Comparing Classifier Combining Techniques for Mobile-Masquerader Detection

Contemporary mobile terminals (smartphones, PDAs, communicators) are often used to store or access sensitive private or corporate information, and an unauthorized use of these terminals may result in an abuse of this information. In order to resist such unauthorized use, along with traditional authentication mechanisms, the means of masquerader detection can be employed. In this paper, the problem of mobile-masquerader detection is approached as a classification problem. The detection is based on the monitoring of the current user behavior and environment, and matching them with the behavior and the environment of the legitimate user. The matching is performed by an ensemble of the so-called one-class classifiers each analyzing a separate set of behavioral or environmental features, and classifying the current values of these features as belonging to the legitimate user or not. Using a combining scheme, the individual classifications of these classifiers are combined so as to improve the final classification accuracy. In the paper, three combining schemes are empirically compared in the context of mobile-masquerader detection; these are the mean of the estimated probabilities (MP), the product combination of probabilities (PP), and the modified mean of the estimated probabilities (modMP) rules. According to the results of experiments, the use of modMP rule is justified in mobile-masquerader detection, since this rule provides the classification accuracy greater than or approximately equal to the accuracy of the other rules. Meanwhile, the obtained results suggest that, for the modMP rule to provide high classification accuracy, the means of the classifier outputs need to be estimated accurately