Advancing user classification models: A comparative analysis of machine learning approaches to enhance faculty password policies at the University of Buraimi

Boumedyen Shannaq, Oualid Ali, Said Al Maqbali, Afraa Al-Zeidi

Article ID: 9311
Vol 8, Issue 13, 2024

VIEWS - 1194 (Abstract)

Abstract


In this paper, we assess the results of experiment with different machine learning algorithms for the data classification on the basis of accuracy, precision, recall and F1-Score metrics. We collected metrics like Accuracy, F1-Score, Precision, and Recall: From the Neural Network model, it produced the highest Accuracy of 0.129526 also highest F1-Score of 0.118785, showing that it has the correct balance of precision and recall ratio that can pick up important patterns from the dataset. Random Forest was not much behind with an accuracy of 0.128119 and highest precision score of 0.118553 knit a great ability for handling relations in large dataset but with slightly lower recall in comparison with Neural Network. This ranked the Decision Tree model at number three with a 0.111792, Accuracy Score while its Recall score showed it can predict true positives better than Support Vector Machine (SVM), although it predicts more of the positives than it actually is a majority of the times. SVM ranked fourth, with accuracy of 0.095465 and F1-Score of 0.067861, the figure showing difficulty in classification of associated classes. Finally, the K-Neighbors model took the 6th place, with the predetermined accuracy of 0.065531 and the unsatisfactory results with the precision and recall indicating the problems of this algorithm in classification. We found out that Neural Networks and Random Forests are the best algorithms for this classification task, while K-Neighbors is far much inferior than the other classifiers.


Keywords


password classification; machine learning; TF-IDF vectorization; random forest; K-Nearest Neighbors (KNN); decision tree; neural network; support vector machine

Full Text:

PDF


References

  1. Aboukadri, S., Ouaddah, A., and Mezrioui, A. (2024). Machine learning in identity and access management systems: Survey and deep dive. Computers & Security, 139, 103729. https://doi.org/10.1016/j.cose.2024.103729
  2. Akinola, O., Akinola, A., Ifeanyi, I. V., Oyerinde, O., Adewole, O. J., Sulaimon, B., and Oyekan, B. O. (2024). Artificial Intelligence and Machine Learning Techniques for Anomaly Detection and Threat Mitigation in Cloud-Connected Medical Devices. International Journal of Scientific Research and Modern Technology (IJSRMT), 1–13. https://doi.org/10.38124/ijsrmt.v3i3.26
  3. Alketbi, S., BinAmro, M., Alhammadi, A., and Kaddoura, S. (2024). A Comparative Study of Machine Learning Models for Classification and Detection of Cybersecurity Threat in Hacking Forum. 2024 15th Annual Undergraduate Research Conference on Applied Computing (URC), 1–6. https://doi.org/10.1109/URC62276.2024.10604519
  4. Almujahid, N. F., Haq, M. A., and Alshehri, M. (2024). Comparative evaluation of machine learning algorithms for phishing site detection. PeerJ Computer Science, 10, e2131. https://doi.org/10.7717/peerj-cs.2131
  5. Alrawili, R., AlQahtani, A. A. S., and Khan, M. K. (2024). Comprehensive survey: Biometric user authentication application, evaluation, and discussion. Computers and Electrical Engineering, 119, 109485. https://doi.org/10.1016/j.compeleceng.2024.109485
  6. Al-Shamsi, I. R., Shannaq, B., Adebiaye, R., & Owusu, T. (2024). Exploring biometric attendance technology in the Arab academic environment: Insights into faculty loyalty and educational performance in policy initiatives. Journal of Infrastructure, Policy and Development, 8(9), 6991. https://doi.org/10.24294/jipd.v8i9.6991
  7. Alshamsi, I., Sadriwala, K. F., Ibrahim Alazzawi, F. J., & Shannaq, B. (2024). Exploring the impact of generative AI technologies on education: Academic expert perspectives, trends, and implications for sustainable development goals. Journal of Infrastructure, Policy and Development, 8(11), 8532. https://doi.org/10.24294/jipd.v8i11.8532
  8. Altulaihan, E., Almaiah, M. A., and Aljughaiman, A. (2024). Anomaly Detection IDS for Detecting DoS Attacks in IoT Networks Based on Machine Learning Algorithms. Sensors, 24(2), 713. https://doi.org/10.3390/s24020713
  9. Amity University Uttar Pradesh. (2024). Cyber Security Threats and Countermeasures in Digital Age. Journal of Applied Science and Education (JASE), 4(1), 1–20. https://doi.org/10.54060/a2zjournals.jase.42
  10. Andelić, N., Baressi S̆egota, S., and Car, Z. (2024). Robust password security: A genetic programming approach with imbalanced dataset handling. International Journal of Information Security, 23(3), 1761–1786. https://doi.org/10.1007/s10207-024-00814-2
  11. Aouedi, O., Vu, T.-H., Sacco, A., Nguyen, D. C., Piamrat, K., Marchetto, G., and Pham, Q.-V. (2024). A Survey on Intelligent Internet of Things: Applications, Security, Privacy, and Future Directions. IEEE Communications Surveys & Tutorials, 1–1. https://doi.org/10.1109/COMST.2024.3430368
  12. Atadoga, A., Sodiya, E. O., Umoga, U. J., and Amoo, O. O. (2024). A comprehensive review of machine learning’s role in enhancing network security and threat detection. World Journal of Advanced Research and Reviews, 21(2), 877–886. https://doi.org/10.30574/wjarr.2024.21.2.0501
  13. Atzori, M., Calò, E., Caruccio, L., Cirillo, S., Polese, G., and Solimando, G. (2024). Evaluating password strength based on information spread on social networks: A combined approach relying on data reconstruction and generative models. Online Social Networks and Media, 42, 100278. https://doi.org/10.1016/j.osnem.2024.100278
  14. Bakhtiarnia, A., Zhang, Q., and Iosifidis, A. (2024). Efficient High-Resolution Deep Learning: A Survey. ACM Computing Surveys, 56(7), 1–35. https://doi.org/10.1145/3645107
  15. Baseer, S., and Charumathi, K. S. (2024). Multi-Factor Authentication: A User Experience Study. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.4840295
  16. Bello, H. O., Ige, A. B. and Ameyaw, M. N. (2024). Deep learning in high-frequency trading: Conceptual challenges and solutions for real-time fraud detection. World Journal of Advanced Engineering Technology and Sciences, 12(2), 035–046. https://doi.org/10.30574/wjaets.2024.12.2.0265
  17. Blessing, J., Hugenroth, D., Anderson, R. J., and Beresford, A. R. (2024). SoK: Web Authentication in the Age of End-to-End Encryption (Version 1). arXiv. https://doi.org/10.48550/ARXIV.2406.18226
  18. Bonneau, J., Herley, C., Oorschot, P. C. V., and Stajano, F. (2012). The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes. 2012 IEEE Symposium on Security and Privacy, 553–567. https://doi.org/10.1109/SP.2012.44
  19. Boumedyen, S. and Richmond, A. (2017). A Security Analysis To Be Technology Architecture for Ministry of Regional Municipalities and Water Resources (MRMWR) Sultanate of Oman. International Journal of Research in Social Sciences, 7(4), 247-258. https://www.ijmra.us/project%20doc/2017/IJRSS_APRIL2017/IJMRA-11393.pdf
  20. Chanthati, S. R. (2024). How the power of machine – machine learning, data science and NLP can be used to prevent spoofing and reduce financial risks. Global Journal of Engineering and Technology Advances, 20(2), 100–119. https://doi.org/10.30574/gjeta.2024.20.2.0149
  21. Chen, H., and Babar, M. A. (2024). Security for Machine Learning-based Software Systems: A Survey of Threats, Practices, and Challenges. ACM Computing Surveys, 56(6), 1–38. https://doi.org/10.1145/3638531
  22. Escobar-Linero, E., Luna-Perejón, F., Muñoz-Saavedra, L., Sevillano, J. L., and Domínguez-Morales, M. (2022). On the feature extraction process in machine learning. An experimental study about guided versus non-guided process in falling detection systems. Engineering Applications of Artificial Intelligence, 114, 105170. https://doi.org/10.1016/j.engappai.2022.105170
  23. Etzler, S., Schönbrodt, F. D., Pargent, F., Eher, R., and Rettenberger, M. (2024). Machine Learning and Risk Assessment: Random Forest Does Not Outperform Logistic Regression in the Prediction of Sexual Recidivism. Assessment, 31(2), 460–481. https://doi.org/10.1177/10731911231164624
  24. Farhan, Y. H., Shakir, M., Tareq, M. A., & Shannaq, B. (2024). Incorporating Deep Median Networks for Arabic Document Retrieval Using Word Embeddings-Based Query Expansion. Journal of Information Science Theory and Practice, 12(3), 36–48. https://doi.org/10.1633/JISTAP.2024.12.3.3
  25. Fraser, W., Broadbent, M., Pitropakis, N., and Chrysoulas, C. (2024). Examining the Strength of Three Word Passwords. In N. Pitropakis, S. Katsikas, S. Furnell, & K. Markantonakis (Eds.), ICT Systems Security and Privacy Protection (Vol. 710, pp. 119–133). Springer Nature Switzerland. https://doi.org/10.1007/978-3-031-65175-5_9
  26. Gautam, A., Yadav, T. K., Seamons, K., and Ruoti, S. (2024). Passwords Are Meant to Be Secret: A Practical Secure Password Entry Channel for Web Browsers (Version 1). arXiv. https://doi.org/10.48550/ARXIV.2402.06159
  27. George A. S. (2024). The Dawn of Passkeys: Evaluating a Passwordless Future. https://doi.org/10.5281/ZENODO.10697886
  28. Hagui, I., Msolli, A., Ben Henda, N., Helali, A., Gassoumi, A., Nguyen, T. P., and Hassen, F. (2023). A blockchain-based security system with light cryptography for user authentication security. Multimedia Tools and Applications, 83(17), 52451–52480. https://doi.org/10.1007/s11042-023-17643-5
  29. Han, J. (2024). CNN-Based Multi-Factor Authentication System for Mobile Devices Using Faces and Passwords. Applied Sciences, 14(12), 5019. https://doi.org/10.3390/app14125019
  30. Harshita, B., and Leema, N. (2024). ESD: E-mail Spam Detection using Cybersecurity-Driven Header Analysis and Machine Learning based Content Analysis. International Journal of Performability Engineering, 20(4), 205. https://doi.org/10.23940/ijpe.24.04.p2.205213
  31. Hasan, M. K., Weichen, Z., Safie, N., Ahmed, F. R. A., and Ghazal, T. M. (2024). A Survey on Key Agreement and Authentication Protocol for Internet of Things Application. IEEE Access, 12, 61642–61666. https://doi.org/10.1109/ACCESS.2024.3393567
  32. Kaur, K., and Kaur, P. (2022). SABDM: A self‐attention based bidirectional‐RNN deep model for requirements classification. Journal of Software: Evolution and Process, e2430. https://doi.org/10.1002/smr.2430
  33. Komadina, A., Kovačević, I., Štengl, B., and Groš, S. (2024). Comparative Analysis of Anomaly Detection Approaches in Firewall Logs: Integrating Light-Weight Synthesis of Security Logs and Artificially Generated Attack Detection. Sensors, 24(8), 2636. https://doi.org/10.3390/s24082636
  34. Labu, R. and Ahammed, F. (2024). Next-Generation Cyber Threat Detection and Mitigation Strategies: A Focus on Artificial Intelligence and Machine Learning. Journal of Computer Science and Technology Studies, 6(1), 179–188. https://doi.org/10.32996/jcsts.2024.6.1.19
  35. Liu, Z., and He, K. (2024). A Decade’s Battle on Dataset Bias: Are We There Yet? (Version 1). arXiv. https://doi.org/10.48550/ARXIV.2403.08632
  36. Lykousas, N., and Patsakis, C. (2024). Decoding developer password patterns: A comparative analysis of password extraction and selection practices. Computers & Security, 145, 103974. https://doi.org/10.1016/j.cose.2024.103974
  37. Maçãs, C., Campos, J. R., Lourenço, N., and Machado, P. (2024). Visualisation of Random Forest classification. Information Visualization, 14738716241260745. https://doi.org/10.1177/14738716241260745
  38. Manthiramoorthy, C., Khan, K. M. S., and A, N. A. (2023). Comparing Several Encrypted Cloud Storage Platforms. International Journal of Mathematics, Statistics, and Computer Science, 2, 44–62. https://doi.org/10.59543/ijmscs.v2i.7971
  39. Martín, A. G., de Diego, I. M., Fernández-Isabel, A., Beltrán, M., and Fernández, R. R. (2022). Combining user behavioural information at the feature level to enhance continuous authentication systems. Knowledge-Based Systems, 244, 108544. https://doi.org/10.1016/j.knosys.2022.108544
  40. Mo, Y., Li, S., Dong, Y., Zhu, Z. and Li, Z. (2024). Password Complexity Prediction Based on RoBERTa Algorithm. https://doi.org/10.5281/ZENODO.11180356
  41. Ng, C. K., Al-Quraishi, T., and Souza-Daw, T. D. (2023). Application of Sequential Analysis on Runtime Behavior for Ransomware Classification. Applied Data Science and Analysis, 2023, 126–142. https://doi.org/10.58496/ADSA/2023/012
  42. Norman, D., Mouleeswaran, S. K, and Reeja, S. R. (2024). Natural language processing and stable diffusion model based graphical authentication using passphrase. Intelligent Decision Technologies, 18(2), 935–951. https://doi.org/10.3233/IDT-230279
  43. Okoli, U. I., Obi, O. C., Adewusi, A. O., and Abrahams, T. O. (2024). Machine learning in cybersecurity: A review of threat detection and defense mechanisms. World Journal of Advanced Research and Reviews, 21(1), 2286–2295. https://doi.org/10.30574/wjarr.2024.21.1.0315
  44. Othman, R., Rossi, B., and Barbara, R. (2024). A Comparison of Vulnerability Feature Extraction Methods from Textual Attack Patterns (Version 2). arXiv. https://doi.org/10.48550/ARXIV.2407.06753
  45. Papaspirou, V., Papathanasaki, M., Maglaras, L., Kantzavelou, I., Douligeris, C., Ferrag, M. A., and Janicke, H. (2023). A Novel Authentication Method That Combines Honeytokens and Google Authenticator. Information, 14(7), 386. https://doi.org/10.3390/info14070386
  46. Pendela, N. P. S., Janet, K. A., Yadav, A. M. R., Subramanyam, C. B., Hariharan, S., and Kekreja, V. (2024). Enhancing Cyberbullying Detection: A Multi-Algorithmic Approach. 2024 International Conference on Advances in Data Engineering and Intelligent Computing Systems (ADICS), 1–5. https://doi.org/10.1109/ADICS58448.2024.10533585
  47. Por, L. Y., Ng, I. O., Chen, Y.-L., Yang, J., and Ku, C. S. (2024). A Systematic Literature Review on the Security Attacks and Countermeasures Used in Graphical Passwords. IEEE Access, 12, 53408–53423. https://doi.org/10.1109/ACCESS.2024.3373662
  48. Rashid Al-Shamsi, I., & Shannaq, B. (2024). Leveraging clustering techniques to drive sustainable economic innovation in the India–Gulf interchange. Cogent Social Sciences, 10(1), 2341483. https://doi.org/10.1080/23311886.2024.2341483
  49. Rooney, M. J., Levy, Y., Li, W., and Kumar, A. (2024). Comparing experts’ and users’ perspectives on the use of password workarounds and the risk of data breaches. Information & Computer Security. https://doi.org/10.1108/ICS-05-2024-0116
  50. Shakir, M., Farsi, M. J. A., Al-Shamsi, I. R., Shannaq, B., and Taufiq-Hail, G. A.-M., (2024). The Influence of Mobile Information Systems Implementation on Enhancing Human Resource Performance Skills: An Applied Study in a Small Organization. International Journal of Interactive Mobile Technologies (iJIM), 18(13), 37–68. https://doi.org/10.3991/ijim.v18i13.47027
  51. Shannaq, B. (2024a). Digital Formative Assessment as a Transformative Educational Technology. In K. Arai (Ed.), Advances in Information and Communication (Vol. 921, pp. 471–481). Springer Nature Switzerland. https://doi.org/10.1007/978-3-031-54053-0_32
  52. Shannaq, B. (2024b). Unveiling the Nexus: Exploring TAM Components Influencing Professors’ Satisfaction With Smartphone Integration in Lectures: A Case Study From Oman. TEM Journal, 2365–2375. https://doi.org/10.18421/TEM133-63
  53. Shannaq, B. (2024c). Enhancing Human-Computer Interaction: An Interactive and Automotive Web Application - Digital Associative Tool for Improving Formulating Search Queries. In K. Arai (Ed.), Advances in Information and Communication (Vol. 921, pp. 511–523). Springer Nature Switzerland. https://doi.org/10.1007/978-3-031-54053-0_35
  54. Shannaq, B. (2024d). Novel Algorithm for Differentiating Authorized Users from Fraudsters by Analyzing Mobile Keypad Input Patterns during Password Updates. TEM Journal, 13(4)
  55. Shannaq, B., Shamsi, I. A., and Majeed, S. N. A. (2019). Management Information System for Predicting Quantity Martial’s. TEM Journal, 8, 1143–1149. https://doi.org/10.18421/TEM84-06
  56. Shannaq, B., Talab, M. A., Shakir, M., Sheker, M. T., and Farhan, A. M. (2023). Machine learning model for managing the insider attacks in big data. 020013. https://doi.org/10.1063/5.0188358
  57. Shannaq, B., Adebiaye, R., Owusu, T., & Al-Zeidi, A. (2024). An intelligent online human-computer interaction tool for adapting educational content to diverse learning capabilities across Arab cultures: Challenges and strategies. Journal of Infrastructure, Policy and Development, 8(9), 7172. https://doi.org/10.24294/jipd.v8i9.7172
  58. Shannaq, B., & Shakir, M. (2024). Enhancing Security with Multi-Factor User Behavior Identification Via Longest Common Subsequence Analysis. Informatica 48 (2024) 73–82 73, 48(16), 73–82. https://doi.org/10.31449/inf.v48i19.6529
  59. Shi, Y., and Wang, Y. (2024). A Comparative Work to Highlight the Superiority of Mouth Brooding Fish (MBF) over the Various ML Techniques in Password Security Classification. International Journal of Advanced Computer Science and Applications, 15(5). https://doi.org/10.14569/IJACSA.2024.0150520
  60. Singh, N., and Das, A. K. (2024). TFAS: Two factor authentication scheme for blockchain enabled IoMT using PUF and fuzzy extractor. The Journal of Supercomputing, 80(1), 865–914. https://doi.org/10.1007/s11227-023-05507-6
  61. Singla, D., and Verma, N. (2024). Performance Analysis of Authentication System: A Systematic LiteratureReview. Recent Advances in Computer Science and Communications, 17(7), e121223224363. https://doi.org/10.2174/0126662558246531231121115514
  62. Smith, L., Prior, S., and Ophoff, J. (2024). Investigating the Accessibility and Usability of Multi-factor Authentication for Young People. In C. Stephanidis, M. Antona, S. Ntoa, & G. Salvendy (Eds.), HCI International 2024 Posters (Vol. 2119, pp. 129–135). Springer Nature Switzerland. https://doi.org/10.1007/978-3-031-61966-3_15
  63. Ugwu, C., Ukwandu, E., Ofusori, L., Ezugwu, A., Ome, U., Ezema, M., and Ndunagu, J. (2024). Factors Influencing The Experiences of End-users in Password-Based Authentication System. https://doi.org/10.21203/rs.3.rs-4438584/v1
  64. Umejiaku, A. P., and Sheng, V. S. (2024). RoseCliff Algorithm: Making Passwords Dynamic. Applied Sciences, 14(2), 723. https://doi.org/10.3390/app14020723
  65. Vanila, S., Jeyavathana, B., Rathinam, A., and Elango, K. (2024). Enhancing Password Security With Machine Learning-Based Strength Assessment Techniques: In J. A. Ruth, V. G. V. Mahesh, P. Visalakshi, R. Uma, & A. Meenakshi (Eds.), Advances in Information Security, Privacy, and Ethics (pp. 296–314). IGI Global. https://doi.org/10.4018/979-8-3693-4159-9.ch018
  66. Veras, R., Collins, C., and Thorpe, J. (2021). A Large-Scale Analysis of the Semantic Password Model and Linguistic Patterns in Passwords. ACM Transactions on Privacy and Security, 24(3), 1–21. https://doi.org/10.1145/3448608
  67. Wang, Y., Han, Y., Wang, C., Song, S., Tian, Q., and Huang, G. (2024). Computation-efficient deep learning for computer vision: A survey. Cybernetics and Intelligence, 1–24. Cybernetics and Intelligence. https://doi.org/10.26599/CAI.2024.9390002
  68. Wasfi, H., Stone, R., and Genschel, U. (2024). Word-Pattern: Enhancement of Usability and Security of User-Chosen Recognition Textual Password. International Journal of Advanced Computer Science and Applications, 15(6). https://doi.org/10.14569/IJACSA.2024.0150605
  69. Yu, X., and Liao, Q. (2016). User password repetitive patterns analysis and visualization. Information & Computer Security, 24(1), 93–115. https://doi.org/10.1108/ICS-06-2015-0026
  70. Zhou, D.-W., Cai, Z.-W., Ye, H.-J., Zhan, D.-C., and Liu, Z. (2024). Revisiting Class-Incremental Learning with Pre-Trained Models: Generalizability and Adaptivity are All You Need. International Journal of Computer Vision. https://doi.org/10.1007/s11263-024-02218-0
  71. Zhou, E., Peng, Y., Shao, G., Deng, F., Miao, Y., and Fan, W. (2024). Password cracking using chunk similarity. Future Generation Computer Systems, 150, 380–394. https://doi.org/10.1016/j.future.2023.09.013


DOI: https://doi.org/10.24294/jipd9311

Refbacks

  • There are currently no refbacks.


Copyright (c) 2024 Boumedyen Shannaq, Oualid Ali, Said Al Maqbali, Afraa Al-Zeidi

License URL: https://creativecommons.org/licenses/by/4.0/

This site is licensed under a Creative Commons Attribution 4.0 International License.