User Behavioral Modeling of Web-based Systems for Continuous User Authentication

Authentication plays an important role in how we interact with computers, mobile devices, the web, etc. The idea of authentication is to uniquely identify a user before granting access to system privileges. For example, in recent years more corporate information and applications have been accessible via the Internet and Intranet. Many employees are working from remote locations and need access to secure corporate files. During this time, it is possible for malicious or unauthorized users to gain access to the system. For this reason, it is logical to have some mechanism in place to detect whether the logged-in user is the same user in control of the user's session. Therefore, highly secure authentication methods must be used. We posit that each of us is unique in our use of computer systems. It is this uniqueness that is leveraged to "continuously authenticate users" while they use web software. To monitor user behavior, n-gram models are used to capture user interactions with web-based software. This statistical language model essentially captures sequences and sub-sequences of user actions, their orderings, and temporal relationships that make them unique by providing a model of how each user typically behaves. Users are then continuously monitored during software operations. Large deviations from "normal behavior" can possibly indicate malicious or unintended behavior. This approach is implemented in a system called Intruder Detector (ID) that models user actions as embodied in web logs generated in response to a user's actions. User identification through web logs is cost-effective and non-intrusive. We perform experiments on a large fielded system with web logs of approximately 4000 users. For these experiments, we use two classification techniques; binary and multi-class classification. We evaluate model-specific differences of user behavior based on coarse-grain (i.e., role) and fine-grain (i.e., individual) analysis. A specific set of metrics are used to provide valuable insight into how each model performs. Intruder Detector achieves accurate results when identifying legitimate users and user types. This tool is also able to detect outliers in role-based user behavior with optimal performance. In addition to web applications, this continuous monitoring technique can be used with other user-based systems such as mobile devices and the analysis of network traffic.

From Cash to Electronic Payments: Microeconomic, Macroeconomic, and Policy Aspects of Retail Payment Systems

This dissertation explores three aspects of the economics and policy issues surrounding retail payments (low-value frequent payments): the microeconomic aspect, by measuring costs associated with retail payment instruments; the macroeconomic aspect, by quantifying the impact of the use of electronic rather than paper-based payment instruments on consumption and GDP; and the policy aspect, by identifying barriers that keep countries stuck with outdated payment systems, and recommending policy interventions to move forward with payments modernization. Payment system modernization has become a prominent part of the financial sector reform agenda in many advanced and developing countries. Greater use of electronic payments rather than cash and other paper-based instruments would have important economic and social benefits, including lower costs and thereby increased economic efficiency and higher incomes, while broadening access to the financial system, notably for people with moderate and low incomes. The dissertation starts with a general introduction on retail payments. Chapter 1 develops a theoretical model for measuring payments costs, and applies the model to Guyana—an emerging market in the midst of the transition from paper to electronic payments. Using primary survey data from Guyanese consumers, the results of the analysis indicate that annual costs related to the use of cash by consumers reach 2.5 percent of the country’s GDP. Switching to electronic payment instruments would provide savings amounting to 1 percent of GDP per year. Chapter 2 broadens the analysis to calculate the macroeconomic impacts of a move to electronic payments. Using a unique panel dataset of 76 countries across the 17-year span from 1998 to 2014 and a pooled OLS country fixed effects model, Chapter 2 finds that on average, use of debit and credit cards contribute USD 16.2 billion to annual global consumption, and USD 160 billion to overall annual global GDP. Chapter 3 provides an in-depth assessment of the Albanian payment cards and remittances market and recommends a set of incentives and regulations (both carrots and sticks) that would allow the country to modernize its payment system. Finally, the conclusion summarizes the lessons of the dissertation’s research and brings forward issues to be explored by future research in the retail payments area.

Evaluating Risks of Dam-Reservoir Systems Using Efficient Importance Sampling

The occurrence frequency of failure events serve as critical indexes representing the safety status of dam-reservoir systems. Although overtopping is the most common failure mode with significant consequences, this type of event, in most cases, has a small probability. Estimation of such rare event risks for dam-reservoir systems with crude Monte Carlo (CMC) simulation techniques requires a prohibitively large number of trials, where significant computational resources are required to reach the satisfied estimation results. Otherwise, estimation of the disturbances would not be accurate enough. In order to reduce the computation expenses and improve the risk estimation efficiency, an importance sampling (IS) based simulation approach is proposed in this dissertation to address the overtopping risks of dam-reservoir systems. Deliverables of this study mainly include the following five aspects: 1) the reservoir inflow hydrograph model; 2) the dam-reservoir system operation model; 3) the CMC simulation framework; 4) the IS-based Monte Carlo (ISMC) simulation framework; and 5) the overtopping risk estimation comparison of both CMC and ISMC simulation. In a broader sense, this study meets the following three expectations: 1) to address the natural stochastic characteristics of the dam-reservoir system, such as the reservoir inflow rate; 2) to build up the fundamental CMC and ISMC simulation frameworks of the dam-reservoir system in order to estimate the overtopping risks; and 3) to compare the simulation results and the computational performance in order to demonstrate the ISMC simulation advantages. The estimation results of overtopping probability could be used to guide the future dam safety investigations and studies, and to supplement the conventional analyses in decision making on the dam-reservoir system improvements. At the same time, the proposed methodology of ISMC simulation is reasonably robust and proved to improve the overtopping risk estimation. The more accurate estimation, the smaller variance, and the reduced CPU time, expand the application of Monte Carlo (MC) technique on evaluating rare event risks for infrastructures.