Using XGBoost to classify theBeihang Keystroke Dynamics Database

Blomqvist, Johanna

January 2018

Keystroke Dynamics enable biometric security systems by collecting and analyzing computer keyboard usage data. There are different approaches to classifying keystroke data and a method that has been gaining a lot of attention in the machine learning industry lately is the decision tree framework of XGBoost. XGBoost has won several Kaggle competitions in the last couple of years, but its capacity in the keystroke dynamics field has not yet been widely explored. Therefore, this thesis has attempted to classify the existing Beihang Keystroke Dynamics Database using XGBoost. To do this, keystroke features such as dwell time and flight time were extracted from the dataset, which contains 47 usernames and passwords. XGBoost was then applied to a binary classification problem, where the model attempts to distinguish keystroke feature sequences from genuine users from those of `impostors'. In this way, the ratio of inaccurately and accurately labeled password inputs can be analyzed. The result showed that, after tuning of the hyperparameters, the XGBoost yielded Equal Error Rates (EER) at best 0.31 percentage points better than the SVM used in the original study of the database at 11.52%, and a highest AUC of 0.9792. The scores achieved by this thesis are however significantly worse than a lot of others in the same field, but so were the results in the original study. The results varied greatly depending on user tested. These results suggests that XGBoost may be a useful tool, that should be tuned, but that a better dataset should be used to sufficiently benchmark the tool. Also, the quality of the model is greatly affected by variance among the users. For future research purposes, one should make sure that the database used is of good quality. To create a security system utilizing XGBoost, one should be careful of the setting and quality requirements when collecting training data

Keystroke

XGBoost

machine learning

biometrics

keyboard

Computer Sciences

Datavetenskap (datalogi)

Algoritm för keystroke dynamics inspirerad av viktad sannolikhet och fuzzy logic

Dicksson, James

January 2004

Biometri är en relativt ny säkerhetsmetod för datorsystem. Biometri används ofta för att ersätta eller kombineras med användarnamn och lösenord. Detta görs genom att mäta ett fysiologiskt attribut eller beteendeattribut hos användaren. Keystroke dynamics är en biometrisk metod vilken registrerar användarens sätt att skriva på tangentbordet. En stor mängd försök med keystroke dynamics har gjorts i tidigare arbeten. Många av dessa har utgått ifrån metoder vilka använder ett högt antal stickprov från användarens beteende vid tangentbordet. Optimalt är dock en metod med hög säkerhet men samtidigt använder ett lågt antal stickprov. Denna rapport introducerar en ny algoritm för implementering av keystroke dynamics, vilken jämförs med två existerande algoritmer. Denna rapport visar att den nya algoritmen har högre prestanda än de övriga två i jämförelsen

keystroke dynamics

biometri

säkerhet

statisk verifiering

Computer Sciences

Datavetenskap (datalogi)

Hardware and user profiling for multi-factor authentication

Alnajajr, Adeeb

January 2013

Most software applications rely on the use of user-name and passwords to authenticate end users. This form of authentication, although used ubiquitously, is widely considered unreliable due to the users inability to keep them secret; passwords being prone to dictionary or rainbow-table attacks; as well as the ease with which social engineering techniques can obtain passwords. This can be mitigated by combining a variety of diferent authentication mechanisms, for example biometric authentication such as fingerprint recognition or physical tokens such as smart cards. The resulting multifactor authentication is typically stronger than any of the techniques used individually. However, it may still be expensive or prohibited to implement and more dificult to deploy due to additional accessories cost, e.g, finger print reader. Multi-modal biometric systems are those which utilise or are capable of utilising, more than one physiological or behavioural characteristic for enrolment, verification, or identification. So, in this research we present a multi-factor authentication scheme that is based on the user's own hardware environment, e.g. laptop with fingerprint reader, thus avoiding the need of deploying tokens and readily available biometrics, e.g., user keystrokes. The aim is to improve the reliability of the authentication using a multi-factor approach without incurring additional cost or making the deployment of the solution overly complex. The presented approach in this research uses unique sequential hardware information available from the user's environment to profile user behaviour. This approach improves upon password mechanisms by introducing a novel Hardware Authentication and User Profiling (HAUP) in form of Multi-Factor Authentication MFA that can be easily integrated into the traditional authentication methods. In addition, this approach observes the advantage of the correlation between user behaviour and hardware environment as an implicit veri_cation identity procedure to discriminate username and password usage, in particular hardware environment by specific pattern. So, the proposed approach uses hardware information to profile the user's environment when user-name and password are typed as part of the log-in process. These Hardware Manufacture Serial Part Numbers (HMSPNs) profiles are then correlated with the users behaviour, e.g., key-stroke behaviour that allows the system to profile user's behaviour dependent on their environment. As a result of this approach, the access control system can determine a particular level of trust for each user and base access control decisions on it in order to reduce potential identity fraud.

005.1

Identity Verification using Keyboard Statistics. / Identitetsverifiering med användning av tangentbordsstatistik.

Mroczkowski, Piotr

January 2004

<p>In the age of a networking revolution, when the Internet has changed not only the way we see computing, but also the whole society, we constantly face new challenges in the area of user verification. It is often the case that the login-id password pair does not provide a sufficient level of security. Other, more sophisticated techniques are used: one-time passwords, smart cards or biometric identity verification. The biometric approach is considered to be one of the most secure ways of authentication. </p><p>On the other hand, many biometric methods require additional hardware in order to sample the corresponding biometric feature, which increases the costs and the complexity of implementation. There is however one biometric technique which does not demand any additional hardware – user identification based on keyboard statistics. This thesis is focused on this way of authentication. </p><p>The keyboard statistics approach is based on the user’s unique typing rhythm. Not only what the user types, but also how she/he types is important. This report describes the statistical analysis of typing samples which were collected from 20 volunteers, as well as the implementation and testing of the identity verification system, which uses the characteristics examined in the experimental stage.</p>

Informationsteknik

biometrics

identity verification

keyboard statistics

keystroke dynamics

Informationsteknik

Information technology

Informationsteknik

Designing for eAssessment of higher order thinking : An undergraduate IT online distance education course in Sri Lanka / Att designa IT-stödd bedömning av studenters förmåga till kritiskt tänkande, reflektion och problemlösning : distansutbildning i Sri Lanka

Usoof, Hakim

January 2012

Distance education has seen rapid growth over the recent decades. The rapid development of Information Communication Technology [ICT] has been one of the main drivers of this growth in distance education. However, distance education and ICT themselves posts challenges to both students and educators alike. This thesis finds its basis in the problem of high failure rates and quality assurance issues in the Bachelor of Information Technology [BIT] distance degree programme conducted by the University of Colombo School of Computing in Sri Lanka. A Formative Assessment for Distance Education [FADE] model that promotes the development of and assesses higher-order skills in a collaborative online distance-learning environment was designed based on a methodological approach involving design-based research. The main study was focussed on two main problems, plagiarism in distance education [part A] and the use of technology to address the issues of learning and assessment [part B]. Research questions arising from different aspects of the design required the use of multiple methodologies. Issues of plagiarism in technology aided assessment in distance education put forward questions that required the use of a quasi-experiment and a literature survey. The empirical material of this phase of the study comprised of keystroke logs and questionnaire data. The design and evaluation of the FADE model employed a mixed method two-phase sequential explanatory strategy. The empirical material of this phase of the study comprised of questionnaires, observations coding, interviews and examination and registry data. The quasi-experimental data was analysed using a fuzzy logic engine. The questionnaire, observation coding and examination and registry data were statistically analysed and interviews were used to interpret and explain finding. The results of the part A of the study indicate that there are keystroke patterns for individuals that are stable within and across different tasks. However, the results of the literature review on plagiarism suggested the use of both technological and pedagogical approaches to plagiarism. Part B of the study, showed relationships between higher order thinking demonstrated by students and their course results and attitudes.  Collaborative learning skills demonstrated by students showed relationships to the students’ purpose of use of the FADE forum and their experience on the social web. This study finds that both technological tools and pedagogical practices have to be used in conjunction to limit the possibility of plagiarism. With reference to assessment with a focus on the development of higher order thinking, the study indicates that assessment should be based on the student’s perspective, the purpose and aim of the assessment and the assessment environment. Furthermore, the study finds that in distance education collaboration seems particularly important.

Learning

Assessment

Distance Education

Higher order thinking

Collaborative learning

Higher education

Plagiarism

Keystroke dynamics

Modeling User Affect Using Interaction Events

Alhothali, Areej

20 June 2011

Emotions play a significant role in many human mental activities, including decision-making, motivation, and cognition. Various intelligent and expert systems can be empowered with emotionally intelligent capabilities, especially systems that interact with humans and mimic human behaviour. However, most current methods in affect recognition studies use intrusive, lab-based, and expensive tools which are unsuitable for real-world situations. Inspired by studies on keystrokes dynamics, this thesis investigates the effectiveness of diagnosing users’ affect through their typing behaviour in an educational context. To collect users’ typing patterns, a field study was conducted in which subjects used a dialogue-based tutoring system built by the researcher. Eighteen dialogue features associated with subjective and objective ratings for users’ emotions were collected. Several classification techniques were assessed in diagnosing users’ affect, including discrimination analysis, Bayesian analysis, decision trees, and neural networks. An artificial neural network approach was ultimately chosen as it yielded the highest accuracy compared with the other methods. To lower the error rate, a hierarchical classification was implemented to first classify user emotions based on their valence (positive or negative) and then perform a finer classification step to determining which emotions the user experienced (delighted, neutral, confused, bored, and frustrated). The hierarchical classifier was successfully able to diagnose users' emotional valence, while it was moderately able to classify users’ emotional states. The overall accuracy obtained from the hierarchical classifier significantly outperformed previous dialogue-based approaches and in line with some affective computing methods.

Intelligent tutoring system

Affective tutoring system

Keystroke dynamics

Affect recognition

Computer Science

A Framework For Authentication Of Medical Reports Based On Keystroke Dynamics

Ozdemir, Musa Kazim

01 June 2010

Privacy of personal health records is of ultimate importance. Unfortunately, it is easy to obtain illegal access to electronic health records under insufficient security precautions. Access control based on token or username/password is not adequate for applications in health domain which require heightened security. Currently, electronic signature mechanisms are being employed as a strong alternative to classic methods. In addition, biometrics provide more precise results in comparison to electronic signature methods. However, applicability of biometrics in this field has been prohibited by factors such as the need for special hardware, increased implementation costs, and invasiveness of the biometry sensors (eg. iris topology, fingerprint). Behavioral biometrics such as speech, and keystroke dynamics are easier to implement, and do not suffer from the disadvantages mentioned for the static biometrics. Especially, using keystroke dynamics for user authentication is more advantageous than other advanced biometrics because the implementation is inexpensive and continuous identity control is plausible. The aim of this study is to show the feasibility of merging a biometry-based advanced identity verification method together with an initial access control procedure such as password check. In this study, we provide an authentication framework based on measuring similarity of the typing characteristics of medical reporters, while they are typing medical reports. We have made a prototype of the system and provided classification of keystroke timings for each operator. We have generated a testbed and measured similarity of typing patterns of 5 medical reporters upon typing 4 different kinds of medical reports. Our system performs with hundred percent accuracy in identifying the authorized operators from the reports they type. In current practice, electronic signatures are indispensable for health information systems, but our study shows that keystroke dynamics can easily be included in this chain for increased security.

QA Mathematical Analysis 276-280

Medical Report

Keystroke Dynamics

Electronic Signature

Biometrics

Authentication

Analysis of Human Computer Interaction Behavior for Assessment of Affect, Cognitive Load, and Credibility

Grimes, George Mark

January 2015

This dissertation presents three studies consisting of seven experiments that investigate the relationship between human-computer interaction (HCI) behavior and changes in cognitive states by using keystroke dynamics (KD) and mouse dynamics (MD) as physiological indicators of cognitive change. The first two chapters discuss the importance of being able to detect changes in affect, cognitive load, and deception and provide a theoretical base for this research, pulling heavily from cognitive science, psychology and communication literature. We also discuss the current state of the art in keystroke and mouse dynamics and what makes the techniques presented here different. Chapters three and four present five experiments that explore the influence of affect and cognitive load on KD and MD. The results of these experiments suggest that many features of typing and mouse movement behavior including transition time, rollovers, duration, number of direction changes, and distance traveled are influenced by changes in affect and cognitive load. In chapter five we operationalize these findings in a credibility assessment context and describe two experiments in which participants behave deceptively in computer mediated interactions. In both experiments, we find significant differences in typing behavior, in line with the findings of the first two studies. Chapter six summarizes the results and provides a way forward for future research in human computer interaction. The work presented in this dissertation describes a novel approach to inferring cognitive changes using low cost, non-invasive, and transparent monitoring of HCI behavior with important implications for both research and practice.

Cognitive Load

Human Computer Interaction

Keystroke Dynamics

Mouse Dynamics

Typing

Management Information Systems

Affect

Intelligent online risk-based authentication using Bayesian network model

Lai, Dao Yu

12 May 2011

Risk-based authentication is an increasingly popular component in the security architecture deployed by many organizations in mitigating online identity threat. Risk-based authentication uses contextual and historical information extracted from online communications to build a risk profile for the user that can be used to make accordingly authentication and authorization decisions. Existing risk-based authentication systems rely on basic web communication information such as the source IP address or the velocity of transactions performed by a specific account, or originating from a certain IP address. Such information can easily be spoofed and as such put in question the robustness and reliability of the proposed systems. In this thesis, we propose in this work an online risk-based authentication system which provides more robust user identity information by combining mouse dynamics, keystroke dynamics biometrics, and user site actions in a multimodal framework. We propose a Bayesian network model for analyzing free keystrokes and mouse movements involved in web sessions. Experimental evaluation of our proposed model with 24 participants yields an Equal Error Rate of 6.91%. This is encouraging considering that we are dealing with free text and mouse movements and the fact that many web sessions tend to be short. / Graduate

Risk-based authentication

network security

mouse dynamics

keystroke dynamics

biometric technology

Bayesian network model

Modeling User Affect Using Interaction Events

Alhothali, Areej

20 June 2011

Emotions play a significant role in many human mental activities, including decision-making, motivation, and cognition. Various intelligent and expert systems can be empowered with emotionally intelligent capabilities, especially systems that interact with humans and mimic human behaviour. However, most current methods in affect recognition studies use intrusive, lab-based, and expensive tools which are unsuitable for real-world situations. Inspired by studies on keystrokes dynamics, this thesis investigates the effectiveness of diagnosing users’ affect through their typing behaviour in an educational context. To collect users’ typing patterns, a field study was conducted in which subjects used a dialogue-based tutoring system built by the researcher. Eighteen dialogue features associated with subjective and objective ratings for users’ emotions were collected. Several classification techniques were assessed in diagnosing users’ affect, including discrimination analysis, Bayesian analysis, decision trees, and neural networks. An artificial neural network approach was ultimately chosen as it yielded the highest accuracy compared with the other methods. To lower the error rate, a hierarchical classification was implemented to first classify user emotions based on their valence (positive or negative) and then perform a finer classification step to determining which emotions the user experienced (delighted, neutral, confused, bored, and frustrated). The hierarchical classifier was successfully able to diagnose users' emotional valence, while it was moderately able to classify users’ emotional states. The overall accuracy obtained from the hierarchical classifier significantly outperformed previous dialogue-based approaches and in line with some affective computing methods.

Intelligent tutoring system

Affective tutoring system

Keystroke dynamics

Affect recognition

Computer Science