Computer User Authentication using Hidden Markov Model through Keystroke Dynamics

We present a novel computer user authentication technique using hidden Markov model (HMM) through keystroke dynamics. We propose: (i) modified HMM parameters to reduce the order of computations involved in the forward (or backward) procedure by 2 T (reduction is from 3 T N sc to T Nsc 2 where T and sc N represents the length of the keystroke pattern and the number of states of an HMM per character respectively) and (ii) a strategy for estimating the number of states and the number of training iterations of an HMM. For each user, a distinct HMM is developed using modified Rabiner’s re-estimation formulae of multiple observation sequences on six reference keystroke patterns. Authentication of a user is made in two stages: (i) the user identification stage, wherein we determine the user with the maximum probability score for the given keystroke pattern and (ii) the user verification stage, wherein we determine the probability score for the given keystroke pattern for a claimed user. Finally, a decision about the authenticity of a user is made using the results of both the stages and threshold criteria. Data for our experiments was collected from a group of 43 users; for training data, each user provided a set of nine reference keystroke patterns for the string “master of science in computer science,” and for testing data, the number of keystroke patterns for each user varied from 0 to 102 with a total of 873 keystroke patterns. We obtained the best false accept rate of 0.74 % when the false reject rate was 8.06 % and the area under the receiver operating characteristics curve was 0.99603.

[1]  Daw-Tung Lin Computer-access authentication with neural network based keystroke identity verification , 1997, Proceedings of International Conference on Neural Networks (ICNN'97).

[2]  Mohammad S. Obaidat,et al.  Dimensionality reduction and feature extraction applications in identifying computer users , 1991, IEEE Trans. Syst. Man Cybern..

[3]  Fabian Monrose,et al.  Keystroke dynamics as a biometric for authentication , 2000, Future Gener. Comput. Syst..

[4]  John J. Leggett,et al.  Dynamic Identity Verification via Keystroke Characteristics , 1991, Int. J. Man Mach. Stud..

[5]  Vir V. Phoha,et al.  Investigating hidden Markov models capabilities in anomaly detection , 2005, ACM-SE 43.

[6]  Wei-Min Shen,et al.  Self-similarity for data mining and predictive modeling: a case study for network data , 2002, SPIE Defense + Commercial Sensing.

[7]  Douglas B. Paul,et al.  Speech Recognition Using Hidden Markov Models , 1990 .

[8]  Fabian Monrose,et al.  Authentication via keystroke dynamics , 1997, CCS '97.

[9]  Kenneth Rose,et al.  Deterministically annealed design of hidden Markov model speech recognizers , 2001, IEEE Trans. Speech Audio Process..

[10]  D RubinAviel,et al.  Keystroke dynamics as a biometric for authentication , 2000 .

[11]  Claudia Picardi,et al.  Keystroke analysis of free text , 2005, TSEC.

[12]  John J. Leggett,et al.  Verifying Identity via Keystroke Characteristics , 1988, Int. J. Man Mach. Stud..

[13]  Michael K. Reiter,et al.  Password hardening based on keystroke dynamics , 1999, CCS '99.

[14]  Tomas Vinar,et al.  Enhancements to Hidden Markov Models for Gene Finding and Other Biological Applications , 2005 .

[15]  R. Bakis Continuous speech recognition via centisecond acoustic states , 1976 .

[16]  Marcus Brown,et al.  User Identification via Keystroke Characteristics of Typed Names using Neural Networks , 1993, Int. J. Man Mach. Stud..

[17]  Nick Bartlow,et al.  Username and Password Verification through Keystroke Dynamics , 2005 .

[18]  Biing-Hwang Juang,et al.  Hidden Markov Models for Speech Recognition , 1991 .

[19]  Mohammad S. Obaidat,et al.  A Multilayer Neural Network System for Computer Access Security , 1994, IEEE Trans. Syst. Man Cybern. Syst..

[20]  J. L. Wayman,et al.  Best practices in testing and reporting performance of biometric devices. , 2002 .

[21]  Gopal K. Gupta,et al.  Identity authentication based on keystroke latencies , 1990, Commun. ACM.

[22]  Mohammad S. Obaidat,et al.  A verification methodology for computer systems users , 1995, SAC '95.

[23]  Kenji Kita,et al.  HMM continuous speech recognition using predictive LR parsing , 1989, International Conference on Acoustics, Speech, and Signal Processing,.

[24]  Yong Sheng,et al.  A parallel decision tree-based method for user authentication based on keystroke patterns , 2005, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[25]  Mohammad S. Obaidat,et al.  Verification of computer users using keystroke dynamics , 1997, IEEE Trans. Syst. Man Cybern. Part B.

[26]  Biing-Hwang Juang,et al.  Fundamentals of speech recognition , 1993, Prentice Hall signal processing series.

[27]  Tom Fawcett,et al.  ROC Graphs: Notes and Practical Considerations for Researchers , 2007 .

[28]  Lawrence R. Rabiner,et al.  A tutorial on hidden Markov models and selected applications in speech recognition , 1989, Proc. IEEE.

[29]  Christine L. MacKenzie,et al.  Computer user verification using login string keystroke dynamics , 1998, IEEE Trans. Syst. Man Cybern. Part A.

[30]  B. Hussien,et al.  Computer-Access Security Systems Using Keystroke Dynamics , 1990, IEEE Trans. Pattern Anal. Mach. Intell..

[31]  David Umphress,et al.  Identity Verification Through Keyboard Characteristics , 1985, Int. J. Man Mach. Stud..

[32]  Norman Shapiro,et al.  Authentication by Keystroke Timing: Some Preliminary Results , 1980 .