Authentication of Computer Users Using Keystroke Dynamics as a Biometics Security Scheme

Expert Analysis

Computer systems and networks are now used in almost all technical, industrial, business, and commerce applications. The dependence of people on computers has increased tremendously in recent years and many businesses rely heavily on effective operations of their computer systems and networks for their business to succeed. Corporations store sensitive information such as manufacturing process information, marketing, and financial data in computer systems. Firms involved in the defense industry also store classified information. There are many other examples of sensitive information that accessing them by unauthorized users may entail loss of money or passing of confidential information to unwanted parties. Many incidents of computer systems and networks security problems have been reported in the popular media. The consequences of unauthorized access to computer systems or networks range from inconvenience to worse. The effectiveness of access control to a computer system is based on two ideas : 1) user identification and 2) protection of the access right of users. Protecting the access rights of users is generally done at the system level, by not allowing access permissions to be altered except by authorized super-users.

This work presents techniques to verify the identity of computer users using the keystroke dynamics of computer user's login string as characteristic patterns using pattern recognition and neural network techniques. This work is a continuation of this consultant's previous works in this area where only interkey times were used as features for identifying computer users. In this work this consultant used the key hold times for classification and then compared the performance with the former interkey timebased technique. Then this consultant used the combined interkey and hold times for the identification process. This consultant applied several neural network and pattern recognition algorithms for verifying computer users as they type their password phrases. It was found that hold times are more effective than interkey times and the best identification performance was achieved by using both time measurements. An identification accuracy of 100% was achieved when the combined hold and intekey time-based approach were considered as features using the fuzzy ARTMAP, radial basis function networks (RBFN), and learning vector quantization (LVQ) neural network paradigms. Other neural network and classical pattern algorithms such as backpropagation with a sigmoid transfer function (BP, Sigm), hybrid sum-of-products (HSOP), sum-of-products (SOP), potential function and Bayes' rule algorithms gave moderate performance. Using the hold time as a feature for identifying the computer user is novel.

Samples results of this work are shown below where type I error is probability of accepting authorized users and type II error is the probability of rejecting authorized users.

To see the resume of the expert associated with this case study, see the link below.