IBM patents fraudster detection technology for websites, mobile apps

IBM researchers have developed a technique that website operators, cloud service providers and mobile application developers could use to spot a fraudster who has stolen an account holder's credentials.

The patented technology builds a profile on each person using a site or app based on his navigation habits recorded through the browser. Metrics are collected through the computer mouse and keyboard and the touchscreen on a tablet or smartphone.

"Everyone has a distinct way, at a very subconscious level, of interacting with the browser," Keith Walker, an IBM master inventor, said Tuesday.

Details gathered to increase the accuracy of correctly identifying people include how long they hover over a link or button before clicking and whether they scroll through pages using a touchpad, mouse or page up and page down keys.

Mouse movements alone can be distinctive. Some people will move directly to objects to click, while others will do the "digital equivalent of doodling," Walker said.

"They'll just randomly move their mouse around for no apparent reason," he said.

The researchers found they could build a profile in roughly 15 minutes in one session or over several sessions. The prototype system used to test the technique had 100 percent accuracy for the 20 people used in the research.

"In a large scale, it (accuracy rate) would not be 100 percent," Walker said. "It would be less, but it would be very, very high."

Walker and his colleague Brian O'Connell built a client-side app using AJAX, which stands for asynchronous JavaScript and XML. The group of interrelated Web development techniques is used to build apps that run in the browser and can send and retrieve data from a server. AJAX apps load automatically and do not require a plugin.

The analytical software that would compare activity to an account holder's profile could be on the web server or somewhere else on the network. If the percentage of matching activity fell below a pre-configured threshold, then the site could ask for the answer to a security question or perform some other type of authentication.

The sensitivity of the trigger would depend on the transaction. For example, a banking site could require near 100 percent identification of the user for transfers involving large amounts of money.

IBM has received a patent for the technology, called a "user-browser interaction-based fraud detection system." The invention is not meant to replace user names and passwords, but rather to catch fraudsters before they cause much damage.

The system would be useful on any eCommerce site or cloud-based service where sensitive user information is stored, such as credit card numbers, bank account information or personal data like home and email addresses and date of birth.

While there's no timetable for bringing the invention to market, Walker believes it would be a good fit for IBM's Trusteer Pinpoint, which watches for traffic anomalies that would indicate malware on devices connecting to a corporate network.

"We're actively talking to the Trusteer people," O'Connell said.

Security is an area IBM has said it will target as part of its strategy for reversing a string of quarterly revenue declines, due in part to slowing hardware sales. Other growth areas on IBM's radar include cloud services and big data analytics.

Join the CSO newsletter!

Error: Please check your email address.

Tags applicationsIBMcloud security innovationsecurityData Protection | Application Securityapplication securityData Protection | Cloud SecurityAccess control and authenticationfraud detection systemssoftwaredata protection

More about IBM AustraliainventorTrusteerTrusteerTrusteer

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place