Keystroke dynamics-based user authentication using freely typed text based on user-adaptive feature extraction and novelty detection

Abstract Keystroke dynamics has been used to strengthen password-based user authentication systems by considering the typing characteristics of legitimate users. The main problem with login-based authentication systems is that they cannot authenticate users after login access is granted. To ensure continuous user authentication, keystroke dynamics collected from freely typed text during the login period has been utilized; however, the authentication performance was unsatisfactory. To enhance the performance of user authentication based on freely typed keystrokes, we propose a user-adaptive feature extraction method that captures individual users’ distinctive typing behaviors embedded in relative typing speeds for different digraphs. Based on experimental results obtained from 150 participants with more than 13,000 keystrokes per each user in two languages (Korean and English), the proposed method achieved the best equal error rate (0.44). Furthermore, the authentication performance was enhanced by 45.3% for Korean and 39.0% for English compared with the benchmark fixed feature extraction method.

[1]  D. Voth,et al.  Face Recognition Technology; Cognitive Radios Will Adapt to Users , 2003, IEEE Intell. Syst..

[2]  Jiankun Hu,et al.  A k-Nearest Neighbor Approach for User Authentication through Biometric Keystroke Dynamics , 2008, 2008 IEEE International Conference on Communications.

[3]  Agata Kolakowska,et al.  A review of emotion recognition methods based on keystroke dynamics and mouse movements , 2013, 2013 6th International Conference on Human System Interactions (HSI).

[4]  J. Yan,et al.  Password memorability and security: empirical results , 2004, IEEE Security & Privacy Magazine.

[5]  Jason R. C. Nurse,et al.  Insider threat response and recovery strategies in financial services firms , 2016 .

[6]  D. F. HEATH,et al.  Normal or Log-normal: Appropriate Distributions , 1967, Nature.

[7]  David Zhang,et al.  Automated personal identification by palmprint , 1998 .

[8]  Orcan Alpar,et al.  Frequency spectrograms for biometric keystroke authentication using neural network based classifier , 2017, Knowl. Based Syst..

[9]  Marilyn Tremaine,et al.  Typing Biometrics: Impact of Human Learning on Performance Quality , 2011, JDIQ.

[10]  Robert Biddle,et al.  User Study, Analysis, and Usable Security of Passwords Based on Digital Objects , 2011, IEEE Transactions on Information Forensics and Security.

[11]  Gopal K. Gupta,et al.  Identity authentication based on keystroke latencies , 1990, Commun. ACM.

[12]  Kevin Warwick,et al.  Non-conventional keystroke dynamics for user authentication , 2017, Pattern Recognit. Lett..

[13]  Keshnee Padayachee,et al.  An assessment of opportunity-reducing techniques in information security: An insider threat perspective , 2016, Decis. Support Syst..

[14]  B. Hussien,et al.  Computer-Access Security Systems Using Keystroke Dynamics , 1990, IEEE Trans. Pattern Anal. Mach. Intell..

[15]  Xian Ke,et al.  Typing patterns: a key to user identification , 2004, IEEE Security & Privacy Magazine.

[16]  Md. Kamrul Hasan,et al.  Identifying emotion by keystroke dynamics and text pattern analysis , 2014, Behav. Inf. Technol..

[17]  Wenjing Lou,et al.  Security, privacy, and accountability in wireless access networks , 2009, IEEE Wireless Communications.

[18]  Lee Luan Ling,et al.  User authentication through typing biometrics features , 2005 .

[19]  Deian Stefan,et al.  Robustness of keystroke-dynamics based biometrics against synthetic forgeries , 2012, Comput. Secur..

[20]  Soumik Mondal,et al.  A study on continuous authentication using a combination of keystroke and mouse biometrics , 2017, Neurocomputing.

[21]  Andrew Beng Jin Teoh,et al.  A Survey of Keystroke Dynamics Biometrics , 2013, TheScientificWorldJournal.

[22]  Marjory Da Costa-Abreu,et al.  Using keystroke dynamics for gender identification in social network environment , 2011, ICDP.

[23]  Michael K. Reiter,et al.  Password hardening based on keystroke dynamics , 2002, International Journal of Information Security.

[24]  Ting-Yi Chang Dynamically generate a long-lived private key based on password keystroke features and neural network , 2012, Inf. Sci..

[25]  Sahin Albayrak,et al.  Continuous and non-intrusive identity verification in real-time environments based on free-text keystroke dynamics , 2011, 2011 International Joint Conference on Biometrics (IJCB).

[26]  Kemal Bicakci,et al.  A second look at the performance of neural networks for keystroke dynamics using a publicly available dataset , 2012, Comput. Secur..

[27]  M. Akila,et al.  Biometric personal authentication using keystroke dynamics: A review , 2011, Appl. Soft Comput..

[28]  Issa Traoré,et al.  Biometric Recognition Based on Free-Text Keystroke Dynamics , 2014, IEEE Transactions on Cybernetics.

[29]  Claudia Picardi,et al.  Keystroke analysis of free text , 2005, TSEC.

[30]  Robert Sabourin,et al.  An adaptive classification system for video-based face recognition , 2012, Inf. Sci..

[31]  Thomas Weigold,et al.  Secure Internet banking authentication , 2006, IEEE Security & Privacy.

[32]  Manuel Díaz,et al.  State-of-the-art, challenges, and open issues in the integration of Internet of things and cloud computing , 2016, J. Netw. Comput. Appl..

[33]  Sungzoon Cho,et al.  A hybrid novelty score and its use in keystroke dynamics-based user authentication , 2009, Pattern Recognit..

[34]  Dexin Zhang,et al.  Personal Identification Based on Iris Texture Analysis , 2003, IEEE Trans. Pattern Anal. Mach. Intell..

[35]  Pilsung Kang,et al.  The effects of different alphabets on free text keystroke authentication: A case study on the Korean-English users , 2015, J. Syst. Softw..

[36]  Sungzoon Cho,et al.  Keystroke dynamics-based user authentication using long and free text strings from various input devices , 2015, Inf. Sci..

[37]  Steven Furnell,et al.  Biometrics – The promise versus the practice , 2005 .

[38]  Fabian Monrose,et al.  Authentication via keystroke dynamics , 1997, CCS '97.

[39]  Andrew Beng Jin Teoh,et al.  A multiple layer fusion approach on keystroke dynamics , 2009, Pattern Analysis and Applications.

[40]  Kevin Warwick,et al.  Keystroke Dynamics Authentication: A Survey of Free-text Methods , 2013 .

[41]  T. Santhanam,et al.  Keystroke dynamics for biometric authentication — A survey , 2013, 2013 International Conference on Pattern Recognition, Informatics and Mobile Engineering.

[42]  Chong Kuan Chen,et al.  IoT Security: Ongoing Challenges and Research Opportunities , 2014, 2014 IEEE 7th International Conference on Service-Oriented Computing and Applications.

[43]  Ana Carolina Lorena,et al.  Emphasizing typing signature in keystroke dynamics using immune algorithms , 2015, Appl. Soft Comput..

[44]  Danna Voth,et al.  TIA Program Researches Terrorism Patterns Breaking the Language Barrier , 2003, IEEE Intell. Syst..

[45]  Mohsen Guizani,et al.  Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications , 2015, IEEE Communications Surveys & Tutorials.

[46]  Jugurta R. Montalvão Filho,et al.  On the equalization of keystroke timing histograms , 2006, Pattern Recognit. Lett..

[47]  Muhammad Waseem,et al.  A Critical Analysis on the Security Concerns of Internet of Things (IoT) , 2015 .

[48]  Damon L. Woodard,et al.  Biometric Authentication and Identification using Keystroke Dynamics: A Survey , 2012 .

[49]  Neil Yager,et al.  The Biometric Menagerie , 2010, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[50]  Sharath Pankanti,et al.  Biometric Recognition: Security and Privacy Concerns , 2003, IEEE Secur. Priv..