Identifying concealed information by monitoring mouse-cursor movements
Study: Sleight of hand: Identifying concealed information by monitoring mouse-cursor movements
Organizations are vulnerable to insider threats when their members conceal information about adverse behaviours. Even members without malicious intent might still conceal potentially adverse behaviours, e.g., non-compliance with security policies. Identifying those cases is very challenging. Organizations have reported how their current measures incur too many false positives, are often too slow or even non-existent.
The authors propose a fast and reliable detection method by monitoring mouse-cursor movements, in particular the trajectories and speed. The approach has some benefits. First, it doesn’t require specialized hardware since using mouse-cursor has become a natural environment in organizations. Second, it is both straightforward to perform in real-time and suitable for mass deployment. Comparing this method to a widely used method to detect information concealment, the authors found that using mouse movement to detect information concealment is not only as accurate but it would lead to less false accusations.
How it was studied:
When concealing information, people tend to exhibit two tendencies: (1) Slower mouse movement; (2) Mouse trajectories going towards the opposite answer. For instance, when asked ‘Do you have any confidential company information in your smartphone?’, those who actually do tend to move to move their mouse a bit towards ‘yes’ before moving it to ‘no’. These two tendencies are not only shown when mouse movements are compared to truthful people, but also to observations when those concealing information respond to baseline or neutral questions.
The proposed method is evaluated through an experiment with 66 student participants. They were divided into two groups. Participants of the first group were instructed to steal a file containing department credit card numbers, while participants in the truthful group are instructed to pick-up a newspaper. They were then asked to complete the Concealed Information Test (CIT) using a mouse and the movement of their mouse cursor was tracked. In addition to the mouse movement, the authors also videotaped the experiment procedure.