ThreatCog: An adaptive and lightweight mobile user authentication system with enhanced motion sensory signals

Abstract

The widespread adoption of mobile applications has driven the development of various user authentication methods for mobile devices. Recently, motion sensor-based mobile user authentication methods have been introduced to offer point-of-entry authentication by utilizing passive sensor data without requiring user interaction. Nonetheless, existing methods based on motion sensor signals face several challenges: (1) inadequate processing of motion sensor data, leading to inaccurate user behavior feature extraction, (2) insufficient capability to capture common user behaviors, and (3) high data requirements and retraining efforts needed when adding new users.

In this paper, we introduce ThreatCog, a lightweight and adaptive mobile user authentication system that enhances the utilization of motion sensory signals, including accelerometers, gyroscopes, and gravity sensors. To address the first challenge, our method uses signal enhancement technique to make user behavior features more prominent in the data. For the second challenge, during training, the system employs an attention mechanism to extract common behavioral characteristics across users, allowing effective authentication without the need to differentiate between various user behavior contexts. Finally, to overcome the third challenge, the system uses few-shot learning to support new users, validating authentication effectiveness through n-shot testing, where only a small number of samples are required during the registration phase. Extensive experiments on mobile devices demonstrate that ThreatCog enables fast and accurate user authentication. Notably, ThreatCog achieves an impressive 98% accuracy, outperforming SOTA systems.