Use this URL to cite or link to this record in EThOS: http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.701579
Title: Application of power laws to biometrics, forensics and network traffic analysis
Author: Iorliam, Aamo
ISNI:       0000 0004 5992 2819
Awarding Body: University of Surrey
Current Institution: University of Surrey
Date of Award: 2016
Availability of Full Text:
Access through EThOS:
Access through Institution:
Abstract:
Tampering of biometric samples is becoming an important security concern. Attacks can occur in behavioral modalities (e.g. keyboard stroke) as well. Besides biometric data, other important security concerns are related to network traffic data on the Internet. In this thesis, we investigate the application of Power laws for biometrics, forensics and network traffic analysis. Passive detection techniques such as Benford’s law and Zipf’s law have not been investigated for the detection and forensic analysis of malicious and non-malicious tampering of biometric, keystroke and network traffic data. The Benford’s law has been reported in the literature to be very effective in detecting tampering of natural images. In this thesis, our experiments show that the biometric samples do follow the Benford’s law; and that the highest detection and localisation accuracies for the biometric face images and fingerprint images are achieved at 97.41% and 96.40%, respectively. The divergence values of Benford’s law are then used for the classification and source identification of fingerprint images with good accuracies between the range of 76.0357% and 92.4344%. Another research focus in this thesis is on the application and analysis of the Benford’s law and Zipf’s law for keystroke dynamics to differentiate between the behaviour of human beings and non-human beings. The divergence values of the Benford’s law and the P-values of the Zipf’s law based on the latency values of the keystroke data can be used effectively to differentiate between human and non-human behaviours. Finally, the Benford’s law and Zipf’s law are analysed for TCP flow size difference for the detection of malicious traffics on the Internet with AUC values between the range of 0.6858 and 1. Furthermore, the P-values of the Zipf’s law have also been found to differentiate between malicious and non-malicious network traffics, which can be potentially exploited for intrusion detection system applications.
Supervisor: Ho, Anthony T. ; Poh, Norman ; Li, Shujun Sponsor: Benue State University, Makurdi
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID: uk.bl.ethos.701579  DOI: Not available
Share: