University of Surrey

Test tubes in the lab Research in the ATI Dance Research

Application of power laws to biometrics, forensics and network traffic analysis.

Iorliam, Aamo (2016) Application of power laws to biometrics, forensics and network traffic analysis. Doctoral thesis, University of Surrey.

thesis_AIorliam.pdf - Version of Record
Available under License Creative Commons Attribution Non-commercial Share Alike.

Download (4MB) | Preview


Tampering of biometric samples is becoming an important security concern. Attacks can occur in behavioral modalities (e.g. keyboard stroke) as well. Besides biometric data, other important security concerns are related to network traffic data on the Internet. In this thesis, we investigate the application of Power laws for biometrics, forensics and network traffic analysis. Passive detection techniques such as Benford’s law and Zipf’s law have not been investigated for the detection and forensic analysis of malicious and non-malicious tampering of biometric, keystroke and network traffic data. The Benford’s law has been reported in the literature to be very effective in detecting tampering of natural images. In this thesis, our experiments show that the biometric samples do follow the Benford’s law; and that the highest detection and localisation accuracies for the biometric face images and fingerprint images are achieved at 97.41% and 96.40%, respectively. The divergence values of Benford’s law are then used for the classification and source identification of fingerprint images with good accuracies between the range of 76.0357% and 92.4344%. Another research focus in this thesis is on the application and analysis of the Benford’s law and Zipf’s law for keystroke dynamics to differentiate between the behaviour of human beings and non-human beings. The divergence values of the Benford’s law and the P-values of the Zipf’s law based on the latency values of the keystroke data can be used effectively to differentiate between human and non-human behaviours. Finally, the Benford’s law and Zipf’s law are analysed for TCP flow size difference for the detection of malicious traffics on the Internet with AUC values between the range of 0.6858 and 1. Furthermore, the P-values of the Zipf’s law have also been found to differentiate between malicious and non-malicious network traffics, which can be potentially exploited for intrusion detection system applications.

Item Type: Thesis (Doctoral)
Subjects : PhD Computer Science
Divisions : Theses
Authors :
Date : 30 November 2016
Funders : Benue State University, Makurdi
Contributors :
ContributionNameEmailORCID, Anthony,,
Depositing User : Aamo Iorliam
Date Deposited : 15 Dec 2016 11:34
Last Modified : 31 Oct 2017 18:53

Actions (login required)

View Item View Item


Downloads per month over past year

Information about this web site

© The University of Surrey, Guildford, Surrey, GU2 7XH, United Kingdom.
+44 (0)1483 300800