Elsevier

Applied Soft Computing

Volume 70, September 2018, Pages 1024-1033
Applied Soft Computing

Improving the performance of free-text keystroke dynamics authentication by fusion

https://doi.org/10.1016/j.asoc.2017.11.018Get rights and content

Highlights

  • The problem of needing huge amounts of training data in free-text keystroke dynamics has been addressed in this paper.

  • Two fusion schemes, namely: decision-level fusion and feature-level fusion, were applied.

  • Feature-level fusion was done by concatenating two sets of features before the learning stage.

  • Decision-level fusion was used to merge the output of two methods using majority voting.

  • Feature-level fusion produced low error rates, but its results were outperformed by the decision-level fusion results.

Abstract

Free-text keystroke dynamics is invariably hampered by the huge amount of data needed to train the system. This problem has been addressed in this paper by suggesting a system that combines two methods, both of which provide a reduced training requirement for user authentication using free-text keystrokes. The two methods were fused to achieve error rates lower than those produced by each method separately. Two fusion schemes, namely: decision-level fusion and feature-level fusion, were applied. Feature-level fusion was done by concatenating two sets of features before the learning stage. The two sets of features were: a timing feature set and a non-conventional feature set. Moreover, decision-level fusion was used to merge the output of two methods using majority voting. One is Support Vector Machines (SVMs) together with Ant Colony Optimization (ACO) feature selection and the other is decision trees (DTs). Even though the classifiers using the parameters merged at feature level produced low error rates, its results were outperformed by the results achieved by the decision-level fusion scheme. Decision-level fusion was employed to achieve the best performance of 0.00% False Accept Rate (FAR) and 0.00% False Reject Rate (FRR).

Introduction

Keystroke dynamics is an effortless behaviour-based method for authenticating users, which employs the person’s typing patterns for validating his/her identity. As mentioned by [1], keystroke dynamics is “not what you type, but how you type.” In this approach, the user types in text, as usual, without any extra work to be done for authentication. Moreover, it only involves the user’s own keyboard and no other external hardware. These criteria make keystroke dynamics an excellent alternative or add on to the conventional ID/password authentication scheme.

Unfortunately, passwords are prone to social engineering and can be easily cracked using methods such as dictionary attack and brute force attack. Therefore, users are obliged to use extreme measures to safeguard their passwords, a procedure which includes remembering long and complex passwords in addition to the need for changing their passwords periodically [2]. This causes frustration and apprehension for users, especially when a single user is most likely responsible for more than a hand-full of ID/passwords spread over multiple systems.

However, the main drawback of keystroke dynamics authentication is the large amount of training data it requires. Typing large amounts of text in the enrolment phase is time consuming and not user-friendly. A key-pairing method, which is based on the keyboard’s key-layout, has been suggested as a way to enable one user’s typing pattern to be distinguished from another user’s. The method extracts several timing features from specific key-pairs. This technique was developed to use the smallest amount of training data in the best way possible. In addition, non-conventional features were also defined and extracted from the input stream typed by the user in order to understand typing behaviours based on limited input data.

As fusion was proven to reduce the error rate in classification tasks compared with single classifiers [3], these two techniques were fused in order to increase the performance of keystroke recognition whilst using a small amount of training data. In this study, we apply two different types of fusion techniques, namely: feature-level fusion and decision-level fusion. Specifically, this work attempts to implement both kinds of fusion and then compare between the two methods in order to find the fusion technique that produces the best recognition rate in free-text keystroke dynamics systems with limited training.

The feature-level fusion is done by joining keystroke timing features and non-conventional typing features before the learning phase. Meanwhile the decision-level fusion is done by combining the output of a method involving timing features and SVMs/ACO and another method utilizing non-conventional features and decision trees. Both SVMs and DTs are classifiers that follow non-iterative approaches.

The rest of this paper proceeds as follows. Section 2 introduces keystroke dynamics theory and describes some of the work previously carried out in the area of keystroke dynamics user authentication. Section 3 discusses the feature sets used in this experiment. Section 4 describes the different fusion techniques. In Section 5, we point to the experimental results and discussion, in which the data space and the experimental results are indicated. A discussion about our results and some comparisons with previous studies is also performed in this section. The final section concludes the topic and points out our research contributions and future work.

Section snippets

Keystroke dynamics

There are two basic classes of keystroke dynamics, namely: fixed-text and free-text [4]. The fixed-text keystroke dynamics method uses the typing pattern of the user while entering a predefined text. This text has been previously used to train the system and is delivered by the user at log-in time. Contrariwise, the free-text keystroke method is considered easier for the user as it overcomes the problem of memorizing the text, something that fixed-text keystrokes suffers from. As its name

Keystroke features

Timing features and non-conventional features are utilized in this study. A description of both features is presented in this section

Fusion

Decision support systems (DSS) are schemes to create a model that is able to produce correct decisions given a minimum amount of input data. There are two different ways to go about DSS [18]. The first of which suggests that the progress of DSS should be based on continuous improvement of existing methods and establishing new ones. The second approach recommends combining existing methods that perform well, anticipating that better results will be achieved as the limits of the existing

Experiments, results and discussion

This section presents the experiment results and discussion, in which the data collection, data space and the experimental results are indicated. A discussion about the experiment results and some comparisons with previous studies is performed in this section as well.

Conclusion

In this paper, fusion was applied to improve the performance of keystroke dynamics authentication whilst using the least amount of data for training. Moreover, a comparison between decision-level and feature-level fusion has been presented to improve free-text keystroke dynamics authentication. Feature-level fusion was performed to combine timing features and non-conventional typing features while decision-level fusion was carried-out to merge the outcomes of two classification approaches using

Acknowledgments

The authors wish to extend their gratitude to the participants who were involved in this experiment for the time they took out of their busy schedules to contribute in this study.

References (53)

  • P.D. Gader et al.

    Fusion of handwritten word classifiers

    Pattern Recognit. Lett.

    (1996)
  • M. Karnan et al.

    Biometric personal authentication using keystroke dynamics: a review

    Appl. Soft Comput.

    (2011)
  • F. Monrose et al.

    Authentication via keystroke dynamics

  • R. Biddle et al.

    Analysis, and usable security of passwords based on digital objects

    IEEE Trans. Inf. Forensics Secur.

    (2011)
  • F. Moreno-Seco et al.

    Comparison of classifier fusion methods for classification in pattern recognition tasks

    Joint IAPR International Workshops on Statistical Techniques in Pattern Recognition (SPR) and Structural and Syntactic Pattern Recognition (SSPR)

    (2006)
  • A. Alsultan et al.

    Keystroke dynamics authentication: a survey of free-text methods

    Int. J. Comput. Sci. Issues

    (2013)
  • S.P. Banerjee et al.

    Biometric authentication and identification using keystroke dynamics: a survey

    J. Pattern Recognit. Res.

    (2012)
  • J. Kim et al.

    Keystroke dynamics-based user authentication using freely typed text based on user-adaptive feature extraction and novelty detection

    Appl. Soft Comput.

    (2017)
  • R. Joyce et al.

    Identity authentication based on keystroke latencies

    Commun. ACM

    (1990)
  • E. Lau et al.

    Enhanced User Authentication Through Keystroke Biometrics, In: Computer and Network Security

    (2004)
  • H.R. Lv et al.

    Emotion recognition based on pressure sensor keyboards

  • D. Gunetti et al.

    Keystroke analysis of free text

    ACM Trans. Inf. Syst. Secur.

    (2005)
  • J. Hu et al.

    A k-nearest neighbor approach for user authentication through biometric keystroke dynamics

  • D. Raghu et al.

    Neural network based authentication and verification for web based key stroke dynamics

    Int. J. Comput. Sci. Inf. Technol.

    (2011)
  • P.S. Teh et al.

    Statistical fusion approach on keystroke dynamics

    2007 Third International IEEE Conference on Signal-Image Technologies and Internet-Based System

    (2007)
  • S. Hocquet et al.

    Fusion of methods for keystroke dynamic authentication

    Fourth IEEE Workshop on Automatic Identification Advanced Technologies

    (2005)
  • M. Curtin et al.

    Keystroke biometric recognition on long-text input: a feasibility study

    IMECS

    (2006)
  • D. Gunetti et al.

    Keystroke analysis of different languages: a case study

    Advances in Intelligent Data Analysis VI

    (2005)
  • D. Ruta et al.

    An overview of classifier fusion methods

    Comput. Inf. Syst.

    (2000)
  • J. Bezdek et al.

    Fuzzy Models and Algorithms for Pattern Recognition and Image Processing

    (1999)
  • J. Esteban et al.

    A review of data fusion models and architectures: towards engineering guidelines

    Neural Comput. Appl.

    (2005)
  • A. Ross et al.

    Feature level fusion using hand and face biometrics

  • H. Lv et al.

    Biologic verification based on pressure sensor keyboards and classifier fusion techniques

    IEEE Trans. Consum. Electron.

    (2006)
  • T.H. Ho et al.

    Decision combination in multiple classifier system

    IEEE Trans. Pattern Anal. Mach. Intell.

    (1994)
  • C.W. Hsu et al.

    A Practical Guide to Support Vector Classification, Tech. Rep

    (2003)
  • R.A. Irizarry et al.

    Exploration, normalization, and summaries of high density oligonucleotide array probe level data

    Biostatistics

    (2003)
  • Cited by (0)

    View full text