A parallel decision tree-based method for user authentication based on keystroke patterns

We propose a Monte Carlo approach to attain sufficient training data, a splitting method to improve effectiveness, and a system composed of parallel decision trees (DTs) to authenticate users based on keystroke patterns. For each user, approximately 19 times as much simulated data was generated to complement the 387 vectors of raw data. The training set, including raw and simulated data, is split into four subsets. For each subset, wavelet transforms are performed to obtain a total of eight training subsets for each user. Eight DTs are thus trained using the eight subsets. A parallel DT is constructed for each user, which contains all eight DTs with a criterion for its output that it authenticates the user if at least three DTs do so; otherwise it rejects the user. Training and testing data were collected from 43 users who typed the exact same string of length 37 nine consecutive times to provide data for training purposes. The users typed the same string at various times over a period from November through December 2002 to provide test data. The average false reject rate was 9.62% and the average false accept rate was 0.88%.

[1]  Fabian Monrose,et al.  Authentication via keystroke dynamics , 1997, CCS '97.

[2]  C. W. Taylor,et al.  Decision trees using apparent resistance to detect impending loss of synchronism , 2000 .

[3]  J. L. Wayman,et al.  Best practices in testing and reporting performance of biometric devices. , 2002 .

[4]  Mohammad S. Obaidat,et al.  Verification of computer users using keystroke dynamics , 1997, IEEE Trans. Syst. Man Cybern. Part B.

[5]  Sungzoon Cho,et al.  Web-Based Keystroke Dynamics Identity Verification Using Neural Network , 2000, J. Organ. Comput. Electron. Commer..

[6]  Gopal K. Gupta,et al.  Identity authentication based on keystroke latencies , 1990, Commun. ACM.

[7]  John J. Leggett,et al.  Verifying Identity via Keystroke Characteristics , 1988, Int. J. Man Mach. Stud..

[8]  Norman Shapiro,et al.  Authentication by Keystroke Timing: Some Preliminary Results , 1980 .

[9]  Marcus Brown,et al.  User Identification via Keystroke Characteristics of Typed Names using Neural Networks , 1993, Int. J. Man Mach. Stud..

[10]  John J. Leggett,et al.  Dynamic Identity Verification via Keystroke Characteristics , 1991, Int. J. Man Mach. Stud..

[11]  B. Hussien,et al.  Computer-Access Security Systems Using Keystroke Dynamics , 1990, IEEE Trans. Pattern Anal. Mach. Intell..

[12]  C. Burrus,et al.  Introduction to Wavelets and Wavelet Transforms: A Primer , 1997 .

[13]  David Umphress,et al.  Identity Verification Through Keyboard Characteristics , 1985, Int. J. Man Mach. Stud..

[14]  Bassam Hussien,et al.  An application of fuzzy algorithms in a computer access security system , 1989, Pattern Recognit. Lett..