Improving the performance of free-text keystroke dynamics authentication by fusion
Graphical abstract
Introduction
Keystroke dynamics is an effortless behaviour-based method for authenticating users, which employs the person’s typing patterns for validating his/her identity. As mentioned by [1], keystroke dynamics is “not what you type, but how you type.” In this approach, the user types in text, as usual, without any extra work to be done for authentication. Moreover, it only involves the user’s own keyboard and no other external hardware. These criteria make keystroke dynamics an excellent alternative or add on to the conventional ID/password authentication scheme.
Unfortunately, passwords are prone to social engineering and can be easily cracked using methods such as dictionary attack and brute force attack. Therefore, users are obliged to use extreme measures to safeguard their passwords, a procedure which includes remembering long and complex passwords in addition to the need for changing their passwords periodically [2]. This causes frustration and apprehension for users, especially when a single user is most likely responsible for more than a hand-full of ID/passwords spread over multiple systems.
However, the main drawback of keystroke dynamics authentication is the large amount of training data it requires. Typing large amounts of text in the enrolment phase is time consuming and not user-friendly. A key-pairing method, which is based on the keyboard’s key-layout, has been suggested as a way to enable one user’s typing pattern to be distinguished from another user’s. The method extracts several timing features from specific key-pairs. This technique was developed to use the smallest amount of training data in the best way possible. In addition, non-conventional features were also defined and extracted from the input stream typed by the user in order to understand typing behaviours based on limited input data.
As fusion was proven to reduce the error rate in classification tasks compared with single classifiers [3], these two techniques were fused in order to increase the performance of keystroke recognition whilst using a small amount of training data. In this study, we apply two different types of fusion techniques, namely: feature-level fusion and decision-level fusion. Specifically, this work attempts to implement both kinds of fusion and then compare between the two methods in order to find the fusion technique that produces the best recognition rate in free-text keystroke dynamics systems with limited training.
The feature-level fusion is done by joining keystroke timing features and non-conventional typing features before the learning phase. Meanwhile the decision-level fusion is done by combining the output of a method involving timing features and SVMs/ACO and another method utilizing non-conventional features and decision trees. Both SVMs and DTs are classifiers that follow non-iterative approaches.
The rest of this paper proceeds as follows. Section 2 introduces keystroke dynamics theory and describes some of the work previously carried out in the area of keystroke dynamics user authentication. Section 3 discusses the feature sets used in this experiment. Section 4 describes the different fusion techniques. In Section 5, we point to the experimental results and discussion, in which the data space and the experimental results are indicated. A discussion about our results and some comparisons with previous studies is also performed in this section. The final section concludes the topic and points out our research contributions and future work.
Section snippets
Keystroke dynamics
There are two basic classes of keystroke dynamics, namely: fixed-text and free-text [4]. The fixed-text keystroke dynamics method uses the typing pattern of the user while entering a predefined text. This text has been previously used to train the system and is delivered by the user at log-in time. Contrariwise, the free-text keystroke method is considered easier for the user as it overcomes the problem of memorizing the text, something that fixed-text keystrokes suffers from. As its name
Keystroke features
Timing features and non-conventional features are utilized in this study. A description of both features is presented in this section
Fusion
Decision support systems (DSS) are schemes to create a model that is able to produce correct decisions given a minimum amount of input data. There are two different ways to go about DSS [18]. The first of which suggests that the progress of DSS should be based on continuous improvement of existing methods and establishing new ones. The second approach recommends combining existing methods that perform well, anticipating that better results will be achieved as the limits of the existing
Experiments, results and discussion
This section presents the experiment results and discussion, in which the data collection, data space and the experimental results are indicated. A discussion about the experiment results and some comparisons with previous studies is performed in this section as well.
Conclusion
In this paper, fusion was applied to improve the performance of keystroke dynamics authentication whilst using the least amount of data for training. Moreover, a comparison between decision-level and feature-level fusion has been presented to improve free-text keystroke dynamics authentication. Feature-level fusion was performed to combine timing features and non-conventional typing features while decision-level fusion was carried-out to merge the outcomes of two classification approaches using
Acknowledgments
The authors wish to extend their gratitude to the participants who were involved in this experiment for the time they took out of their busy schedules to contribute in this study.
References (53)
- et al.
Fusion of handwritten word classifiers
Pattern Recognit. Lett.
(1996) - et al.
Biometric personal authentication using keystroke dynamics: a review
Appl. Soft Comput.
(2011) - et al.
Authentication via keystroke dynamics
- et al.
Analysis, and usable security of passwords based on digital objects
IEEE Trans. Inf. Forensics Secur.
(2011) - et al.
Comparison of classifier fusion methods for classification in pattern recognition tasks
Joint IAPR International Workshops on Statistical Techniques in Pattern Recognition (SPR) and Structural and Syntactic Pattern Recognition (SSPR)
(2006) - et al.
Keystroke dynamics authentication: a survey of free-text methods
Int. J. Comput. Sci. Issues
(2013) - et al.
Biometric authentication and identification using keystroke dynamics: a survey
J. Pattern Recognit. Res.
(2012) - et al.
Keystroke dynamics-based user authentication using freely typed text based on user-adaptive feature extraction and novelty detection
Appl. Soft Comput.
(2017) - et al.
Identity authentication based on keystroke latencies
Commun. ACM
(1990) - et al.
Enhanced User Authentication Through Keystroke Biometrics, In: Computer and Network Security
(2004)