A bioinformatics based approach to user authentication via keystroke dynamics

Keystroke dynamics is a behavioural biometric deployed as a software based method for the authentication and/or identification of a user requesting access to a secured computing facility. It relies on how a user types on the input device (here assumed to be a PC keyboard)-and makes the explicit assumption that there are typing characteristics that are unique to each individual. If these unique characteristics can be extracted-then they can be used, in conjunction with the login details to enhance the level of access security-over and above the possession of the login details alone. Most unique characteristics involve the extraction of keypress durations and multi-key latencies. These characteristics are extracted during an enrollment phase, where a user is requested to login into the computer system repeatedly. The unique characteristics then form a string of some length, proportional to the enrollment character content times the number of attributes extracted. In this study, the deployment of classical string matching features prevalent in the bioinformatics literature such as position specific scoring matrices (motifs) and multiple sequence alignments to provide a novel approach to user verification and identification within the context of keystroke dynamics based biometrics. This study provides quantitative information regarding the values of parameters such as attribute acceptance thresholds, the number of accepted attributes, and the effect of contiguity. In addition, this study examined the use of keystroke dynamics as a tool for user identification. The results in this study yield virtually 100% user authentication and identification within a single framework. Recommended by Guest Editor Phill Kyu Rhee. The author would like to thank the students at the Polish Japanese Institute of Information Technology, in Warsaw, Poland for participating in this study. Kenneth Revett received his Ph.D. degree in Neuroscience from the University of Maryland, College Park in 1999. His research interests include behavioural biometrics and computational modelling. He is author of the text Behavioral Biometrics: A Remote Access Approach, holds a UK patent in keystroke dynamics, and has published over 40 papers in the field.     

Password hardening based on keystroke dynamics

We present a novel approach to improving the security of passwords. In our approach, the legitimate user’s typing patterns (e.g., durations of keystrokes and latencies between keystrokes) are combined with the user’s password to generate a hardened password that is convincingly more secure than conventional passwords alone. In addition, our scheme automatically adapts to gradual changes in a user’s typing patterns while maintaining the same hardened password across multiple logins, for use in file encryption or other applications requiring a long-term secret key. Using empirical data and a prototype implementation of our scheme, we give evidence that our approach is viable in practice, in terms of ease of use, improved security, and performance. Published online: 26 October 2001     

基于键盘行为数据的用户身份识别

用户击键行为作为一种生物特征,具有采集成本低、安全性高的特点。然而,现有的研究方法和实验环境都是基于实验室数据,并不适用于极度不平衡的真实数据。比如,在实验室数据上效果出色的分类算法在真实数据上却无法应用。针对此问题,提出了基于真实击键行为数据的用户识别算法。该方法将聚类算法和距离算法结合起来,通过比较新来的击键行为和历史击键行为相似度以实现用户识别。实验结果表明,该算法在100名用户的3015条真实击键记录组成的数据集上准确率达到88.22%,在投入实际应用后,随着样本集的增大算法的准确率还可以进一步提升。     

Evaluation on a keystroke authentication system by keying force incorporated with temporal characteristics of keystroke dynamics

This paper presents the study to develop and evaluate techniques to authenticate valid users, using the keystroke dynamics of a user's PIN number entry on a numerical keypad, with force sensing resistors. Added with two conventional parameter lists of elements, i.e. digraph latency times and key hold times, keying force was chosen as a third element. Two experiments were conducted. The first experiment was to evaluate whether the three types of elements derived from keystrokes have a significant effect for subjects and to examine how trials and session effects generated the variation of the three elements. The second experiment was to demonstrate the system performance by calculating the False Rejection Rate (FRR) and the False Acceptance Rate (FAR) of the system. In the second experiment, a total of 20 keystrokes were recorded from each subject one week after the memorizing session, in order to evaluate the FRR of the system. To evaluate the FAR of the system, the subjects pretended to be impostors, and therefore they repeatedly watched videotaped pass trials made by a valid user as many times as they desired, and tried to imitate the keystroke dynamics of the valid users. The subject's keystrokes were then evaluated on whether they could fool the system. The first experiment, ANOVA revealed that a significant effect of subject was found on each of all three elements. Trial was not significantly affected to digraph latency times and peak force; however, it was significantly affected to key hold times. There was a trend that keystroke dynamics characterized by each element showed reformation of their patterns and reached a steady state over the 10 weeks of experimental sessions. The results of the second experiment showed the average equal error rate to be 2.4%. The results of system performance were compared with those of other studies and concluded that it was difficult to obtain enough information to behave as a perfect impostor by monitoring the videotaped keystrokes.     

Securing keystroke dynamics from replay attacks

Keystroke dynamics is a viable behavioral biometric technique for identity verification based on users’ keyboard interaction traits. Keystroke dynamics can help prevent credentials from being abused in case of theft or leakage. But what happens if the keystroke events are eavesdropped and being replayed? Attackers that intercept keystroke dynamics authentication sessions of benign users can easily replay them from other sources unchanged or with minor changes and gain illegitimate privileges. Hence, even with its major security advantages, keystroke dynamics can still expose authentication mechanisms to replay attacks. Although replay attack is one of the oldest techniques to manipulate authentication systems, keystroke dynamics does not help preventing it. We suggest a new protocol for dynamics exchange based on choosing a subset of real and fake information snippets shared between the client and service providers to lure potential attackers. We evaluated our method on four state-of-the-art keystroke dynamics algorithms and three publicly available datasets and showed that we can dramatically reduce the possibility of replay attacks while preserving highly accurate user verification.     

Computer-access security systems using keystroke dynamics

An approach to securing access to computer systems is described. By performing real-time measurements of the time durations between the keystrokes when a password is entered and using pattern-recognition algorithms, three online recognition systems were devised and tested. Two types of passwords were considered: phrases and individual names. A fixed phrase was used in the identification system. Individual names were used as a password in the verification system and in the overall recognition system. All three systems were tested and evaluated. The identification system used 10 volunteers and gave an indecision error of 1.2%. The verification system used 26 volunteers and gave an error of 8.1% in rejecting valid users and an error of 2.8% in accepting invalid users. The overall recognition system used 32 volunteers and gave an error of 3.1% in rejecting valid users and an error of 0.5% in accepting invalid users     

A parameterized model to select discriminating features on keystroke dynamics authentication on smartphones

Nowadays, smartphones work not only as personal devices, but also as distributed IoT edge devices uploading information to a cloud. Their secure authentications become more crucial as information from them can spread wider. Keystroke dynamics is one of prominent candidates for authentications factors. Combined with PIN/pattern authentications, keystroke dynamics provide a user-friendly multi-factor authentication for smartphones and other IoT devices equipped with keypads and touch screens. There have been many studies and researches on keystroke dynamics authentication with various features and machine-learning classification methods. However, most of researches extract the same features for the entire user and the features used to learn and authenticate the user’s keystroke dynamics pattern. Since the same feature is used for all users, it may include features that express the users’ keystroke dynamics well and those that do not. The authentication performance may be deteriorated because only the discriminative feature capable of expressing the keystroke dynamics pattern of the user is not selected. In this paper, we propose a parameterized model that can select the most discriminating features for each user. The proposed technique can select feature types that better represent the user’s keystroke dynamics pattern using only the normal user’s collected samples. In addition, performance evaluation in previous studies focuses on average EER(equal error rate) for all users. EER is the value at the midpoint between the FAR(false acceptance rate) and FRR(false rejection rate), FAR is the measure of security, and FRR is the measure of usability. The lower the FAR, the higher the authentication strength of keystroke dynamics. Therefore, the performance evaluation is based on the FAR. Experimental results show that the FRR of the proposed scheme is improved by at least 10.791% from the maximum of 31.221% compared with the other schemes.     

Evaluation on a keystroke authentication system by keying force incorporated with temporal characteristics of keystroke dynamics

This paper presents the study to develop and evaluate techniques to authenticate valid users, using the keystroke dynamics of a user's PIN number entry on a numerical keypad, with force sensing resistors. Added with two conventional parameter lists of elements, i.e. digraph latency times and key hold times, keying force was chosen as a third element. Two experiments were conducted. The first experiment was to evaluate whether the three types of elements derived from keystrokes have a significant effect for subjects and to examine how trials and session effects generated the variation of the three elements. The second experiment was to demonstrate the system performance by calculating the False Rejection Rate (FRR) and the False Acceptance Rate (FAR) of the system. In the second experiment, a total of 20 keystrokes were recorded from each subject one week after the memorizing session, in order to evaluate the FRR of the system. To evaluate the FAR of the system, the subjects pretended to be impostors, and therefore they repeatedly watched videotaped pass trials made by a valid user as many times as they desired, and tried to imitate the keystroke dynamics of the valid users. The subject's keystrokes were then evaluated on whether they could fool the system. The first experiment, ANOVA revealed that a significant effect of subject was found on each of all three elements. Trial was not significantly affected to digraph latency times and peak force; however, it was significantly affected to key hold times. There was a trend that keystroke dynamics characterized by each element showed reformation of their patterns and reached a steady state over the 10 weeks of experimental sessions. The results of the second experiment showed the average equal error rate to be 2.4%. The results of system performance were compared with those of other studies and concluded that it was difficult to obtain enough information to behave as a perfect impostor by monitoring the videotaped keystrokes.     

Verification of computer users using keystroke dynamics

This paper presents techniques to verify the identity of computer users using the keystroke dynamics of computer user's login string as characteristic patterns using pattern recognition and neural network techniques. This work is a continuation of our previous work where only interkey times were used as features for identifying computer users. In this work we used the key hold times for classification and then compared the performance with the former interkey time-based technique. Then we use the combined interkey and hold times for the identification process. We applied several neural network and pattern recognition algorithms for verifying computer users as they type their password phrases. It was found that hold times are more effective than interkey times and the best identification performance was achieved by using both time measurements. An identification accuracy of 100% was achieved when the combined hold and intekey time-based approach were considered as features using the fuzzy ARTMAP, radial basis function networks (RBFN), and learning vector quantization (LVQ) neural network paradigms. Other neural network and classical pattern algorithms such as backpropagation with a sigmoid transfer function (BP, Sigm), hybrid sum-of-products (HSOP), sum-of-products (SOP), potential function and Bayes' rule algorithms gave moderate performance.     

Unconstrained keystroke dynamics authentication with shared secret

Among all the existing biometric modalities, authentication systems based on keystroke dynamics present interesting advantages. These solutions are well accepted by users and cheap as no additional sensor is required for authenticating the user before accessing to an application. In the last thirty years, many researchers have proposed, different algorithms aimed at increasing the performance of this approach. Their main drawback lies on the large number of data required for the enrollment step. As a consequence, the verification system is barely usable, because the enrollment is too restrictive. In this work, we propose a new method based on the Support Vector Machine (SVM) learning satisfying industrial conditions (i.e., few samples per user are needed during the enrollment phase to create its template). In this method, users are authenticated through the keystroke dynamics of a shared secret (chosen by the system administrator). We use the GREYC keystroke database that is composed of a large number of users (100) for validation purposes. We compared the proposed method with six methods from the literature (selected based on their ability to work with few enrollment samples). Experimental results show that, even though the computation time to build the template can be longer with our method (54 s against 3 s for most of the others), its performance outperforms the other methods in an industrial context (Equal Error Rate of 15.28% against 16.79% and 17.02% for the two best methods of the state-of-the-art, on our dataset and five samples to create the template, with a better computation time than the second best method).     

击键动态学的多模板联合决策更新方法

受硬件、环境、情绪等因素影响,用户的击键行为呈现多样性。单模板的单一击键中心和容忍半径只能描述用户的基本行为模式,而在实际情况中,用户行为模式多样,单模板方法检测范围有限。多模板联合决策更新方法利用多个模板检测结果,共同决策认证用户行为的合法性;同时调整模板的决策权重,用更接近用户中心的行为模板来替换检测结论较差的模板,优化模板集的构成。该方法比起普通的多模板检测方法,能够降低检测的错误率。     

Computer user verification using login string keystroke dynamics

The keystroke dynamics of a computer user's login string provide a characteristic pattern that can be used for identity verification. Timing vectors for several hundred login attempts were collected for ten “valid” users and ten “forgers”, and classification analysis was applied to discriminate between them. Three different classifiers were applied, and in each case the key hold times were more effective features for discrimination than the interkey times. Best performance was achieved by an inductive learning classifier using both interkey and hold times. A high rate of typographical errors during login entry is reported. In practice, these are usually corrected errors-that is, they are strings which include backspaces to correct earlier errors-but their presence confounds the use of typing-style analysis as a practical means of securing access to computer systems     

基于三分类的击键序列身份认证

针对基于统计学用户击键模式识别算法识别率较低的不足,提出了一种统计学三分类主机用户身份认证算法。该方法通过对当前注册用户的击键特征与由训练样本得到的标准击键特征进行比较,将当前注册用户划分为合法用户类、怀疑类与入侵类三类,对怀疑类采用二次识别机制。 采用动态判别域值,引入了与系统安全性和友好性相关的可控参量k,由系统管理员根据实际确定。并对该算法性能进行了理论分析与实验测试,结果表明该算法在保持贝叶斯统计算法需要训练样本集规模较小、算法收敛速度快优点的基础上,识别精度高于贝叶斯统计算法,错误拒绝率(FRR)和错误通过率(FAR)分别为1.6%和1.5%。     

基于支持向量方法和击键序列的主机入侵检测

击键特征是一种能反映用户行为的动态特征,可作为识别用户的信息源。传统方法不仅要求收集大量击键样本来建立识别模型,并且同时需要正例样本与反例样本。但在实际应用中,需要用户提供大量的训练样本是不现实的,并且反例样本收集比正例样本收集困难。为此,提出一种新的以击键序列为信息源的主机入侵检测模型。在小样本和仅有正例的情况下,通过One-Class支持向量机（OCSVM）来训练检测模型,通过对用户的击键行为是否偏离正常模型来检测入侵。仿真实验结果表明该模型具有较好的检测效果。     

User authentication via keystroke dynamics based on difference subspace and slope correlation degree

User authentication via keystroke dynamics remains a challenging problem due to the fact that keystroke dynamics pattern cannot be maintained stable over time. This paper describes a novel keystroke dynamics-based user authentication approach. The proposed approach consists of two stages, a training stage and an authentication stage. In the training stage, a set of orthogonal bases and a common feature vector are periodically generated from keystroke features of a legitimate user?s several recent successful authentications. In the authentication stage, the current keystroke feature vector is projected onto the set of orthogonal bases, and the distortion of the feature vector between its projection is obtained. User authentication is implemented by comparing the slope correlation degree of the distortion between the common feature vector with a threshold determined periodically using the recent impostor patterns. Theoretical and experimental results show that the proposed method presents high tolerance to instability of user keystroke patterns and yields better performance in terms of false acceptance rate (FAR) and false rejection rate (FRR) compared with some recent methods.     

基于多重特征选择和多分类器融合的文本层次分类研究*

针对大量电子文档需要准确地进行多层次自动分类管理的现实需求,提出基于多重特征选择和多分类器融合技术的层次分类方法。通过引入可信度函数对单分类器效果进行评价,适时采用辅助分类器对较难分类的文档进行分类投票判决。实验结果表明,相对于单分类器,该方法无论在平面分类和层次分类语料上都获得了更好的分类精度,且具有较好的时间复杂性,有很好的实际应用前景。     

Normalizing variations in feature vector structure in keystroke dynamics authentication systems

Usernames and passwords stubbornly remain the most prevalent authentication mechanism. Password secrecy ensures that only genuine users are granted access. If the secret is breached, impostors gain the access too. One method of strengthening password authentication is through keystroke dynamics. Keystroke dynamics algorithms typically constrain the authentication entry to one valid sequence of key presses. In this paper, we introduce the concept of event sequences. We explore the nature of variations between multiple valid key-entry sequences and propose a scheme that effectively represents these variations. We test the efficacy of the new authentication method in distinguishing users. The experimental results show that typing proficiency of individuals is not the only determining authentication factor. We show that typing sequence variations contain sufficient discriminatory information to warrant their inclusion into user authentication methods. Based on these results, we present a novel strategy to create feature vectors for keystroke dynamics-based authentication. The proposed approach ensures that the feature vector’s length and structure are related only to the length of the password, independent of its content or the order of keys pressed. This normalization of feature vector structure has multiple advantages including leveraging the discriminatory power of event sequences, faster search-and-retrieval in n-graph-based authentication systems, and simplicity. The proposed authentication scheme is applicable to both static and continual authentication systems.     

Improving static audio keystroke analysis by score fusion of acoustic and timing data

In this paper we investigate the capacity of sound & timing information during typing of a password for the user identification and authentication task. The novelty of this paper lies in the comparison of performance between improved timing-based and audio-based keystroke dynamics analysis and the fusion for the keystroke authentication. We collected data of 50 people typing the same given password 100 times, divided into 4 sessions of 25 typings and tested how well the system could recognize the correct typist. Using fusion of timing (9.73%) and audio calibration scores (8.99%) described in the paper we achieved 4.65% EER (Equal Error Rate) for the authentication task. The results show the potential of using Audio Keystroke Dynamics information as a way to authenticate or identify users during log-on.     

Utilizing linguistically enhanced keystroke dynamics to predict typist cognition and demographics

Entering information on a computer keyboard is a ubiquitous mode of expression and communication. We investigate whether typing behavior is connected to two factors: the cognitive demands of a given task and the demographic features of the typist. We utilize features based on keystroke dynamics, stylometry, and “language production”, which are novel hybrid features that capture the dynamics of a typists linguistic choices. Our study takes advantage of a large data set (~350 subjects) made up of relatively short samples (~450 characters) of free text. Experiments show that these features can recognize the cognitive demands of task that an unseen typist is engaged in, and can classify his or her demographics with better than chance accuracy. We correctly distinguish High vs. Low cognitively demanding tasks with accuracy up to 72.39%. Detection of non-native speakers of English is achieved with F₁=0.462 over a baseline of 0.166, while detection of female typists reaches F₁=0.524 over a baseline of 0.442. Recognition of left-handed typists achieves F₁=0.223 over a baseline of 0.100. Further analyses reveal that novel relationships exist between language production as manifested through typing behavior, and both cognitive and demographic factors.