Oleksiy Mazhelis, Seppo Puuronen


Modern personal mobile devices, as mobile phones, smartphones, and communicators can be easily lost or stolen. Due to the functional abilities of these devices, their use by an unintended person may result in a severe security incident concerning private or corporate data and services. The means of user substitution detection are needed to be able to detect situations when a device is used by a non-legitimate user. In this paper, the problem of user substitution detection is considered as a one-class classification problem where the current user behavior is classified as the one of the legitimate user or of another person. Different behavioral characteristics are to be analyzed independently by dedicated one-class classifiers. In order to combine the classifications produced by these classifiers, a new combining rule is proposed. This rule is applied in a way that makes the outputs of dedicated classifiers independent on the dimensionality of underlying behavioral characteristics. As a result, the overall classification accuracy may improve significantly as illustrated in the simulated experiments presented.


  1. Aggarwal, C. C. and Yu, P. S. (2001). Outlier detection for high dimensional data. In Proceedings of the 2001 ACM SIGMOD international conference on Management of data, pages 37-46. ACM Press.
  2. Anderson, D., Lunt, T., Javitz, H., Tamaru, A., and Valdes, A. (1995). Detecting unusual program behavior using the statistical components of NIDES. SRI Techincal Report SRI-CRL-95-06, Computer Science Laboratory, SRI International.
  3. Bishop, C. M. (1995). Neural Networks for Pattern Recognition. Oxford University Press, Oxford.
  4. Burge, P. and Shawe-Taylor, J. (1997). Detecting cellular fraud using adaptive prototypes. In AAAI-97 Workshop on AI Approaches to Fraud Detection and Risk Management, pages 1-8. AAAI Press.
  5. Cahill, M., Lambert, D., Pinheiro, J., and Sun, D. (2000). Detecting fraud in the real world. Technical report, Bell Labs, Lucent Technologies.
  6. Clarke, N. L., Furnell, S. M., Rodwell, P. M., and Reynolds, P. L. (2002). Acceptance of subscriber authentication methods for mobile telephony devices. Computers & Security, 21(3):220-228.
  7. Dasarathy, B. V. (1994). Decision Fusion. IEEE Computer Society Press.
  8. Eskin, E., Arnold, A., Prerau, M., Portnoy, L., and Stolfo, S. (2002). Data Mining for Security Applications, chapter A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data. Kluwer.
  9. Kittler, J. and Alkoot, F. (2000). Multiple expert system design by combined feature selection and probability level fusion. In Proceedings of the Fusion'2000, Third International Conference on Information Fusion, volume 2, pages 9-16.
  10. Kittler, J., Hatef, M., Duin, R. P., and Matas, J. (1998). On combining classi ers. IEEE Transactions on Pattern Analysis and Machine Intelligence, 20(3):226-239.
  11. Kumar, S. (1995). Classi cation and Detection of Computer Intrusions. Ph.D. thesis, Purdue University.
  12. Kuncheva, L. (2002). A theoretical study on six classi er fusion strategies. IEEE Transactions on Pattern Analysis and Machine Intelligence, 24(2):281-286.
  13. Manganaris, S., Christensen, M., Zerkle, D., and Hermiz, K. (2000). A data mining analysis of RTID alarms. Computer Networks, 34(4):571-577.
  14. Monrose, F. and Rubin, A. D. (2000). Keystroke dynamics as a biometric for authentication. Future Generation Computing Systems (FGCS) Journal: Security on the Web (special issue).
  15. Samfat, D. and Molva, R. (1997). IDAMN: An intrusion detection architecture for mobile networks. IEEE Journal on Selected Areas in Communications, 7(15):1373-1380.
  16. Schonlau, M., DuMouchel, W., Ju, W., Karr, A., Theus, M., and Vardi, Y. (2001). Computer intrusion: Detecting masquerades. Statistical Science, 16(1):58-74.
  17. Seleznyov, A. (2002). An Anomaly Intrusion Detection System Based on Intelligent User Recognition. Ph.D. thesis, Department of computer Science and Information Systems, University of Jyvskylä, Finland.
  18. Sequeira, K. and Zaki, M. (2002). ADMIT: anomalybased data mining for intrusions. In Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining, pages 386- 395, Edmonton, Alberta, Canada. ACM Press.
  19. Swets, J. A. (1988). Measuring the accuracy of diagnostic systems. Science, 240(4857):1285-1289.
  20. Tax, D. (2001). One-class classi cation. Ph.D. thesis, Delft University of Technology.
  21. Tax, D. and Duin, R. (2000). Experiments with classi er combining rules. In MCS 2000, volume 2 of Lecture Notes in Computer Science, pages 16-29. SpringerVerlag.
  22. Tax, D., van Breukelen, M., Duin, R., and Kittler, J. (2000). Combining multiple classi ers by averaging or by multiplying? Pattern Recognition, 33(9):1475-1485.
  23. Valdes, A. and Skinner, K. (2000). Adaptive, model-based monitoring for cyber attack detection. In Debar, H., Me, L., and Wu, F., editors, Recent Advances in Intrusion Detection (RAID 2000), number 1907 in Lecture Notes in Computer Science, pages 80-92, Toulouse, France. Springer-Verlag.
  24. Verlinde, P., Chollet, G., and Acheroy, M. (2000). Multimodal identity veri cation using expert fusion. Information Fusion, 1(1):17-33.
  25. Wolpert, D. H. (1992). Stacked generalization. Neural Networks, 5(2):241-259.
  26. Xu, L., Krzyzak, A., and Suen, C. Y. (1992). Methods for combining multiple classi ers and their applications to handwriting recognition. IEEE Transactions on Systems, Man, and Cybernetics, 22(3):418-435.
  27. Yamanishi, K., Takeuchi, J.-I., Williams, G., and Milne, P. (2000). On-line unsupervised outlier detection using nite mixtures with discounting learning algorithms. In Proceedings of the sixth ACM SIGKDD international conference on Knowledge discovery and data mining, pages 320-324. ACM Press.
  28. Ye, N. and Chen, Q. (2001). An anomaly detection technique based on a chi-square statistic for detecting intrusions into information systems. Quality and Reliability Engineering International, 17(2):105-112.

Paper Citation

in Harvard Style

Mazhelis O. and Puuronen S. (2004). COMBINING ONE-CLASS CLASSIFIERS FOR MOBILE-USER SUBSTITUTION DETECTION . In Proceedings of the Sixth International Conference on Enterprise Information Systems - Volume 4: ICEIS, ISBN 972-8865-00-7, pages 130-137. DOI: 10.5220/0002639901300137

in Bibtex Style

author={Oleksiy Mazhelis and Seppo Puuronen},
booktitle={Proceedings of the Sixth International Conference on Enterprise Information Systems - Volume 4: ICEIS,},

in EndNote Style

JO - Proceedings of the Sixth International Conference on Enterprise Information Systems - Volume 4: ICEIS,
SN - 972-8865-00-7
AU - Mazhelis O.
AU - Puuronen S.
PY - 2004
SP - 130
EP - 137
DO - 10.5220/0002639901300137