Person Identification by Keystroke Dynamics Using Pairwise User Coupling

This article has been accepted for publication in a future issue of this journal, but has not been
fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TIFS.2017.2658539, IEEE
Transactions on Information Forensics and Security
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY 1
Person Identification by Keystroke Dynamics using

Pairwise User Coupling
Soumik Mondal and Patrick Bours
Abstract—Due to the increasing vulnerabilities in cyberspace, maybe to identify him or her. In the previous example of the
security alone is not enough to prevent a breach, but cyber online exam, in case fraud is detected when the authentication
forensics or cyber intelligence is also required to prevent future module detects that the student was typing the exam is not
attacks or to identify the potential attacker. The unobtrusive
and covert nature of biometric data collection of keystroke the intended student, it could be interesting to identify this
dynamics has a high potential for use in cyber forensics or cyber person because it could be one of the current or previous
intelligence. students that already has passed the exam. Another situation
In this paper, we investigate the usefulness of keystroke where identification could be useful is in an online closed or
dynamics to establish the person identity. We propose three open user forum. Here it could be used to identify the person
schemes for identifying a person when typing on a keyboard.
We use various machine learning algorithms in combination posting an anonymous yet offensive or criminal comment, or
with the proposed pairwise user coupling technique and show posting a comment under the name of another person, e.g. after
the performance of each separate technique as well as the getting access to the account of the other person. Finally, an
performance when combining two or more together. In particular, example where identification could be of use is in a chat room,
we show that pairwise user coupling in a bottom-up tree structure where the behaviour of an unknown person is compared to the
scheme gives the best performance, both concerning accuracy and
time complexity. The proposed techniques are validated by using known profiles. For example, if a person is showing pedophile
keystroke data. However, these techniques could equally well be behaviour, then his or her typing behaviour can be compared
applied to other pattern identification problems. We have also to the behaviour of a set of known pedophiles.
investigated the optimized feature set for person identification In our research, we will explore the potential of KD for
by using keystroke dynamics. Finally, we also examined the
performance of the identification system when a user, unlike his
person identification. We will focus on classification tech-
normal behaviour, types with only one hand, and we show that niques with different KD features for identification. We will
performance then is not optimal, as was to be expected. also study the effect of user handedness on the accuracy of
Index Terms—Pairwise User Coupling; Keystroke Dynamics,
identification. The main contributions of this paper are as
Person Identification, Behavioural Biometrics; Cyber-forensics. follows:
• We propose three different identification schemes in this
I. I NTRODUCTION paper. These schemes are based on the pairwise user cou-
pling, where the multi-class pattern identification problem
Keystroke Dynamics (KD) is a well established behavioural will be divided into several two-class problems. These
biometric modality due to the unobtrusive nature of biometric schemes could be useful for person identification when
data collection, low computational complexity and no special the biometric features are weak, or there are few samples
hardware required for data collection [1], [2], [3], [4]. KD present for learning;
is a well-explored research domain in authentication, where • Extensive analysis was done with an online exam based
the research problem is a two class problem i.e. legitimate or keystroke datasets; This dataset was collected from 64
imposter user, but there is little research on the potential of individuals with three different typing modes. To validate
KD for person identification i.e. on the N class problem. our research approach furthermore we have used another
In most cases, it is important to detect that the current user keystroke dynamics dataset with our optimum settings.
is not the authenticated user, for example in the event of PC All These datasets are publicly available for future re-
hijacking, where the information on a system is protected search;
against unauthorized access or modification. Another case • We performed the analysis for both open-set and close-set
could be an online exam where there needs to be certainty settings and show that our optimum settings outperform
that the student behind the keyboard is, in fact, the one that the state of the art research.
should be taking the exam. In some cases, it could also be
interesting to not only authenticate the current user but also The remainder of this paper is as follows. In Section
II, we will discuss some background knowledge for better
Manuscript received August 26, 2016; revised January 11, 2017; accepted understanding of this research that includes the related studies
January 19, 2017. and the classifiers used in this research. In Section III we
S. Mondal was with the Norwegian Information Security laboratory (NIS-
lab), Norwegian University of Science and Technology (NTNU), Gjøvik, provide the description of the dataset and the feature extraction
Norway (email: mondal.soumik@gmail.com, s.mondal@utwente.nl). process. In Section IV we provide the description of the system
P. Bours is with the NISlab, NTNU, Gjøvik, Norway (email: pipeline and the proposed identification schemes followed in
patrick.bours@ntnu.no).
Color versions of one or more of the figures in this paper are available this research. Result analysis presented in Section V and a
online at http://ieeexplore.ieee.org. discussion related to our research can be found in Section VI.
1556-6013 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TIFS.2017.2658539, IEEE
We conclude this research with future work in Section VII. TABLE I

S TATE - OF - THE - ART KD RESEARCH
II. BACKGROUND
Authentication Identification
A. Related Research Static [6], [7], [16], [17], [18], [19] [13], [14]
In KD, users are identified or authenticated based on the Periodic [10], [11], [12] [15]
Continuous [8] [20]
way they type on a keyboard. When a password is typed, then
not only the correctness of the password itself is checked,
but also if the typing rhythm when entering the password is large intra-class variations and the sparse nature of the in-
correct. This process is sometimes called password hardening. formation. We observed that statistical analysis (i.e. distance-
A KD based authentication or identification system is low-cost based classifiers) is successful for authentication but, fails
and easy to implement because most of systems are software to achieve good results in the identification, due to these
based. In such a system, the keystroke timing information has challenges [15]. Therefore a machine learning based approach
to be captured for pattern analysis [2], [5]. was followed in this research, more precisely, we have used
Due to limited information, sparse data, high intra-class four different classifiers in our research. A brief description
variation, and low inter-class variation person identification of these classifiers is given below. We have also used Multi-
using KD is a difficult task. However, KD is a well establish Classifier Fusion (MCF) to investigate possible improvements
biometrics for static, periodic or continuous authentication over the results of single classifiers [21].
[6], [7], [8]. The first article, as far as we know, referring 1) Artificial Neural Network (ANN): ANN is a combination
to KD is by Umphress et al. [9] from 1985, but the ma- of multiple artificial neurons which can be used for clas-
jority of research in this area is from 2000 or later. Table I sification and regression analysis [22]. The neurons consist
shows the state-of-the-art KD research based on the different of a linear activation function with a 2-layer Feed-Forward
objectives (i.e. either authentication or identification) with neural network. We have used the Scaled Conjugate Gradient
different functionalities, i.e. static (the user is authenticated algorithm which is efficient to optimize the cost function and
based on the typing rhythm of a password or a passphrase), also it will reduce the ANN training time.
periodic (the user is re-authenticated after a fixed amount of 2) Counter-Propagation Artificial Neural Network
text, e.g. after 500 keystrokes) and continuous (the user is (CPANN): CPANN is a hybrid learning mechanism based on
continuously re-authenticated based on the typing behaviour). ANN to handle supervised learning problems. In CPANN,
According to the experimental point of view, the typed text the output layer is added to the Kohonen layer which is
can be predefined [7], [10] or can be free text [6], [11], [12]. very similar to Self Organizing Maps and provides both the
Also the experimental environment could be controlled [6] advantages of supervised and unsupervised learning. It can
or uncontrolled [11], [12]. For continuous authentication the also guarantee to find the correct network weights, which is
experimental data were collected every keystroke from a user’s not the case for regular back-propagation networks [23].
computer during a week or more and similar to the previous 3) Support Vector Machine (SVM): SVM is a very well-
functionality here also the experimental environment could be known supervised learning algorithm which can be used
controlled or uncontrolled [8]. for classification problems [24]. This classifier is capable of
In [13] has an artificial neural network technique been used creating a linear decision margin that is as wide as possible,
for real time user identification using KD. This approach depending on the Support Vectors (SV). The SV are those data
was validated experimentally based on data of 6 users, each points from the different classes that are closest to the decision
typing a 15 character phrase 20 times. The achieved iden- line. We have used Gaussian Kernel as a similarity measure
tification accuracy was 97.8%. In [14] a Euclidean distance function in this research.
based nearest neighbour classifier has been used for personal
4) Decision Tree (DT): DT is a tree structure based pre-
identification and an accuracy of 99.3% for 36 users was
dictive learning model which maps features of an observation
achieved. The same technique was also applied to the dataset
about an item to the item’s target value where leaves represent
that we have used in our research to create a baseline, but the
class labels, and branches represent conjunctions of features
technique was unable to provide convincing performance for
that lead to those class labels [25]. In this study, we have
this dataset (see [Baseline] in Table VI). In [15] a periodic
used Bagging-DT (i.e. bootstrap aggregation DT) which gives
identification competition was organized with 500 keystrokes,
us stability and accuracy for the classifier.
where the experimental data was collected in an uncontrolled
environment. Several researchers have participated in this
competition and proposed different techniques to improve the III. DATASET D ESCRIPTION
baseline performance. The top three performance results have A unique keystroke dataset was used in our experiment
shown in Table VI. In our research, we will use the same which was collected from three online exams with five essay
dataset for periodic identification with different amount of questions for each exam. The participants are undergraduate
keystrokes. students from PACE University. To add more complexity to the
dataset the students were instructed to type normally with both
B. Classifier hands for the first exam, and for the second and third exam,
Person identification by analyzing the user’s keystroke they were instructed to use only the left hand and right hand for
behaviour profile is challenging due to limited information, typing respectively. To ensure the instructions were followed
when typing, approximately one-third of all exam attempts Training Phase

Training
occurred in an electronic classroom on the standard desktop Data Feature Pairwise Training Feature Build Classifier Store
computers. This dataset was also used in the ”One-handed Extraction Data Preparation Selection Models Models
Keystroke Biometric Identification Competition” which was a
part of the 8th IAPR International Conference on Biometrics Testing Phase
(ICB’15) [15]. Test Data
Feature Feature Comparison
Decision
Extraction Selection Module Subject ID
A. Data Collection
Fig. 1. Block diagram of our system pipeline.
The dataset consists of typing data of 64 students who
provided at least 500 keystrokes on each of the three exams.
Feature Vector Class Label
A subset of data from both hands typing (i.e. data from the 𝑭𝑽𝟏𝟏 𝟏
first exam) was used as a training set, while the rest of the … …
data was used for testing. 𝑭𝑽𝟏𝒏 𝟏
𝑭𝑽𝟏𝟐 𝟐
The training dataset consisted of a set of 500 normally
… …
typed (i.e. both hands typing) keystrokes from each of the 𝑭𝑽𝟐𝒏 𝟐
64 students. All testing is done with sets of keystrokes, where … …
each set consists of up to 500 keystrokes. Due to the low 𝑭𝑽𝑵−𝟏

𝟏 𝑵−𝟏
… …
number of keystrokes from some students (below 1000), the
𝑭𝑽𝑵−𝟏
𝒏 𝑵−𝟏
test dataset does include only data of 61 students. The number 𝑭𝑽𝑵
𝟏 𝑵
of sets of 500 keystrokes varies per student and ranges from 1 … …
to 38, with a total of 471 such sets. Split over the three exams 𝑭𝑽𝑵
𝒏 𝑵
we find:
Fig. 2. A conventional multi-class training data preparation.
• 203 sets from the first exam (i.e. both-hands typing);
• 131 sets from the second exam (i.e. left hand typing);
• 137 sets from the third exam (i.e. right hand typing). IV. S YSTEM P IPELINE
We would like to mention that this dataset was collected in We learned from the previous research on this dataset
an uncontrolled environment. From various previous studies that the conventional multi-class classification technique with
we learned that collecting experimental data under controlled machine learning or distance-based classification approaches
settings, with a particular task on a specific computer, has failed to achieve a good identification rate (see Table VI for
significant disadvantages. In such a case the user will be these results). To achieve better performance, we applied the
focused more on completing the task, and their keystroke Pairwise User Coupling (PUC) technique using the above
dynamics will not represent their normal typing behaviour mentioned classifiers (see Section II-B). During literature sur-
[26], [27]. vey, we found BradleyTerry model for comparison by pairwise
To the best our knowledge, this is the first keystroke dataset coupling [28], [29], [30]. This model is based on the Bayesian
where one-handed typing of users has been considered for solution for classification that requires posterior probability
free-text analysis. Moreover, a realistic scenario where the density for all the classes, which poses a limitation to our
reference template was built by the keystroke data typed by research. Therefore, we came up with the PUC approach to
both hand and the test data is partially coming from the single mitigate this limitation. Figure 1 shows the pipeline of our
hand typing. In an everyday situation, it might happen that system. A conventional training data preparation is signifi-
the user uses one hand for another task, like making a phone cantly different from the pairwise training data preparation. We
call or writing down notes. In this scenario, the identification elaborate on the description of this data preparation process
performance of keystroke dynamics based on the one-handed in Section IV-A.
typing needs to be studied.
A. Pairwise Training Data Preparation
B. Feature Extraction Figure 2 shows an example of a multi-class (i.e. N class)
Due to the limited information we can capture for KD, training dataset for conventional training data preparation. In
every keystroke raw data k is encoded as k = (A, T p , T r ), this example, F Vqi represents the feature vector of user i from
where T p , T r are the timestamps in millisecond for key q th sample, where i = 1, 2, . . . N , q = 1, 2, . . . n and n is the
press and key release and A is the value of the pressed total number of training samples for user i. The last column
key. From the raw data are the feature vectors encoded as represents the class label i.e. a value between 1 and N . When
F Vi = (Ai , Ai+1 , di , lirp , lirr , lipp ), where Ai and Ai+1 are the we prepared our training dataset according to this process,
ith and (i + 1)th keys encoded with ASCII values, and di we found a low learning accuracy of the classifiers and we
is the duration of the ith pressed key (i.e. di = Tir − Tip ). are unable to achieve good results. Therefore, we came up
Furthermore do lirp , lirr , and lipp represent latencies between with a solution called PUC, where the multi-class classification
the ith and (i + 1)th keys, in particular lirp = Ti+1 p
− Tir , problem will be divided into several two-class classification
rr r r pp p p
li = Ti+1 − Ti , and li = Ti+1 − Ti . problems.
j 𝑷𝑴𝟏𝟐 𝑷𝑴𝟑𝟒 𝑷𝑴𝟓𝟔 𝑷𝑴𝟖𝟕 𝟗

𝑷𝑴𝟏𝟎 𝟏𝟏
𝑷𝑴𝟏𝟐 𝟏𝟑
𝑷𝑴𝟏𝟒 𝟏𝟓
𝑷𝑴𝟏𝟔 𝟏𝟕
𝑷𝑴𝟏𝟖 𝟏𝟗
𝑷𝑴𝟐𝟎
𝑺𝟏𝟑 < 𝑺𝟏𝟒

𝑷𝑴𝟏𝟐 𝑷𝑴𝟏𝟑 𝑷𝑴𝟏𝟒 𝑷𝑴𝟏𝑵−1 𝑷𝑴𝟏𝑵
𝑺𝟏𝟏 > 𝑺𝟏𝟐

𝑺𝟕 < 𝑺𝟖
𝑺𝟏𝟓 > 𝑺𝟏𝟔
𝑺𝟏𝟕 < 𝑺𝟏𝟖
𝑺𝟏𝟗 < 𝑺𝟐𝟎

𝑺𝟗 < 𝑺𝟏𝟎
i
𝑺𝟑 < 𝑺𝟒
𝑺𝟏 < 𝑺𝟐
𝑺𝟓 > 𝑺𝟔
𝑷𝑴𝟐𝟏 𝑷𝑴𝟐𝟑 𝑷𝑴𝟐𝟒 … 𝑷𝑴𝟐𝑵−𝟏 𝑷𝑴𝟐𝑵 𝟐 𝟒 𝟓 𝟖 𝟏𝟎 𝟏𝟏 𝟏𝟒 𝟏𝟓 𝟏𝟖 𝟐𝟎
𝑷𝑴𝟑𝟏 𝑷𝑴𝟑𝟐 𝑷𝑴𝟑𝟒 … 𝑷𝑴𝟑𝑵−𝟏 𝑷𝑴𝟑𝑵

𝑷𝑴𝟐𝟒 𝑷𝑴𝟓𝟖 𝑷𝑴𝟏𝟎
𝟏𝟏 𝑷𝑴𝟏𝟒
𝟏𝟓 𝑷𝑴𝟏𝟖
𝟐𝟎
𝑷𝑴𝟒𝟏 𝑷𝑴𝟒𝟐 𝑷𝑴𝟒𝟑 … 𝑷𝑴𝟒𝑵−𝟏 𝑷𝑴𝟒𝑵
𝑺𝟏𝟎 > 𝑺𝟏𝟏
𝑺𝟏𝟖 > 𝑺𝟐𝟎

𝑺𝟏𝟒 < 𝑺𝟏𝟓
𝑺𝟓 > 𝑺𝟖
𝑺𝟐 < 𝑺𝟒
.
𝟒 𝟓 𝟏𝟎 𝟏𝟓 𝟏𝟖
.
𝑷𝑴𝟒𝟓 𝑷𝑴𝟏𝟎
. 𝟏𝟓
𝑺𝟏𝟎 < 𝑺𝟏𝟓

𝑺𝟒 > 𝑺𝟓
𝑷𝑴𝑵−𝟏
𝟏 𝑷𝑴𝑵−𝟏
𝟐 𝑷𝑴𝑵−𝟏
𝟑 … 𝑷𝑴𝑵−𝟏
𝑵−𝟐 𝑷𝑴𝑵−𝟏
𝑵
𝟒
𝑷𝑴𝑵
𝟏 𝑷𝑴𝑵
𝟐 𝑷𝑴𝑵
𝟑 … 𝑷𝑴𝑵
𝑵−𝟐 𝑷𝑴𝑵
𝑵−𝟏
𝟏𝟓 𝟏𝟖
𝑷𝑴𝟏𝟓
𝟏𝟖
𝑺𝟏𝟓 > 𝑺𝟏𝟖

Fig. 3. Pairwise training models for multi-class PUC.
𝟒 𝟏𝟓
Feature Vector Class Label

𝑷𝑴𝟒𝟏𝟓
𝑭𝑽𝟒𝟏 𝟏
𝑺𝟏𝟓 > 𝑺𝟒
… … Decision
𝟏𝟓
ID, Score (15, 𝑺𝟏𝟓)
𝑭𝑽𝟒𝒏 𝟏
𝑭𝑽𝟓𝟏 𝟐
Fig. 5. A graphical representation of Algorithm 1 where N = 20 and r = 1.
… …
𝑭𝑽𝟓𝒏 𝟐
that all pairwise comparisons require approximately the same

Fig. 4. Example of the training dataset to build a pairwise model P M54 . amount of time and this will be an indication of the relative
running times of the three schemes.
Figure 3 shows a pictorial representation of a pairwise

training models for multi-class PUC. In this example, we B. Scheme 1 (S1)
can see that multiple training models are created (denoted
by P Mji ) for user i and j, where i = 1, 2, . . . N and Figure 5 illustrates the insight the of Algorithm 1 for Scheme
j ∈ Ji = {[1, 2, . . . N ] − [i]}. The training dataset, to build 1 (S1) where the total number of users is 20 and the required
any given pairwise model for any given classifier, was created rank is 1, i.e. N = 20 and r = 1. In this example figure, the
as represented in Figure 4. The data samples from user i (i.e. pairs are created in increasing order but in our actual analysis
F Vqi , where q = 1, 2, . . . ni and ni is the total number of we have selected these pairs randomly in each round of the
training samples for user i) and j (i.e. F Vqj ) have 1 and 2 as a loop.
class label respectively. During testing, If score sc > 0.5, then We can see that after each iteration the number of users
we estimate that the sample originates from user i, otherwise reduces until the number of users satisfied the required rank
from user j. We train the classifier for every training pair and based on the maximization of the average score i.e. S i > S j
store the classifier(s) models P Mji to be used in comparison for m number of keystrokes where
and decision module. m
1 X
Three different identification schemes (i.e. S1, S2, and S3) Si = scp and S j = 1 − S i (1)
were developed for the comparison and decision module (see m p=1
Figure 1 marked with a dotted box). In scheme S1 we will
randomly arrange the set of users into pairs and for each pair If the number of users in a round is even (2n), then this
(user i, user j) we will determine if the data fits better to the number will be halved (n). In case of an odd number of users
profile of user i or user j. The user whose profile fits best to the (2n + 1), will one user continue without comparison, so at
data will proceed to the next round of the scheme. In scheme the end of the round n + 1 users are left. The number of
S2 we will, for each user i, randomly choose k other users and comparisons T1 for this scheme, when starting with N users
determine the mean score for user i when comparing the test and stopping at rank r is T1 (N, r) = N − r.
data in the k pairwise comparisons with the randomly chosen
other users. The user has the highest total score is selected as
C. Scheme 2 (S2)
identified user. Scheme S3 is based on applying scheme S2
twice. First scheme S2 is used to reduce the set of potential Figure 6 shows an example of a graphical representation of
users from the original N users to only c users. In the second Algorithm 2 for Scheme 2 (S2) where k = 6 and r = 1. During
step the remaining c users are compared in a full comparison, comparison for the ith subject, we first randomly choose k
i.e. we apply scheme S2 on N = c users, and we use k = c−1 pairs from the set P M i and calculate the classification scores
to compare a user with all c − 1 other remaining users. The for test set Γ for each of these k pairs. This will give a total
three schemes will be discussed in more detail in Sections of k × m score values for any given classifier. Let λp denote
IV-B, IV-C, and IV-D. For all schemes, we also show how the score value of any given classifier where p = 1, 2, . . . m,
many pairwise comparisons are made under the assumption then we denote by scq = λ the score vector obtain q th pair
Algorithm 1: Algorithm for Scheme 1

Input: P Mji ← The pairwise classifier model for any given classifier, where i ∈ I = {1, 2, 3 . . . N }, N is the number of
users and j ∈ Ji = I − {i}; Γ ← The set of test keystrokes, where |Γ| = m, i.e. m is the number of performed
keystrokes; r ← The required rank.
Output: U serid, score
1 while |I|j> rk do
2 k = |I| 2 ; T = I; SC = ∅
3 while |I| ≥ k do
4 i = random{T }; T = T − {i}; j = random{T }; T = T − {j}
5 Calculate score sc (i.e. scp = P (γp |Hi ) where γp is the feature vector after feature selection of the performed
keystroke p and Hi is the hypothesis for the user i) for all test keystrokes Γ from the selected pair P Mji with
given classifier(s).
Pm
1
6 So, S i = m j
p=1 scp ; S = 1 − S
i
i j
7 if S > S then
8 I = I − {j}; SC = SC ∪ {(i, S i )}
9 else
10 I = I − {i}; SC = SC ∪ {(j, S j )}
11 end
12 end
13 end
14 U serid, score = SC

keystrokes; k ← The number of comparison and k < N ; r ← The required rank.
1 SC = ∅; T = I
2 while |I| =
6 0 do
3 i = {I}; I = I − {i}; J = T − {i}; S i = 0
4 while k > 0 do
5 j = random{J}; J = J − {j}
given classifier(s). P
1 m
7 So, S i = S i + m×k p=1 scp ; k = k − 1
8 end
9 SC = SC ∪ {(i, S i )}
10 end
11 X = {i|(i, S i ) ∈ SC}
12 X1 ⊆ X where |X1 | = r
13 U serid, score = {(i, S i )| min{S i |i ∈ X1 } > max{S j |j ∈ X − X1 }}
where q = 1, 2, . . . k. Then we obtain the resultant score for Figure 7 shows an example of how the S2 scheme works
the ith user by when the total number of users is 32, i.e. N = 32. In these
figures, dots represent the scores obtained from the selected
k m model, and the circle represents the mean scores. Figure 7a
1 XX q
Si = sc (2) represents the score plot when k = 2. In this figure, we can see
m × k q=1 p=1 p
that the mean score for user 4 is highest compared to others,
but the mean scores from user 13 and 30 are very close to
We repeat this procedure for all users (i.e. i = 1, 2, . . . N ) the mean score for user 4. This indicates that there is still
and select the user with the highest score S i as the identified certain doubt whether or not user 4 is the correctly identified
user. The number of comparisons T2 for this scheme is user. As we increased the value of k, the difference between
independent of r, but depends on N and k, in particular we the mean score for user 4 and the mean scores for the other
have T2 (N, k) = N × k.
1 1
Mean Score Mean Score
0.9 0.9
0.8
0.8
0.7
0.7
0.6
0.6
Score
Score
0.5
0.5
0.4
0.4
0.3
0.3
0.2
0.2 0.1
0.1 0
0 5 10 15 20 25 30 35 0 5 10 15 20 25 30 35
User ID User ID
(a) k = 2 (b) k = 8
1 1
Mean Score Mean Score
0.9 0.9
0.8 0.8
0.7 0.7
0.6 0.6
Score
Score
0.5 0.5
0.4 0.4
0.3 0.3
0.2 0.2
0.1 0.1
0 0
0 5 10 15 20 25 30 35 0 5 10 15 20 25 30 35
User ID User ID
(c) k = 12 (d) k = 15
Fig. 7. Mean score changes for different k values when used Algorithm 2 with N = 32.
1
Calculate m scores (𝑠𝑐1) from 𝑃𝑀𝑥1
1
TABLE II
𝟏
𝑷𝑴𝒙𝟏 𝟏
𝑷𝑴𝒙𝟐 Calculate m scores (𝑠𝑐 2) from 𝑃𝑀𝑥2
𝑘 𝑚 O BTAINED RESULTS FROM DIFFERENT PUC SCHEMES WITH DIFFERENT
1
Calculate m scores (𝑠𝑐 3) from 𝑃𝑀𝑥3 1 𝑞
𝟏
𝑷𝑴𝒙𝟑 𝟏
𝑷𝑴𝒙𝟒 1
Calculate m scores (𝑠𝑐 4) from 𝑃𝑀𝑥4 𝑆1 = 𝑠𝑐𝑝 CLASSIFIERS FOR m = 500.
1
Calculate m scores (𝑠𝑐 5) from 𝑃𝑀𝑥5
𝑘∗𝑚
𝟏 𝟏 𝑞=1 𝑝=1
𝑷𝑴𝒙𝟓 𝑷𝑴𝒙𝟔 1
Calculate m scores (𝑠𝑐 6) from 𝑃𝑀𝑥6
𝑆1 Accuracy (%)
User 1 ANN CPANN SVM DT
. S1 39.5 59 58.4 62.2
. Decision S2 24.4 51.4 41.2 45.9
. max(S) S3 41.8 58.6 58.8 61.4
ID, Score
.
.
𝑆𝑁
𝑁
Calculate m scores (𝑠𝑐1) from 𝑃𝑀𝑦1
𝑵
𝑷𝑴𝒚𝟏 𝑵
𝑷𝑴𝒚𝟐
𝑁
Calculate m scores (𝑠𝑐 2) from 𝑃𝑀𝑦2
in the reduced set of c users. We would like to mention that
𝑘 𝑚
𝑁
Calculate m scores (𝑠𝑐 3) from 𝑃𝑀𝑦3 1 𝑞 S3 is not an independent scheme, it is a combination of S2
𝑷𝑴𝑵
𝒚𝟑 𝑷𝑴𝑵
𝒚𝟒 𝑁
Calculate m scores (𝑠𝑐 4) from 𝑃𝑀𝑦4 𝑆𝑁 = 𝑠𝑐𝑝
𝑁
Calculate m scores (𝑠𝑐 5) from 𝑃𝑀𝑦5 𝑘∗𝑚 with an additional correction made after getting the Rank-c
𝑷𝑴𝑵
𝒚𝟓 𝑷𝑴𝑵
𝒚𝟔 𝑁
𝑞=1 𝑝=1
Calculate m scores (𝑠𝑐 6) from 𝑃𝑀𝑦6
users from S2. This scheme can be considered as using S2
User N
for a re-ranking process after the initial S2 scheme. For S3
Fig. 6. A graphical representation of S2 where k = 6 and r = 1. the number of comparisons T3 depends on N , k and c. To be
precise we have T3 (N, k, c) = T2 (N, k) + c × (c − 1).
users increased (see 7b, 7c and 7d). Furthermore, because of V. R ESULT A NALYSIS
the mean score values are based on more data points, that In this section will we discuss the identification results
lead to the confidence interval become smaller. Therefore, we obtained from the different analyses. The analyses focus on
identified the unknown user as user 4. the proposed algorithms, keystroke features for identification,
multi-classifier fusion, and analysis of user’s typing hand. We
D. Scheme 3 (S3) have performed an open-set experiment, and that result will
also be discussed in this section.
Algorithm 3 shows the algorithm for Scheme 3 (S3). Let
∆ = [δ1 , δ2 , . . . δc ] be the set of the Rank-c users after
applying S2 with r = c, where ∆ ⊆ {1, 2, . . . N }. Now we A. Analysis of the Proposed Schemes
repeat S2 with the set of ∆ users with a fixed value of k, i.e. Table II shows the Rank-1 identification accuracy obtained
k = c − 1. This means that we consider all impostor users for S1, S2 and S3 schemes where m = 500 (see Algorithm

keystrokes; k ← The number of comparison for Algorithm 2 and k < N ; c ← The rank correction; r ← The
required rank and r < c.
1 T ← The set of Rank - c users after applying Algorithm 2
2 SC = ∅; I = T
3 while |I| =
6 0 do
4 i = {I}; I = I − {i}; J = T − {i}; t = |J|; S i = 0
5 while t > 0 do
6 j = {J};
given classifier(s). P
1 m
8 So, S i = S i + m×t p=1 scp ; t = t − 1
9 end
10 SC = SC ∪ {(i, S i )}
11 end
12 X = {i|(i, S i ) ∈ SC}
13 X1 ⊆ X where |X1 | = r
14 U serid, score = {(i, S i )| min{S i |i ∈ X1 } > max{S j |j ∈ X − X1 }}
TABLE III the identification accuracy for S3, but it will saturate after
O BTAINED RESULTS FROM S3 FOR DIFFERENT k VALUES . a certain value of k (see Table III). Therefore, we have
Accuracy (%) decided to use k = 25 for further analysis.
ANN CPANN SVM DT
k =5 31.8 56.5 52 58.6 B. Analysis on Keystroke Features
k = 15 41.4 58.4 56.3 61.6
k = 25 41.8 58.6 58.8 61.4 In this section, we analyze various keystroke features
k = 35 42.5 58.4 57.1 61.6 that have significant information for person identifica-
tion. The details of the extracted features (i.e. F Vi =
(Ai , Ai+1 , di , lirp , lirr , lipp )) for this research can be found in
1, 2 and 3). The system performance obtained from S2 where Section III-B. We used three different feature subsets in our
k = 25 for Algorithm 2 and for the S3 scheme k = 25 and analysis:
c = 8 for Algorithm 3. We have also tested this scheme with • FE1: The feature vector will be the duration of a partic-
different k values for Algorithm 3, where k = 5, 15, 25, or 35. ular keystroke, i.e. fi = (Ai , di ) and fi ⊂ F Vi ;
Table III shows the Rank-1 identification accuracy for different • FE2: The feature vector has been all the keystroke
classifiers with different k values. features extracted for our research, i.e. fi = F Vi ;
We would like to mention that all the above analysis was • FE3: We have used the feature selection technique pro-
done with the feature vector fi = (Ai , di ) (i.e. only key press posed by Ververidis et al. [31], i.e. fi ⊆ F Vi . In this
time of a particular key). Below are some observations made case, the feature subset is different for different choices
during these analyses: of classifiers.
• We can see from the results that the ANN performance is Table IV shows the identification accuracy when using
low compared to the performance of the other classifiers, the feature subsets as mentioned above for the identification
for all the schemes for any given scenario (see Table II schemes S1 and S3. We clearly see from these figures that the
and III). FE1 feature setting performs better than the other settings for
• We observe that S1 performs better than S2, while the each of all the classifiers with all the different identification
number of comparisons for S1 is also lower compared schemes. We can also observe that the DT classifier performs
to S2 (i.e. T2 > T1 ). The identification accuracy of S3 better than the other classifiers irrespective of the feature
is significantly higher when compared to S2, but it was subset and identification schemes. When we use FE2 feature
similar performance accuracy like S1. Also the number subset, we can see that SVM and CPANN classifiers failed
of comparisons for S3 is higher compared to the S2 and unexpectedly for both the identification schemes. In the case
S1, i.e. T3 > T2 > T1 (see Sections IV-B, IV-C and IV-D of FE3, we can find large accuracy differences for S1 and S3
for T1 , T2 and T3 ). For the above reasons we decided not for the CPANN classifier.
to use S2 for further analysis. We observe that the FE1 feature subset is the most robust
• We can see that increasing the value of k will improve for person identification with this keystroke biometric dataset.
100
TABLE IV
O BTAINED RESULTS BY USING DIFFERENT FEATURE SUBSET. 90
Accuracy (%) 80
ANN CPANN SVM DT 70

FE1+S1 39.5 59 58.4 62.2
FE1+S3 41.8 58.6 58.8 61.4 60
Accuracy (%)
FE2+S1 35 12.3 17.2 55.2 50
FE2+S3 34.6 20.6 16.6 54.8
FE3+S1 32.1 14 38 53.3 40
FE3+S3 34.8 41 40.8 52.7 30
20
TABLE V
10
O BTAINED RESULTS FROM THE MCF ANALYSIS . FE1+ALL MCF+S1
FE1+ALL MCF+S3
0
0 50 100 150 200 250 300 350 400 450 500 550
Accuracy (%) Number of Keystrokes
CPANN-DT SVM-CPANN SVM-DT ALL MCF
FE1+S1 62.8 60.9 62.4 63.3
FE1+S3 60.5 59.7 60.5 61.6 Fig. 8. Rank-1 identification accuracy when used test samples that are typed
by using both hands.
Therefore, we will not consider feature subsets (i.e. FE2 and 100
FE3) in our further analysis. We can also observe that the 90
ANN classifier has the worst performance when using FE1.

80
Therefore, we will also not consider the ANN classifier for
70
further analysis.
60
Accuracy (%)
50
C. Multi-Classifier Fusion (MCF)
40
In case of MCF, we denote by (c1 , c2 , c3 ) = (λp , ρp , τp ),
30
where λp , ρp and τp are the obtained score values from
CPANN, SVM and DT classifiers respectively, where p = 20
1, 2, ..., m. Then the resultant score value scp is a weighted 10 FE1+ALL MCF+S1
FE1+ALL MCF+S3
sum of the three separate scores (see Algorithms 1 and 3 for 0
0 50 100 150 200 250 300 350 400 450 500 550
scp ). In particular Number of Keystrokes
3 3
X X Fig. 9. Rank-1 identification accuracy when used test samples that are typed
scp = ( wq cqp )/( wq ) (3) only by right hand.
q=1 q=1
where wp denote the weights for the weighted fusion tech- 100
nique. We used the following different MCF settings:

90
• ALL MCF: In this setting we included all three classifiers,

80
i.e. w1 = w2 = w3 = 1;
70
• SVM-DT: In this setting we excluded CPANN, i.e. w1 =
0; 60
Accuracy (%)
• CPANN-DT: We excluded SVM in this setting, i.e. w2 = 50
0; 40
• SVM-CPANN: In this setting we excluded DT, i.e. w3 = 30
0. 20
Table V shows the Rank-1 identification accuracy obtained 10 FE1+ALL MCF+S1

by the MCF analysis with the settings as mentioned above FE1+ALL MCF+S3
0
from S1 and S3 schemes. We can see the clear improvement 0 50 100 150 200 250 300 350
Number of Keystrokes
400 450 500 550
of the identification accuracy for MCF when compared to

a single classifier by comparing Table V and II. The S1 is Fig. 10. Rank-1 identification accuracy when used test samples that are typed
performing better than the S3 for every MCF setting. We also only by left hand.
note that when we are using all three classifiers for MCF, the
performance was best. Therefore, we will focus on the ALL
MCF setting for the remainder of our analysis. classification settings (i.e. FE1+ALL MCF) with S1 and S3.
As mentioned earlier does the test dataset for our research
D. Typing Hand consist of three different typing hand samples (see Section
In this section, we will analyze the identification accuracy III-A for more details). These are
for different handedness of the test samples for our best • Both Hands: The test samples that represents the normal
100
VI. D ISCUSSION
90
A. Summary of findings
80
We can clearly see from our analysis that for the dataset
Detection and Identification Rate (%)
•
70
[15] the keystroke duration of a given key is the most
60
stable feature for person identification.
50 • We found that Pairwise User Coupling (PUC) with
40 bottom-up tree structure based scheme, i.e. S1, is the most
30
robust identification scheme during our analysis. Also,
this technique has a lower computational complexity than
20
the other proposed schemes.
10 FE1+ALL MCF+S1
FE1+ALL MCF+S3
• Of the four classifiers used in this research is Decision
0
0 50 100 150 200 250 300 350 400 450 500 550 Tree (DT) is found to be the most robust classifier in
Number of Keystrokes
combination with PUC on the given dataset.
Fig. 11. Detection and Identification Rate (DIR) for S1 and S3. • Multi-Classifier Fusion (MCF) can improve the identifi-
cation accuracy.
• We obtained an overall identification accuracy of 63.3%
for the closed-set analysis (see Table V) and a DIR of
typing when using both hands. Figure 8 shows the results 68.4% for the open-set analysis (see Figure 11). These
obtained from this analysis and we can see that the results were obtained without considering typing hand.
performance of S1 and S3 are very similar. • We can see that there is high recognition accuracy in case
• Right Hand: The test samples that are typed only with the of normal both hands typing compared to single hand
right hand. Figure 9 shows the results we obtained from typing, i.e. 89.7% identification accuracy. It is obvious
this analysis and we can see that S1 performs better than that typing with only one hand will influence the typing
S3. behaviour, but despite this, we can still identify users
• Left Hand: The test samples that are typed with the left with 36.6% accuracy when they use the left hand and
hand only. Figure 10 shows the results we obtained from 50.4% accuracy when they use the right hand. All of
this analysis and similar to the Right Hand result we also these achieved identification rates are better than the state
observe that S1 performs better than S3. of the art identification rates achieved on this dataset.
• The better performance for the right hand is most likely
due to the fact that most people are right-handed and
E. Open-set Experiment hence typing with the right hand resembles the natural
typing behaviour better than typing with the left hand.
We also performed an open-set analysis, where 50% of the Therefore, we can say that keystroke dynamics has the
users is known to the system, and the other 50% are completely potential to identify a person, provided that the data is
unknown to the system. In this experiment, the set of users I based on the normal typing behaviour of a user.
for all the schemes will be I = {1, 2 . . . N 2−1 } (see Algorithms • We would like to mention that after the initial survey, we
1 and 3). To measure the Detection and Identification Rate have used some well-known classifiers (i.e. ANN, SVM,
(DIR), we used a threshold (i.e. Topen ) that will decide whether CPANN and DT ) for our analysis. All these classifiers
the user is within the group of known users or not. If the are trained in a binary classification environment as
U serscore ≥ Topen (see Algorithms 1 or 3 for U serscore ) mentioned in section IV-A. We have tried to maintain
then we say that the user is within the set of known users, a balance between prediction models as well as logistic
otherwise the person is said to be an unknown user. If we regression models. Acceding to our PUC technique, it
find that the user is known to the system, then the system will does not depend on upon the selected classifier; it can
establish the identity of the user. The DIR is the summation work on any given classifier if the classifier can provide
of the following two values: the matching score.
• True ID: Where U serscore ≥ Topen i.e. adversary is
within the known user set and correctly identified. B. Comparison with previous research
• True Not In: Where U serscore < Topen i.e. adversary
As we have mentioned before, this dataset was used in the
was indeed not in the known user set.
”One-handed Keystroke Biometric Identification Competition”
Figure 11 shows the DIR obtained from this analysis for S1 with 500 keystrokes as a sample for evaluation. We take the
and S3 with FE1 and ALL MCF setting. We can see that the competition results from [15] to compare with our results.
DIR is higher for S1 when compared to S3 for any given size Table VI shows the comparison between our best identification
of the keystrokes. accuracy with the top three positions in the competition. We
We have added the Credible Interval for the Figures 8 to can clearly see that both of our techniques perform better than
11 to show the statistical significance of our achieved results. the best place in the competition. The [Baseline] performance
A Credible Interval is an interval in the domain of a posterior was obtained by applying a similar technique as proposed by
probability distribution used for interval estimation [32]. Tappert et al. [14]. Both of our techniques achieved 89.7%
TABLE VI the problem of low inter-class variation and high intra-class

R ESULTS C OMPARISON variation. Apart from this, there are several other advantages
Accuracy (%) such as, it can learn users’ behaviour when we have a low
Methods Both Right Left number of training samples. In this research, we have used 500
Hands Hand Hand keystroke samples for template creation which is considered
1st Position 82.8 40.2 30.5 to be a small number of keystrokes for free-text keystroke
Competition 2nd Position 82.8 32.1 27.5 dynamics based person identification. We have also noted in
Results 3rd Position 69.5 20.4 16.8
Baseline 61.1 9.5 6.2 this research as well as in [20] for other datasets, that these
Conventional schemes can produce a high identification rate when we have
multi-class ALL MCF 72.9 30.7 26.7 a low number of test samples.
Approach We believe that the assumption made in scheme S1, i.e.
Our PUC FE1+ALL MCF+S1 89.7 50.4 36.6 the correct subject always has the highest score in every pair
Approach FE1+ALL MCF+S3 89.7 46.7 34.4
of analysis, is not always valid. Especially for behavioural
biometrics based datasets, this might not be true, due to the
identification rate for Both Hands, which is an improvement large intra-class and small inter-class variations. Therefore,
of 6.9% when compared to the best results in the competition it might produce a lower identification accuracy which was
in this category. In the Left Hand category, our first technique observed in [20] and in section VI-C, when applied to other
(i.e. FE1+ALL MCF+S1) achieved 36.6% accuracy, which is behavioural biometric datasets, but we find the best result with
an improvement of 6.1% when compared to the best result this scheme applied to this dataset.
in the competition in this category. Our second technique (i.e. In keystroke dynamics research often distance-based clas-
FE1+ALL MCF+S3) achieved an accuracy of 34.4%, which is sifiers are used [7]. We would like to mention that most of
still almost 4% higher than the best results in [15]. Finally, for the state of the art research was done for authentication with
the Right Hand category, our first technique achieved 50.4% a fixed text, but in this research, we are using keystrokes for
accuracy, which is the improvement of 10.2% when compared person identification with free text. To add more complexity
to the best result in the competition in this category. Our we have used a dataset where the user’s handedness was taken
second technique scored slightly lower than the first with a into consideration. Therefore, we can see that a distance based
46.7% accuracy. classifier failed to achieve a good result in this dataset (see
[Baseline] performance in Table VI). We have also observed
C. Experiment with other Dataset that conventional multi-class classification with three different
classifiers (i.e. SVM, CPANN and DT) in a weighted fusion
To validate our KD based person identification with PUC
approach have achieved 9.9% to 19.7% less identification
approach furthermore, we have used another publicly available
accuracy when compared to our PUC approaches (see the per-
KD dataset with a mix of free-text and fixed-text input
formance of the [Conventional multi − class Approach] in
[14], [33]. We applied our technique to this dataset for only
Table VI).
111 participants where each participant have presented on
an average of 11 samples. Each of these samples contains
approximately 724 keystrokes. We have used one sample from VII. C ONCLUSION
each participant for training and the rest of the samples for In this research, we have focused on identifying a person
testing. The overall Rank-1 identification accuracy obtained is based on the person’s typing behaviour. A comprehensive
higher when compared to the previous dataset, e.g. for S1 the analysis was done in a publicly available unique online exam
Rank-1 identification accuracy is 76.9%, and for S3 it is 78.7% based keystroke dynamics dataset and achieved approximately
(in the case of previous dataset [15] the obtained accuracy for 7% better identification accuracy when compared to the state
S1 is 63.3% and for S3 is 61.6%). We also obtained Rank-1 of the art result on the same dataset (i.e. about 90% identi-
identification accuracy of 46% by using conventional multi- fication rate when using normal typing behaviour). We have
class classification approach which is 30.9% to 32.9% lower also performed an analysis of the optimal feature set of the
identification accuracy when compare to our PUC approach. keystroke pattern for personal identification and shown that
In the previous dataset [15], participant’s handedness was the duration features are more stable than a combination of
introduced which makes the dataset bit more challenging duration and latency features. We proposed three identification
compared to the dataset of [14], [33]. Therefore, we believe schemes with pairwise user coupling and shown that bottom-
that this is the reason behind getting the better result even up tree structure based scheme gives the best results. The
we have more participants in this dataset. In [20], we can proposed identification algorithms are general enough that
also find more person identification results by using different these could also be applied to other pattern identification
behavioural biometric modalities. problems where the feature vector is relatively weak or the
number of samples provided for training is low.
D. Proposed Identification Schemes The objective of using typing behaviour to identify a person
We described three different identification schemes with is to use it as a tool for cyber-forensics. In the future, we
the PUC. This approach has been used to divide a multi- plan to perform an experiment on real world cyber-forensics
class problem into several two-class problems to mitigate data and investigate how it can be used as forensics evidence
in court. In the future, we will also investigate how well we [25] R. Barros, M. Basgalupp, A. de Carvalho, and A. Freitas, “A survey
can improve the performance for one handed typing and the of evolutionary algorithms for decision-tree induction,” IEEE Trans.
on Systems, Man, and Cybernetics, Part C: Applications and Reviews,
scalability of our proposed schemes. vol. 42, no. 3, pp. 291–312, 2012.
[26] P. S. Dowland and S. M. Furnell, “A long-term trial of keystroke
R EFERENCES profiling using digraph, trigraph and keyword latencies,” in Security and
Protection in Information Processing Systems, 2004, vol. 147, pp. 275–
[1] R. V. Yampolskiy and V. Govindaraju, “Behavioural biometrics: a survey 289.
and classification,” Int. Journal of Biometrics, vol. 1, pp. 81–113, 2008. [27] A. A. Ahmed and I. Traore, “Biometric recognition based on free-text
[2] S. P. Banerjee and D. L. Woodard, “Biometric authentication and keystroke dynamics,” IEEE Trans. on Cybernetics, vol. 44, no. 4, pp.
identification using keystroke dynamics: A survey,” Journal of Pattern 458–472, 2014.
Recognition Research, vol. 7, pp. 116–139, 2012. [28] R. A. Bradley and M. E. Terry, “Rank analysis of incomplete block
[3] S. Bhatt and T. Santhanam, “Keystroke dynamics for biometric authen- designs: I. the method of paired comparisons,” Biometrika, vol. 39, no.
tication - a survey,” in Int. Conf. on Pattern Recognition, Informatics 3/4, pp. 324–345, 1952.
and Mobile Engineering (PRIME’13), 2013, pp. 17–23. [29] T. Hastie and R. Tibshirani, “Classification by pairwise coupling,” The
[4] M. Karnan, M. Akila, and N. Krishnaraj, “Biometric personal authen- Annals of Statistics, vol. 26, no. 2, pp. 451–471, 04 1998.
tication using keystroke dynamics: A review,” Applied Soft Computing, [30] M. Cattelan, “Models for paired comparison data: A review with
vol. 11, no. 2, pp. 1565 – 1573, 2011. emphasis on dependent data,” Statistical Science, vol. 27, no. 3, pp.
[5] L. Araujo, J. Sucupira, L.H.R., M. Lizarraga, L. Ling, and J. B. T. Yabu- 412–433, 2012.
Uti, “User authentication through typing biometrics features,” IEEE [31] D. Ververidis and C. Kotropoulos, “Information loss of the mahalanobis
Trans. on Signal Processing, vol. 53, no. 2, pp. 851–855, 2005. distance in high dimensions: Application to feature selection,” IEEE
[6] F. Bergadano, D. Gunetti, and C. Picardi, “Identity verification through Trans. on Pattern Analysis and Machine Intelligence, vol. 31, no. 12,
dynamic keystroke analysis,” Intelligent Data Analysis, vol. 7, no. 5, pp. pp. 2275–2281, 2009.
469–496, 2003. [32] E. T. Jaynes and O. Kempthorne, Confidence Intervals vs Bayesian
[7] K. S. Killourhy, “A scientific understanding of keystroke dynamics,” Intervals. Springer, 1976, pp. 175–257.
Ph.D. dissertation, Carnegie Mellon University, January 2012. [33] J. V. Monaco, N. Bakelman, S. H. Cha, and C. C. Tappert, “Developing
[8] P. Bours and S. Mondal, Continuous Authentication with Keystroke a keystroke biometric system for continual authentication of computer
Dynamics. Science Gate Publishing, 2015, ch. Recent Advances in users,” in European Intelligence and Security Informatics Conference
User Authentication Using Keystroke Dynamics Biometrics, pp. 41–58. (EISIC’12), 2012, pp. 210–216.
[9] D. Umphress and G. Williams, “Identity verification through keyboard
characteristics,” Int. Journal of Man-Machine Studies, vol. 23, no. 3, pp.
263 – 273, 1985.
[10] S. M. Furnell, J. P. Morrissey, P. W. Sanders, and C. T. Stockel,
“Applications of keystroke analysis for improved login security and
continuous user authentication,” in Information Systems Security, 1996,
pp. 283–294.
[11] J. Stewart, J. Monaco, S.-H. Cha, and C. Tappert, “An investigation of
keystroke and stylometry traits for authenticating online test takers,” in
Int. Joint Conf. on Biometrics (IJCB’11), 2011, pp. 1–7.
[12] H. Locklear, S. Govindarajan, Z. Sitova, A. Goodkind, D. G. Brizan,
A. Rosenberg, V. V. Phoha, P. Gasti, and K. S. Balagani, “Continu-
ous authentication with cognition-centric text production and revision
features,” in Int. Joint Conf. on Biometrics (IJCB’14), 2014, pp. 1–8. Soumik Mondal is a post-doctoral research fellow
[13] M. Obaidat and D. Macchiarolo, “An online neural network system at University of Twente (UT), Netherlands, and his
for computer access security,” IEEE Trans. on Industrial Electronics, primary research goals are directed towards under-
vol. 40, no. 2, pp. 235–242, 1993. standing the pattern recognition and machine learn-
[14] C. C. Tappert, M. Villani, and S.-H. Cha, “Keystroke biometric identifi- ing challenges related to biometrics. Prior to joining
cation and authentication on long-text input,” Behavioral Biometrics for UT, Soumik successfully defended his doctoral dis-
Human Identification: Intelligent Applications, pp. 342–367, 2010. sertation in Information Security from Norwegian
[15] J. Monaco, G. Perez, C. Tappert, P. Bours, S. Mondal, S. Rajkumar, University of Science and Technology (NTNU).
A. Morales, J. Fierrez, and J. Ortega-Garcia, “One-handed keystroke bio- As a doctoral fellow at NTNU, he has developed
metric identification competition,” in Int. Conf. on Biometrics (ICB’15), robust solutions for continuous user authentication
2015, pp. 58–64. and identification problem by using behavioural bio-
[16] D. Gunetti and C. Picardi, “Keystroke analysis of free text,” ACM Trans. metrics. His research interests are in cyber security, cyber forensics and
on Information and System Security, vol. 8, pp. 312–347, 2005. biometrics.
[17] R. Joyce and G. Gupta, “Identity authentication based on keystroke
Patrick Bours studied mathematics at the Eind-
latencies,” Commun. ACM, vol. 33, no. 2, pp. 168–176, 1990.
hoven University of Technology in the Netherlands.
[18] F. Monrose and A. D. Rubin, “Keystroke dynamics as a biometric for
He got his M.Sc. and Ph.D. with a specialization
authentication,” Future Generation Computer Systems, vol. 16, no. 4,
in coding theory. After his studies he worked at
pp. 351–359, 2000.
the Netherlands National Communication Security
[19] Y. Zhong, Y. Deng, and A. K. Jain, “Keystroke dynamics for user
Agency (NLNCSA) in the area of cryptology. In
authentication,” in Conf. on Computer Vision and Pattern Recognition
July 2005 he moved to Norway where he joined the
Workshops (CVPRW’12), 2012, pp. 117–123.
Norwegian Information Security laboratory (NISlab)
[20] S. Mondal, “Continuous user authentication and identification: Combi-
which is a part of NTNU. Since September 2012 he
nation of security & forensics,” Ph.D. dissertation, Norwegian University
holds a full Professor position. He is specialized in
of Science and Technology (NTNU), February 2016.
behavioural biometrics. His current research focus is
[21] J. Kittler, M. Hatef, R. P. W. Duin, and J. Matas, “On combining
on gait recognition and on static and continuous keystroke dynamics.
classifiers,” IEEE Trans. on Pattern Analysis and Machine Intelligence,
vol. 20, no. 3, pp. 226–239, 1998.
[22] C. M. Bishop, Neural Networks for Pattern Recognition. Oxford
University Press, Inc., 1995.
[23] W. Melssen, R. Wehrens, and L. Buydens, “Supervised kohonen net-
works for classification problems,” Chemometrics and Intelligent Labo-
ratory Systems, vol. 83, no. 2, pp. 99 – 113, 2006.
[24] C. Burges, “A tutorial on support vector machines for pattern recog-
nition,” Data Mining and Knowledge Discovery, vol. 2, pp. 121–167,
1998.

Person Identification by Keystroke Dynamics Using Pairwise User Coupling

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Person Identification by Keystroke Dynamics Using Pairwise User Coupling

Загружено:

Авторское право:

Доступные форматы

This article has been accepted for publication in a future issue of this journal, but has not been

Person Identification by Keystroke Dynamics using

We conclude this research with future work in Section VII. TABLE I

when typing, approximately one-third of all exam attempts Training Phase

each set consists of up to 500 keystrokes. Due to the low 𝑭𝑽𝑵−𝟏

j 𝑷𝑴𝟏𝟐 𝑷𝑴𝟑𝟒 𝑷𝑴𝟓𝟔 𝑷𝑴𝟖𝟕 𝟗

𝑺𝟏𝟑 < 𝑺𝟏𝟒

𝑺𝟏𝟏 > 𝑺𝟏𝟐

𝑺𝟏𝟓 > 𝑺𝟏𝟔

𝑺𝟏𝟕 < 𝑺𝟏𝟖

𝑺𝟏𝟗 < 𝑺𝟐𝟎

𝑷𝑴𝟑𝟏 𝑷𝑴𝟑𝟐 𝑷𝑴𝟑𝟒 … 𝑷𝑴𝟑𝑵−𝟏 𝑷𝑴𝟑𝑵

𝑷𝑴𝟒𝟏 𝑷𝑴𝟒𝟐 𝑷𝑴𝟒𝟑 … 𝑷𝑴𝟒𝑵−𝟏 𝑷𝑴𝟒𝑵

𝑺𝟏𝟎 > 𝑺𝟏𝟏

𝑺𝟏𝟖 > 𝑺𝟐𝟎

𝑺𝟏𝟎 < 𝑺𝟏𝟓

𝑺𝟏𝟓 > 𝑺𝟏𝟖

Feature Vector Class Label

that all pairwise comparisons require approximately the same

Figure 3 shows a pictorial representation of a pairwise

Algorithm 1: Algorithm for Scheme 1

Algorithm 2: Algorithm for Scheme 2

Algorithm 3: Algorithm for Scheme 3

ANN CPANN SVM DT 70

FE3+S3 34.8 41 40.8 52.7 30

FE3) in our further analysis. We can also observe that the 90

ANN classifier has the worst performance when using FE1.

nique. We used the following different MCF settings:

• ALL MCF: In this setting we included all three classifiers,

• CPANN-DT: We excluded SVM in this setting, i.e. w2 = 50

• SVM-CPANN: In this setting we excluded DT, i.e. w3 = 30

Table V shows the Rank-1 identification accuracy obtained 10 FE1+ALL MCF+S1

of the identification accuracy for MCF when compared to

TABLE VI the problem of low inter-class variation and high intra-class

Вам также может понравиться