Statistical Decision Making for Authentication and Intrusion Detection

TL;DR

This paper introduces a statistical decision-making approach for authentication and intrusion detection, addressing the challenge of scarce or nonexistent impostor data, and demonstrates its effectiveness on real-world RFID access control data.

Contribution

It proposes a novel statistical decision-making method that outperforms traditional models in scenarios with limited adversary data, applicable to security systems.

Findings

Significantly outperforms classical world model approach

Effective on complex real-world RFID data

Potentially useful in other adversary data-scarce scenarios

Abstract

User authentication and intrusion detection differ from standard classification problems in that while we have data generated from legitimate users, impostor or intrusion data is scarce or non-existent. We review existing techniques for dealing with this problem and propose a novel alternative based on a principled statistical decision-making view point. We examine the technique on a toy problem and validate it on complex real-world data from an RFID based access control system. The results indicate that it can significantly outperform the classical world model approach. The method could be more generally useful in other decision-making scenarios where there is a lack of adversary data.