of users who are using and say, system is succeeding to understand the behavior or fails). What is the starting point for this?

Best regards.
LVL 12
jazzIIIloveAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

d-glitchCommented:
You need to decide and describe what you are trying to do in significantly more detail.

False Acceptance Rate (FAR)  and False Recognition Rate (FRR) are typically used for processing biometric data.

You could be using it for system login, or building access.  
You could be looking at fingerprints, iris scans, voice recognition, or typing cadence.

>> I am implementing a program that records user behavior

What sort of behavior are you monitoring?
The question suggests that the users have already logged in.  Is that correct?

If so what do you hope to learn by monitoring their behavior?  Are you looking for people sharing a password?

If you are starting from scratch, you need to collect lots of data to develop any meaningful statistics.



BAYOMETRIC
Sales
Phone:       1 877-91-SECURE
   (877-917-3287)
+1 408-940-3955
Email:       sales@bayometric.com
- See more at: http://www.bayometric.com/blog/false-acceptance-rate-far-false-recognition-rate-frr/#sthash.fpVaxRjW.dpuf
0
jazzIIIloveAuthor Commented:
Hi;

Thanks for the input. I am recording user behavior starting from login procedure. I need to compare user behavior with SSO vs just plain SSO.

The user behavior is acting like post authentication.

I don't know how i can do the comparison. Do i need to refer that FAR and FRR? I am rather blinded here.

Br-
0
d-glitchCommented:
>>   I am recording user behavior starting from login
But what sort of behavior are you looking at?

>>  user behavior is acting like post authentication.
Why are you doing this?  What problem are you trying to solve?
Do you actually have unauthorized users gaining access to your system?

>>  I need to compare user behavior with SSO vs just plain SSO.
I don't know what this means.  But if you are trying to compare current behavior or a particular user with past behavior of the same user, then you must have a substantial data base of past user behavior.  Do you have such a data base?

If you do have a data base of user behavior, you should mine it.  
If user A logs in, presumably he will match the behavioral profile of User A.
But you can also check him against users B, C, D, ....  ZZZZ.
This sort of testing will tell you how many types of users you have, and if you behavioral profiles have sufficient resolution.

If a user's behavior does fails to match the historical prediction, what sort of action do you expect to take?
1
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

jazzIIIloveAuthor Commented:
Hi,

Thanks for extremely valuable inputs. I will have a database of user actions and a template database which is for comparison.

I don't know what to do if the user pattern does not fit to the template database. I have to produce something scientific out of this but i am not sure how to proceed on the methodology. Should i have some statistical analysis? If so, any link for this?

Best regards.
0
d-glitchCommented:
Are you designing a product or service?
Or trying to protect an existing system?
Or doing some sort of academic research?

In any case, I don't believe you can manufacture the data to build user templates, you must collect it.  
And I imagine this will have to be an iterative process.  You won't know if you have good user templates until you test them against user behavior.

You can't do any statistical analysis until you have some statistics.  The sort of tests I mentioned in an earlier post (data mining), would get you some of the data you need to get started.  

Do you have access and permission to monitor real users on a real system?
0
jazzIIIloveAuthor Commented:
Hi;

I am designing an addon that provides second factor authentication and i need to formulate this for academic research.

This doesn't involve a real system and real users currently.

What kind of statistics can i grab in such a setup having second factor authentication?

Br.
0
jazzIIIloveAuthor Commented:
Can you give a step by step approach? Like setup an environment for X number of users and they test etc..but what to collect in that sense?

Any reference links for similar works?

Br.
0
d-glitchCommented:
I can't really tell what you are trying to do.  I don't know if this is because you aren't sure either or because you are dealing with proprietary information.

I recommend you make a document that outlines your planned research/product in detail even if you can share it.

What is your target platform and operating system?

What is the problem you believe exists and what is your potential solution?

A cell phone/tablet example:
People have personal data on cell phones, as well as credit card and banking information.
Cell phone passwords are weak and optional.  
I would like to develop an app that would provide a level of protection even to users that don't bother with cell phone passwords.
The app will monitor user behavior and lock the phone when abnormal behavior is detected.
You would have to define normal and abnormal behaviors, and train the app to tell the difference.
I would expect an app like this to have significant performance and aggravation issues.

As far as data collection is concerned, you should probably look at key logging software.  Maybe there is one available for your target platform.
Key loggers are used for studying computer/user interaction in academic and development settings.  But there are also significant security and privacy issues.  
You might be able to recruit volunteers to install this on their phones/tablets/workstations and start collecting data.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jazzIIIloveAuthor Commented:
Hi;

Thanks for the inputs. I will come with another update.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.