Data analysis system for behavioural

biometric authentication [Keystroke

Dynamics]
Project Report

Department of Electronic and Computer Engineering
Faculty of Technology
June 2014
2
Name:
Student number:
Course Stream: BEng 2010/11 projects
Course: Computer Network Management
and Design year !CNB"
Super#isor:
Contents
Data ana$ysis system %or &e'a#ioura$ &iometric aut'entication ()eystroke Dynamics*+++++1
Name: +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++2
Student num&er: +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++2
,&stract+++++++++++++-
1+ .ntroduction++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++/
1+1 Biometric and aut'entication systems++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++/
1+1+1 0wo types o% &iometrics c'aracteristics systems:+++++++++++++++++++++++++++++++++++++++++++++++++1
1+1+2 +Biometric ,ut'entication+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++1
1+1+ +2imitations o% .denti%ication and ,ut'entication+++++++++++++++++++++++++++++++++++++++++++++++++3
2+ Background 0'eory (Be'a#ioura$ &iometric keystroke dynamics*++++++++++++++++++++++++++++++++++4
+ 0ec'no$ogy +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++10
+1 +5'at is keystroke dynamic 6 (&e'a#ioura$ &iometric*7+++++++++++++++++++++++++++++++++++++++++++10
+2 +5'y keystroke dynamic &e'a#ioura$ Biometric+++++++++++++++++++++++++++++++++++++++++++++++++++++++11
+2 +8ow )eystroke Dynamic works+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++1
+2+1 +)eystroke Metrics+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++1
9+ :esearc' and ,na$ysis on ,$gorit'm %or )eystroke Dynamics+++++++++++++++++++++++++++++++++++++1/
9+1 )ey 0'ings w'ic' decides 'ow good t'e aut'entication system is or t'e ,$gorit'm
is+ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++1/
9+2+ ,$gorit'ms ,#ai$a&$e %or keystroke dynamics ++++++++++++++++++++++++++++++++++++++++++++++++++++++++13
9+2+1+ Euc$idean++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++13
9+2+2+ Euc$idean !normed"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++13
9+2++ Man'attan+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++13
9+2+9+ Man'attan !%i$tered"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++14
9+2+-+ Man'attan !sca$ed" ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++14
9+2+/+ Ma'a$ano&is++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++14
9+2+1+ Ma'a$ano&is !normed"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++14
9+2+3+ Nearest;neig'&or !Ma'a$ano&is"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++14
9+2+4+ Neura$;network !standard"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++20
9+2+10+ Neura$;network !auto;assoc"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++20
9+2+11+ <u==y;$ogic+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++20

9+2+12+ >ut$ier;counting !=;score"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++20

9+2+1+ S?M !one;c$ass"+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++20
9+2+19+ k;means+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++21
9+ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++21
9++ Ca$cu$ating detector per%ormance+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++22
9++1+ 0'e resu$t o% t'e comparison s'own &e$ow in %igure (3*+++++++++++++++++++++++++++++++++++2
9++2+ >t'er researc'ers wit' t'e a$gorit'm comparison++++++++++++++++++++++++++++++++++++++++++++++2-
-+ )ey En#ironmenta$ %actors a%%ecting )eystroke Dynamics+ +++++++++++++++++++++++++++++++++++++++++21
-+1 C$ock :eso$ution is one o% t'e major <actors w'ic' a%%ect t'e )eystroke Dynamics+
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++21
/+ So%tware De#e$opment++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++0
/+1 @'ase one ; Creation o% t'e data co$$ection and ana$ysis so%tware wit' grap' to
recognise t'e typing r'yt'ms o% di%%erent person++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++0
/+1+1 So%tware app$ication and 8ardware used:+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++0
/+1+2 8>5 08E S><05,:E 2>>)S ,<0E: C>M@2ES.>N+++++++++++++++++++++++++++++1
/+1+ Capa&i$ity o% t'e so%tware++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++1
/+1+9 @ictures &e$ow s'ows a %eatures o% t'e so%tware++++++++++++++++++++++++++++++++++++++++++++++++++++2
/+1+- 8ow t'ese data can &e use%u$++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++1
/+1+/ DES.AN <>: 08E )EBS0:>)E D,0,B,SE S><05,:E+++++++++++++++++++++++3
@'ase two 6 .mp$ementation o% a so%tware %or keystroke dynamic aut'entication+++++++++90
Conc$usion+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++91
Notations++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++92
:e%erences++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++92
9

Abstract
0'e more ser#ices w'ic' are coming in w'en t'ere is 'ig' rise o% t'e internet and t'e pus'
%or u&iCuitous computing 'a#e turned t'e wor$d o% tec'no$ogy wit' di%%erent sing$e
met'od so$utions o% aut'entication+ Some are %orcing peop$e to remem&er di%%icu$t codesD
w'ic' 'as &een increasing$y di%%icu$t among t'e users+ .t 'as &een eEtensi$e used
e#eryw'ere w'ere t'ere is aut'enticationD it cou$d &e in emai$sD &$ogs or %or .S@ ser#ice
pro#iders or &y &anksD ,0M mac'ines and many+ 0'e eEisting system o% teEtua$ password
or any o% t'e token &ased system do not o%%er t'e needed security standard %or its users
w'o aut'enticateD &ut t'e &io$ogica$ %eature o% t'e user in &e'a#ioura$ &iometric w'en
typing teEt are #ery promising w'en compared to t'e actua$ teEtua$ passwords+
0'e main o&jecti#e o% t'is project is to comp$ete compre'ensi#e researc' into a#ai$a&$e
a$gorit'm %or &e'a#ioura$ &iometric aut'entication ()eystroke Dynamics* t'en comparing
t'em in suc' a way t'at s'owing 'ow accurate t'ey are and imp$ementing one o% t'e
a$gorit'm to s'ow 'ow t'ey work+
-
1. Introuction
1.1 Biometric and authentication systems
Fser ,ut'entication 'as &een a #ery &ig issue in computer system as t'ere 'a#e &een
many ser#ices coming in wit' aut'entication o% users+ Biometric was one o% t'e major
so$utions to meet t'e mu$tip$e %actor aut'entication o&jecti#es %or major companies or
&usiness w'o gi#e out ser#ices+ ,ny'ow cost was a major %actor pre#enting t'e
organisations %rom getting a &iometric so$ution+ 0'at donGt comp$ete$y mean ot'er %actors
o% so$utions are any $ess cost pro'i&iti#e+ 0'e capita$ eEpenditure and on ;going
maintenance cost o% token;&ased system are o%ten 'ig'er t'an t'ose %or &iometrics+ 0'is
#enture o#er 'ere mig't meet up wit' t'is &usiness c'a$$enges+ So%tware wit' no
&iometric de#ice attac'ed to itD just a computer system w'ic' 'as a standard key&oard is
w'at a$$ it reCuiresD t'is mean met'od o% aut'entication is o% &e'a#ioura$ &iometric
aut'entication using t'e )eystroke Dynamics 0ec'no$ogy+
H0'ree di%%erent user aut'entication types can &e c$assi%ied under t'e security %ie$d used
!Simon 2iu and Mark Si$#erman 2001"+
I Somet'ing you know ; a passwordD @.N or a piece o% persona$ in%ormation !suc' as your
mot'erGs maiden name"+
I Somet'ing you 'a#e ; a card keyD smart card or a token !$ike a Secur.D card"+
I Somet'ing you are ; a &iometric+J !Simon 2iu and Mark Si$#erman+ 2001"
0'e measurement o% t'e indi#idua$s Biometric cou$d &e in any %ormsD it cou$d &e @'ysica$
or &e'a#ioura$ c'aracteristics use to recognise or aut'enticate t'e user wit' t'eir uniCue
identities+ .t does a titanic jo& wit'out any escape %or errors &y $inking t'e aut'enticator to
its ownerD w'ic' a password or a token canGt do as t'ey can &e taken away or sto$en Dwere
as &iometric is our own+
/
1.1.1 Two types of biometrics characteristics systems:
I Physiological characteristic of biometric: t'is inc$udes more o% t'e tec'niCues w'ic' are
sta&$e p'ysica$ c'aracters suc' as %ingerprintsD iris or retina+
IBehavioural characteristic of biometric: are t'ose tec'niCues w'ic' s'ow a indi#idua$s
c'aracterD decision it cou$d &e a keystroke patternD t'e way a person wa$ks wou$d &e
uniCue to a sing$e person !Bergando et a$ 2002"+
Due to t'e $itt$ie c'anges in t'e c'aracter or decision o% most &e'a#ioura$ c'aracteristicsD
it 'as to &e designed %or &eing more dynamic and 'as to accept $itt$e rate o% #aria&i$ity+
2ooking at di%%erent aspect o% &e'a#ioura$ &iometrics it is $ess intrusi#e systemsD were
contri&ution to more accepta&i$ity %or t'e users+
1.1.2 .Biometric Authentication
Biometric aut'entications natura$$y terminate t'e gap &etween t'e risks o% anonymity in a
two;%actor security scenario &y using an attri&ute o% t'e person to aut'enticate a token+
,ut'entication systems %o$$ow &y t'e steps s'own &e$ow+
I ,cCuisition:
.mage o% t'e users attri&ute is taken+
I 2oca$i=ation:
0'e attri&ute is storedD minutiae eEtractedD and a matc'ing temp$ate created+
I Matc'ing:
0'e #a$ue o% t'e token is compared wit' t'e temp$ate pre#ious$y stored %or t'is user+ .% t'e
temp$ate &ecomes matc'D t'e reCuestor is aut'enticated !:e%erence: we& +0-"+ (<igure 1+1*
1
Figure 1.1: Biometric Authentication Process
Source: Reference (web: 05)
1.1.3 .Limitations of dentification and Authentication
Due to t'e c$assi%ication o% &iometric identi%ication and aut'entication matc'ing
tec'niCues as pro&a&i$isticD t'ere is a margin o% error in o&tained resu$ts+ 8owe#erD %a$se
rejections are considered more accepta&$e t'an %a$se acceptance+
,ut'entication sc'emes are more re$ia&$e and e%%icient t'an pure identi%ication sc'emes+
0'is is main$y &ecause t'e aut'entication temp$ate on$y 'as to &e matc'ed on to
aut'enticate w'ereas it may &e matc'ed against 'undreds or t'ousands o% records to
identi%y a person+
3
!. "ack#roun $heory ["ehavioural biometric keystroke ynamics]
H,s in t'e ear$y o% t'e &eginning o% t'e 20t' centuryD psyc'o$ogists 'a#e demonstrated
t'at human actions are predictable in performance of repetitive and routine task+J
(Umphress and !"illiams!1#$%&
)eystroke dynamics is a &iometric w'ic' is &ased on a disco#ery t'at eac' and e#ery
'uman type in uniCue$y c'aracteristic manners+ .n ear$ier 14
t'
century >&ser#ation o%
te$egrap' operators re#ea$ed persona$$y distincti#e patterns w'en keying messages o#er
te$egrap' $inesD and t'e way t'ey keyed in or t'e dynamics o% it was t'e on$y way to
recogni=e eac' ot'er !Mi$$er 1449"+

Figure 2: Te!e"raph
Source: Reference (web: 03)
0'e one w'ic' come mental conception to &iometric identi%ication wou$d &e t'e
signature recognition+ ,s &ot' ()D and signature recognition* identi%y t'e su&jects &y t'e
writing dynamics w'ic' is conceptua$$y same %or a $arge num&er o% users among peop$e+
)eystroke dynamics 'as &een known in di%%erent name suc' as: Hkey&oard dynamicsD
keystroke ana$ysisD typing &iometrics and typing r'yt'ms+J
!>&aidat DM+S K Sadoun+ 1441"
4
%. $echnolo#y
3.1 .#hat is $eystro$e dynamic % &beha'ioura! biometric()
)eystroke Dynamics it is a process were t'e data is captured t'e way or 'ow t'e person
types at t'e key&oardD and t'ose data is ana$ysed to identi%y t'em !,raujoD 200-"+0'e
measurements or t'e #a$ues in t'e data wou$d inc$ude t'e timestamp %or pressing and
re$easing o% keysD 0'e code %or t'e particu$ar key pressedD and t'e pressure !Monrose K
:u&in 2000"+
)eystroke Dynamics is tec'niCue in &iometric +0'e &iometric tec'niCues can &e di#ided
into two categories i+e+D @'ysio$ogica$ &iometric $ike %ingerprintD iris %ace recognition+ ,nd
t'e Be'a#ioura$ &iometrics $ike signaturesD #oice or keystroke dynamics !Bergando et a$
2002"+E#en t'e Fnited )ingdom @assport ser#ice 'ad $ooked into and esta&$is'ed %acia$D
iris and %ingerprint &iometric tec'niCues w'ic' $ater was to &e added to t'e &iometric data
in t'e .D Cards t'is was t'e main de&ate in ear$ier time o% 200/!:e%erence: we& +02" &ut
now it 'as &een cance$$ed !:e%erence: we& +01"+ 0'ese card and ot'er met'ods t'ey try to
add was a$$ p'ysio$ogica$ &iometrics tec'niCues w'ic' is tend to &e a sta&$e dataD it 'as or
it wonGt c'ange %or a $ong period o% timeD some donGt e#en c'ange !Bergando et a$D
2002"+,ny 'ow $ooking at it t'e ad#antage %or t'e &e'a#ioura$ &iometric wou$d &e #ery
$ess eEpensi#e compared to t'e ot'ers to imp$ementD and it is $ess intrusi#e %or users
!Monrose K :u&in 2000"
10
3.2 .#hy $eystro$e dynamic beha'ioura! Biometric
Now a dayGs users access t'eir system account using t'e username and t'e passwords
gi#ing at t'e $ogin screen+ 0'is wou$d &e one o% t'e pre%era&$e met'ods o% &ecause it is
$ow cost and it 'as &een known &y e#eryone 'ow to use !,raujoD 200-"+0'en toD it 'as its
own $imits : i% password is a memora&$e p'rase or a word Dit may &e guessa&$e &y
ot'ers D&ut i% it is a string o% meaning$ess c'aracters Dt'e user mig't %orget itD!peacock et a$
2009"0'e &etter t'e word is not remem&er a&$e means t'e &etter t'e password +.n t'e
%ormer case Dt'ere cou$d &e a serious &reac' o% security+ .t wi$$ &e tota$ waste &y a$$ocating
a new password+ 0'is 'as &ecome a major pro&$em as t'ere 'as &een many peop$e getting
registered and getting used to internetD as now more ser#ices are a#ai$a&$e t'an ear$ier
days+ Many users tent to use t'eir sing$e password %or t'e mu$tip$e accounts t'ey 'a#e in
di%%erent ser#ices !@eacock 2009"D w'ic' wi$$ %urt'er resu$t in greater identity t'e%t+
Monrose and :u&in !2000" argue t'at t'e natura$ met'od %or user identi%ication wou$d &e
keystroke dynamics+ ,s per 'ow t'e password is t'e keystroke &iometrics canGt &e sto$en
or $ost %rom any person as itGs an indi#idua$Gs own+
5'en comparing wit' t'e ot'er &iometric tec'niCue $ike %ingerprint recognition and iris
%ace recognitionD t'e keystroke &iometric donGt need any ot'er additiona$ eCuipment;
eEcept a$$ w'at it reCuires is a standard key&oard and a computerD so it is c'eaper and
practica$ and is a$so easy to imp$ement+ 5'en $ooking in contrast wit' t'e ot'er tec'niCue
$ike iris scanning w'ic' need more cooperation o% t'e userD t'is one wou$d &e non;
intrusi#e %or users+
11
Figure 3: *ost of ownership and maintenance chart showin" how re!iab!e it is in a!! ways
Source: Reference (web: 06)
12
3.2 .+ow ,eystro$e -ynamic wor$s
)eystroke dynamics measures t'e series o% key down and key up e#ent timings w'i$e t'e
user types a string i+e+D i% a userGs password is LpasswordG t'en t'e key down and key up
e#ents are captured %or e#ery a$p'a&et+
3.2.1 .,eystro$e .etrics
>ne o&#ious measurement to ana$yse and to get data %or ca$cu$ation is &y measuring t'e
$engt' o% time t'at a person 'o$ds down a sing$e key+ 0'is 'as &een named as t'e dwe!!
time+ !5estern Caro$ina Fni#ersityD 200-"+
HDwe$$0ime)1 M keyFp)1 ; keyDown)1J
>&aidat !144-" dictator pro#ed t'at t'e time taken &etween $i%ting t'e %inger o%% one key
and pressing t'e neEt 6 f!i"ht time 6 gi#es &etter per%ormance t'an dwe$$ time a$one+
H<$ig't0ime)1;2 M keyDown)2 6 keyFp)1J
0'ese measurements can &e recorded using any kind o% standard key&oard a#ai$a&$e in t'e
market to estimate t'e time &etween t'e Dwe$$ time and <$ig't time+ 0'ese cou$d &e
represented in %igures+
1
Figure 3: ,eystro$e -we!! Time and /!i"ht Time
Source: Reference (web: 04)

Figure 4: ,eystro$e -we!! Time and /!i"ht Time
Source: Reference (web: 04)
19
>nce w'en t'e processing o% co$$ecting t'e data is %inis'ed t'e data is ana$ysed and
processed &y a particu$ar a$gorit'm w'ic' determines a primary pattern %or $ater
comparison+
,$gorit'ms 'a#e greater importance in t'is so%twareD t'e &etter t'e a$gorit'm t'e more
good t'e so%tware determines t'e data %ast and in a re$ia&$e way+ 0'en comes t'e $ast
process $ike any o% t'e &iometric tec'no$ogies app$ied to an aut'entication jo&D were major
%unctions is to enro$ and #eri%y credentia$s+
1-
&. Research an Analysis on Al#orithm for Keystroke Dynamics.
0.1 ,ey Thin"s which decides how "ood the authentication system is or the
A!"orithm is.
0'e aut'entication system to &e per%ect or not is decided &y t'e !<,:" %a$se;acceptance
rate+
!<,:" t'is is w'at actua$$y measure t'e a&i$ity o% t'e a$gorit'm to attacks1
2//34 /a!se 5re6ection 3ate this is what measure the a!"orithm and decides
whether it has the resistance to accept a user
!CE:"D crosso#er error rate comes in t'e meeting point intersection o% t'e <,:
cur#e wit' t'e <:: cur#e w'ic' indicates t'e $e#e$ o% usa&i$ity o% t'e tec'no$ogy
!<igure 1"+
1/

Figure 5: Crossover error rate
Source: Reference (web: 06)
<or a tec'no$ogy $ike &iometrics to &e in per%ect working usa&$e standa$one condition t'e
CE: s'ou$d &e 1 N+.n t'e security industry t'e a$gorit'm is more demandingD i% t'e <,:
is $ower and t'e <:: %or t'e app$ied a$gorit'm go wit' t'e needs t'e security o% t'e
product w'ic' depends on t'e risk e#a$uation and w'at it is protecting+
11
Figure 6: FR! FRR! C"R
Source: Reference (web: 06)

9+2+ ,$gorit'ms ,#ai$a&$e %or keystroke dynamics
4.2.1. Euclidean
0'is one is Hc$assic anoma$y;detection a$gorit'm mode$J !DudaD 8artD and StorkD
2001"@oint in p;dimensiona$ space is a password D p is t'e one w'ic' is in timing #ectors
+ SCuared Euc$idean distance &etween two o% t'emD #ector and t'e mean is ca$cu$ated as
t'e anoma$y score+
4.2.2. Euclidean (normed)
,s &y B$e'a !B$e'aDS$i#inskyD and 8ussienD 1440" w'o named it as t'e Hnorma$i=ed
minimum distance c$assi%ier+J sCuared Euc$idean distance &etween t'e test #ector and t'e
mean #ector is ca$cu$atedD &ut t'e Hanoma$y score is ca$cu$ated &y Hnorma$i=ingJ t'is
distanceD di#iding it &y t'e product o% t'e norms o% t'e two #ectors+J
4.2.3. Manhattan
0'is c$assic anoma$y;detection a$gorit'm !:+ >+ DudaD @+ E+ 8artD and D+ A+ StorkD 2001"
imitates Euc$idean detectorD were t'e distance measure is t'e Man'attan distance instead
o% Euc$idean detector+ ,noma$y score is ca$cu$ated as t'e Man'attan distance &etween t'e
mean in t'e test purpose+
13
4.2.4. Manhattan (filtered)
.t is simi$ar to t'e Man'attan detector eEcept out$iers in t'e training data are %i$tered+
!Ooyce and A+ AuptaD 1440"+ 0'e anoma$y score is ca$cu$ated as t'e Man'attan distance
&etween t'is ro&ust mean #ector and t'e test #ector+
4.2.5. Manhattan (scaled)
0'e ca$cu$ation is same as Man'attan distanceD &ut wit' a sma$$ c'ange+ !,raPujoD
SucupiraD2i=ParragaD 2ingD and Ba&u;utiD 2009"+ 0'e anoma$y score is ca$cu$ated as
,
%eatures o% t'e test and mean #ectors respecti#e$yD and ai is t'e a#erage a&so$ute de#iation
%rom t'e training p'ase+ 0'e gi#en out score s'ows Man'attan;distance ca$cu$ationD
eEcept eac' dimension is sca$ed &y ai+
4.2.6. Mahalanobis
0'e c$assic anoma$y;detection a$gorit'm !:+ >+ DudaD @+ E+ 8artD and D+ A+ StorkD 2001"
w'ic' wou$d &e simi$ar to Euc$idean and Man'attan detectors t'en to t'e distance
measure 'as &een more comp$eE+ 0'e anoma$y score is ca$cu$ated as t'e Ma'a$ano&is
distance &etween t'e mean #ector and t'e test #ector+
4.2.7. Mahalanobis (normed)
!B$e'aDS$i#inskyD and 8ussienD 1440" w'o ca$$ed it t'e Hnorma$i=ed Bayes c$assi%ier+JD t'e
Ma'a$ano&is distance &etween t'e mean #ector and test #ector is ca$cu$ated+ 0'e anoma$y
score is ca$cu$ated &y Hnorma$i=ingJt'e Ma'a$ano&is distance using t'e same di#isor as
t'e Euc$idean !normed" detector+
4.2.8. Nearestnei!hbor (Mahalanobis)
!C'oD8anD 8anD and )imD 2000"+ D t'e detector ca$cu$ates t'e Ma'a$ano&is distance
&etween eac' o% t'e training #ectors and t'e test #ector+ 0'e anoma$y score is &y t'e
distance w'ic' takes %rom t'e test #ector to nearest training #ector+ !C'oD8anD 8anD and
)imD 2000"+
14
4.2.". Neuralnet#or$ (standard)
!8aiderD ,&&asD and QaidiD 2000"+ .t incorporates a %eed;%orward neura$;network trained
wit' t'e &ack;propagation a$gorit'm + !DudaD 8artD and StorkD 2001" H, network is &ui$t
wit' p input nodesD one output nodeD and 2p/'idden nodes+J !8aiderD ,&&asD and QaidiD
2000"+
4.2.1%. Neuralnet#or$ (autoassoc)
!C'oD8anD 8anD and )imD 2000"+ 5'o ca$$ed it an Hauto;associati#eD mu$ti$ayer
perceptron+J 0'is is made into a &ack;propagation a$gorit'mD rat'er t'an a typica$ neura$
network ;structure o% t'e network stricter was designed %or anoma$y detector !8wang and
S+ C'oD 1444"+ 0'e Euc$idean distance w'ic' $ays &etween test #ector and t'e output
#ector is ca$cu$ated to get t'e anoma$y scoreJ !C'oD8anD 8anD and )imD 2000"+
4.2.11. &u''(lo!ic
!8aiderD ,+ ,&&asD and ,+ )+ QaidiD 2000"+ .t incorporates a %u==y;$ogic in%erence
procedure+ 0'e key idea is t'at ranges o% typing times are assigned to %u==y sets+0'e sets
are ca$$ed %u==y &ecause e$ements can partia$$y &e$ong to a set Eac' timing %eature is
c'ecked to see i% it &e$ongs to t'e same set as t'e training data+ H0'e anoma$y score is
ca$cu$ated as t'e a#erage $ack o% mem&ers'ip across a$$ test #ector timing %eatures+J
!8aiderD ,+ ,&&asD and ,+ )+ QaidiD 2000"+
4.2.12. )utliercountin! ('score)
!8aiderD ,+ ,&&asD and ,+ )+ QaidiD 2000"D 0'e aut'er ca$$es it &y Hstatistica$ tec'niCueD
t'e detector computes t'e a&so$ute =;score o% eac' %eature o% t'e test #ector+ 0'e =;score is
app$ied to REi + yiR /si &y t'e i;t' %eatureD w'ere Ei and yi are t'e i;t' %eatures o% t'e test
and mean #ectors respecti#e$y and si is t'e standard de#iation %rom t'e training p'ase+
!8aiderD ,+ ,&&asD and ,+ )+ QaidiD 2000"
4.2.13. *+M (oneclass)
!Bu and S+ C'oD2001"+ .t inc$udes an a$gorit'm named support;#ector mac'ine !S?M"+ ,
Hone;c$assJ S?M was made on$y %or t'e purpose o% anoma$y detection+ 0est #ector is
projected into t'e same 'ig';dimensiona$ space and t'e !signed" distance %rom t'e $inear
20
separator is ca$cu$ated+ H0'e anoma$y score is ca$cu$ated as t'is distanceD wit' t'e sign
in#ertedD so t'at positi#e scores are separated %rom t'e data+J !Bu and S+ C'oD2001"+
4.2.14. $means
!)angD S+ 8wangD and S+ C'oD2001"+ 0'e c$usters in t'e training #ectors are identi%ied
using t'e k;mean c$uster a$gorit'm+t'en it %ind out weat'er t'e test #ector is c$ose to any
o% t'e c$usters+ H0'e anoma$y score is ca$cu$ated as t'e Euc$idean distance &etween t'e
test #ector and t'e nearest o% t'ese centroids+J !)angD S+ 8wangD and S+ C'oD2001"+
0.3
21
Figure #
Source: Reference (web: 0#)
0.3. *a!cu!atin" detector performance
0o ca$cu$ate t'e detector per%ormanceD a :>C cur#e was generated (ot s'ows t'e
grap'ica$ summary* !Swets and :+ M+ @ickettD 1432"+ 0'e miss rate is w'at t'e %reCuency
wit' w'ic' impostors are detectedD and t'e %a$se;a$arm rate wou$d &e w'at t'e genuine
users are rejected mistaken$y detected as impostors+ E#en i% t'e password gi#es out a
a$arm or not it a$$ depends 'ow t'e anoma$y scores are c'osen+ C'oice o% t'res'o$d creates
t'e operating point o% t'e detector on t'e :>C cur#e+
0'e continuum o% possi&$e t'res'o$dsD :>C cur#e s'ows t'e 'it and %a$se;a$arm rates
w'ic' cou$d &e attained at e#ery possi&$e detector operating point+ 0'e :>C cur#es a
natura$ #iew %or a detectorGs accuracyD and according to t'ese :>C cur#eD numerous
measures o% error can &e deri#ed+ <igure (1* $ists se#era$ studies t'at 'a#e &een a reason
%or t'res'o$d using detector;speci%ic 'euristics+ 5e$$ t'e :>C cur#e gi#es out t'e nature
o% t'ese 'euristics w'ic' cou$d 'a#e e%%ect on t'e reported miss and %a$se a$arm rates+
2aterD t'e di%%erent 'euristics was used %or di%%erent detectorsD taking a $itt$e comparing
detector per%ormance &ecomes t'res'o$d in a detector;independent way and summari=ing
per%ormance: equal-error rate and zero-miss false-alarm rate+ 0'en to ca$cu$ate t'e eCua$;
error rateD t'e t'res'o$d is c'osen so t'at t'e detectorGs miss and %a$se;a$arm rates are
eCua$+ 0'e tec'niCue was used &y )ang+ !)angD S+ 8wangD and S+ C'oD 2001"+ <or %inding
t'e =ero;miss %a$se;a$arm rateD t'res'o$d is se$ected as t'e %a$se;a$arm rate wi$$ get
minimi=ed under t'e constraint t'at t'e miss rate &eing =ero+ 0'is measure was used in
two ear$ier studies !C'oD C+ 8anD D+ 8+ 8anD and 8+ )imD 2000 "+ !Bu and S+ C'oD 200"
Ca$cu$ation o% t'is was done &y t'e creation o% :>C cur#e+
22
4.3.1. ,he result of the com-arison sho#n belo# in fi!ure .8/
2
Figure $
Source: Reference (web: 0#)
Figure %:Fa&se &ar' Rate
Source: Reference (web: 0#)
29
4.3.2. )ther researchers #ith the al!orithm com-arison.
Continuous researc' carried out &y ot'ers !)i$$our'yD 2010" came into a conc$usion wit'
t'e same resu$t +0'e %igure &e$ow $ustrates t'e %inding+
Figure 10: S(ows t(e )etectors "rror Rate
Source: Reference (*i&&our(+! 2010)
2-
,s per t'e a&o#e resu$t &est eCua$;error rate was 0+04/D it was o&tained &y t'e Man'attan
!sca$ed" detector said &y ,raPujo+ !,raPujoD SucupiraD 2i=ParragaD
2ingD and Ba&u;utiD2009"+ Nearest Neig'&or !Ma'a$ano&is" detectorD it was t'e top
per%orming as it 'ad t'e >ut$ier Count as we$$ as t'e top per%orming detector using t'e
eCua$;error per%ormance measure+
>ne and on$y &est =ero;miss %a$se a$arm rate was 0+9/3Dw'ic' was &y t'e Nearest
Neig'&or !Ma'a$ano&is" as mentioned &y C'o+! C'oD 8anD 8anD and )imD 2000"
By $ooking into t'e ta&$es t'e initia$ o&ser#ation was t'at t'e per%ormance measure
needed to ac'ie#e t'e 0+001N miss rate and 1N %a$se;a$arm reCuired &y t'e European
standard %or access;contro$ system+! CENE2EC+2002"
Nearest Neig'&or !Ma'a$ano&is" detector was t'e one and on$y top among t'e &ot'
per%ormance measures+!eCua$ 6error rate and =ero miss %a$se;a$arm rate" measure detector
%rom a di%%erent ang$e o% t'e operating points on an :>C cur#e as s'own in %igure(4* t'is
indi#idua$ resu$t suggest t'at t'e Nearest Neig'&or !Ma'a$ano&is" detector wou$d &e
ro&ust to di%%erent t'res'o$d;se$ection procedures+
0'is make up t'e %ina$ ana$yse t'at t'e Nearest Neig'&or!Ma'a$ano&is"detector is t'e
&est a$gorit'm %or )eystroke dynamics+
2/
'. Key (nvironmental factors affectin# Keystroke Dynamics.
Figure 11: "nviron'enta& factors effecting t(e *e+stro,e )+na'ics
Source: Reference (*i&&our(+.200$)
7.1 *!oc$ 3eso!ution is one of the ma6or /actors which affect the ,eystro$e
-ynamics.
' research carried out ()i$$our'y+2003" &y )i$$our'y a&out t'e %actors e%%ecting )D
came into conc$usionD c$ock reso$ution was one o% t'e major %actor+ ,s s'own in %igure
&e$ow (11D 12D1* E(ample sho"n in figure )10* e(plains ho" important the cloc+
resolutions for ,eystro+e Dynamics is important !The pass"ord for -oth 'lice and
.o- it the same /pass"ord0! 's in figure 10 .o- cant access 'lice system "ere as in
figure 11 .o- could access her system as the cloc+ resolution is lees and comes
matching "ith 'lice !
21
Figure 12: S(owing (ig(er c&oc, reso&ution -reventing .ob fro' accessing &ice/s
s+ste'
Source: Reference (*i&&our(+.200$)
23
Figure 13: S(owing &ess c&oc, reso&ution an0 .ob cou&0 access &ice/s s+ste'
Source: Reference (*i&&our(+.200$)
24

Figure 14: S(ows (ig(er c&oc, reso&ution i'-roves -erfor'ance
Source: Reference (*i&&our(+.200$)
). *oft+are Development.
8.1 Phase one 5 *reation of the data co!!ection and ana!ysis software with "raph
to reco"nise the typin" rhythms of different person.
6.1.1 *oft#are a--lication and 0ard#are used1
1rogram used for "riting soft"are2 3icrosoft 4isual studio 200%
For functions5methods used 2 3icrosoft Frame"or+ 6D, 7!%
0
User interface 89indo"s forms
6ource code at the end of the -oo+ at page no!
6.1.2 0)2 ,0E *)&,234E 5))6* 3&,E4 7)M85E*9)N
Figure 15: 1(e co'-&ete0 software in its new &oo,
6.1.3 7a-abilit( of the soft#are
The soft"are sho"n a-o4e is capa-le of ma+ing graphical representation of
,eystro+es Dynamics "hile typing! :t could record and store them in a data-ase
"hich could -e analy;ed for later use! :t has the a-ility to record!
Time -et"een t"o +eys pressed<)all can -e represented in graph*
Time -et"een t"o +eys release<)all can -e represented in graph*
1
Time -et"een one release and one pressure<)all can -e represented in graph*
Time -et"een one pressure and on release<)all can -e represented in graph*
Date is recorded
1ersons name = pass"ord typed
Time ta+en to type
>a" press
>a" release
raph could -e ;oomed to see the correct accurate measurement
raphs could -e sa4ed as picture file for later reference or use!
8.1.0 Pictures be!ow shows a features of the software
2
Figure 16: S(ows t(e gra-( w(ic( re-resents a&& t(e attributes
0'e grap' now 'as t'e image o% sing$e user trained and w'o 'as typed t'e password
H,2,@@,0J %or -0 times+ 0'e image &e$ow wi$$ demonstrate 'ow it $ooks in t'e grap'
w'en a di%%erent user tries to $og in wit' t'e same password+ (<igure 1/*

Figure 1#: S(ows t(e gra-( w(ic( re-resents a&& t(e attributes
0'is image %igure (1/* s'ows t'ree ot'er users w'ic' 'a#e tried to $og in wit' t'e same
password+ But t'e grap' s'ows us t'e #ariation in )eystroke Dynamics wit' t'e o$d users
w'o 'a#e &een trained to type 'is password+
9
Figure 1$: 2erification 3rocess S(ows )istance rea0ing
<igure (11* it s'ows 'ow accurate a sing$e user password can &e+ 0'e distance s'own
seems to &e simi$ar e#ery time t'e user 'as typed in+
-
Figure 1%: S(ows t(e vector recor0e0 an0 ot(er 0ata besi0e
t(e'.
/
8.1.7 +ow these data can be usefu!.
Figure 20
Source: Reference (web: 0$)
1
6.1.6 :E*9;N &)4 ,0E 6E<*,4)6E :3,3=3*E *)&,234E
3
4
Phase two % mp!ementation of a software for $eystro$e dynamic authentication
So%tware wou$d run as a c$ient ser#er approac'+ 5'en t'e c$ient try to $og in t'e ser#er
wou$d gi#e out t'e password %or aut'enticating+ 0'e main a&i$ity o% t'is app$ication is to
aut'enticate using t'e tec'no$ogy keystroke dynamics+
Bui$d 6 it is &ui$d in ja#a
2i&raries and ot'er needed 6 $atest jcommon and j%reec'artDjdk new
,dditiona$ reCuirement 6 Data&ase to &e insta$$ed+
Ser#er notes attac'ed $ast page+
90
,onclusion
.n conc$usionD t'e researc' in t'e ,$gorit'm shows us that Nearest Neig'&or
!Ma'a$ano&is" is one o% t'e &est ,$gorit'ms %or &e'a#ioura$ &iometric aut'entication
o% $eystro$e dynamic system as it is topped out performed in equal-error rate and
zero-miss false-alarm rate w'ic' makes it one o% t'e &est+ By t'e demonstration o% t'e
so%tware s'ows 'ow t'e tec'no$ogy in t'e present day 'as &ecomeD it cou$d at $east
reac' to a certain eEtent+ 0'e work input and process created &y t'e users t'at
continues to proceed in a way t'at is not t'e most e%%icient concerning security+
,ssuming 'uman &e'a#iour as a %actD di%%erent ways are $ooked into to reac' %or t'e
&est o% practices in securityD $ike now comp$eE passwords is used %rom t'e users w'o
used norma$ and traditiona$ met'ods o% passwords+ 0'e &e'a#ioura$ &iometric wou$d
&e t'e &est in t'e day a'ead+
91
-otations
? @ A @um-er of templates in a data-ase!
? S
A
(6& A 1ro-a-ility distri-ution function as a function of the score(s& produced
-y the genuine attempt(s&!
? S
.
(6& A 1ro-a-ility distri-ution function as a function of the score(s& produced -y
the impostor attempt(s&!
? T A 6imilarity score threshold
? F3> A False match rate
? F@3> A False non match rate
? F'> A False acceptance rate
? F>> A False reBection rate
References
,raujoD 2C?D SucupiraD 28:D 2i=arragaD MAD 2ingD 22D K Ba&u;FtiD OB0D !200-" Fser
,ut'entication 0'roug'
92
0yping Biometrics <eatures+ .EEE 0ransactions on Signa$ @rocessing - !2" pp+ 3-1;3--+
BergandoD <D AunettiD DD K @icardiD CD !2002" Fser ,ut'entication t'roug' )eystroke
Dynamics+ ,CM
0ransactions on .n%ormation and System SecurityD - !9"D pp+ /1;41+
MonroseD <D K :u&inD , !1441" ,ut'entication ?ia )eystroke Dynamics+ .n: @roceedings
o% t'e 9t' ,CM
con%erence on Computer and communications security+ New Bork: ,CM @ress
>&aidatD M S !144-" , #eri%ication met'odo$ogy %or computer systems users+ @roceedings
o% t'e 144- ,CM
symposium on ,pp$ied computing+ pp+ 2-3 ; 2/2
D+Fmp'ress+ and A+5i$$iamsD!143-"H.dentity #eri%ication t'roug' key&oard
c'aracteristicsJ+ .nternat+ O+ManMac'+Stud+2D2/621+143-
>&aidatD M+S+D SadounD B+: ?eri%ication o% computer users using keystroke dynamics+
.EEE 0ransactions on SystemsD Man and Cy&ernetics 21 !1441" 2/162/4
Mi$$erD B+: ?ita$ signs o% identity+ .EEE Spectrum 1 !1449" 2260
Simon 2iu and Mark Si$#ermanD , @ractica$ Auide to Biometric Security 0ec'no$ogy+
.EEE .0 @ro%essiona$D ?o$ume D Num&er 1!2001"21;2
2awrence >GAormanD ,#aya 2a&s :esearc'D Basking :idgeD NO+ Securing BusinessGs
<ront Door; @asswordD 0oken and Biometric ,ut'entication+.EEE !200"22;9
:+ >+ DudaD @+ E+ 8artD and D+ A+ Stork+ @attern C$assi%ication+Oo'n 5i$ey K SonsD .nc+D
second editionD 2001+
9
S+ B$e'aD C+ S$i#inskyD and B+ 8ussien+ Computeraccess security systems using keystroke
dynamics+ .EEE 0ransactions on @attern ,na$ysis and Mac'ine .nte$$igenceD
12!12":121161222D 1440+
:+ Ooyce and A+ Aupta+ .dentity aut'entication &ased on keystroke $atencies+
Communications o% t'e ,CMD!2":1/3611/D 1440+
2+ C+ <+ ,raPujoD 2+ 8+ :+ SucupiraD M+ A+ 2i=ParragaD 2+ 2+2ingD and O+ B+ 0+ Ba&u;uti+
Fser aut'entication t'roug' typing &iometrics %eatures+ .n @roceedings o% t'e 1st
.nternationa$ Con%erence on Biometric ,ut'entication !.CB,"D#o$ume 011 o% 2ecture
Notes in Computer ScienceD pages /496100+ Springer;?er$agD Ber$inD 2009+
S+ C'oD C+ 8anD D+ 8+ 8anD and 8+ )im+ 5e&;&asedkeystroke dynamics identity
#eri%ication using neura$ network+Oourna$ o% >rgani=ationa$ Computing and E$ectronic
CommerceD 10!9":24-601D 2000+
S+ 8aiderD ,+ ,&&asD and ,+ )+ Qaidi+ , mu$ti;tec'niCue approac' %or user identi%ication
t'roug' keystroke dynamics+.EEE .nternationa$ Con%erence on SystemsD Man and
Cy&erneticsD pages 1/6191D 2000+
B+ 8wang and S+ C'o+ C'aracteristics o% auto;associati#e M2@ as a no#e$ty detector+ .n
@roceedings o% t'e .EEE .nternationa$ Ooint Con%erence on Neura$ NetworksD #o$ume -D
pages 03/6041D 1061/ Ou$yD 1444D5as'ingtonD DCD 1444+
E+ Bu and S+ C'o+ A,;S?M wrapper approac' %or %eature su&set se$ection in keystroke
dynamics identity #eri%ication+ .n @roceedings o% t'e .nternationa$ Ooint Con%erence on
Neura$ Networks !.OCNN"D pages 22-622-1+ .EEE @ressD 200+
@+ )angD S+ 8wangD and S+ C'o+ Continua$ retraining o% keystroke dynamics &ased
aut'enticator+ .n @roceedings o% t'e 2nd .nternationa$ Con%erence on Biometrics !.CBG01"D
pages 12061211+ Springer;?er$ag Ber$in 8eide$&ergD 2001+
99
O+ ,+ Swets and :+ M+ @ickett+ Evaluation of Diagnostic Systems !ethods from Signal
Detection "heory+ ,cademic @ressD New BorkD 1432
)e#in )i$$our'y+!2003":,.D U03 @roceedings o% t'e 11t' internationa$ symposium on
:ecent ,d#ances in .ntrusion Detection
)e#in )i$$our'y!2010"5'y Did My Detector Do 0'at7V@redicting )eystroke;Dynamics
Error :ates+:,.D
CENE2EC+ European Standard EN -01;1: ,$arm systems+ ,ccess contro$ systems %or
use in security app$ications+ @art 1: System reCuirementsD 2002+ Standard Num&er
EN -01;1:144//,1:2002D 0ec'nica$ Body C2C/0C14D European Committee %or
E$ectrotec'nica$ Standardi=ation !CENE2EC"+
#ebPa"es Accessed:
5e&+01: #$dentity %ard&D (,ccessed on 1-;09;2011 at 1+00pm* a#ai$a&$e on WF:2X
'ttp://we&arc'i#e+nationa$arc'i#es+go#+uk/20110104112-4/'ttp://ips+go#+uk/cps/rde/Ec
'g/ipsY$i#e/'s+Es$/-+'tm
5e&+02: #'ouse of common&D (,ccessed on 1-;09;2011 at 2+00pm* a#ai$a&$e on WF:2X
we&:'ttp://www+pu&$ications+par$iament+uk/pa/cm200-0//cm&i$$s/094/200/094+'tm
5e&+0: #"elegraph&D (,ccessed on 14;09;2011 at /+00pm* a#ai$a&$e on WF:2X
'ttp://www+engadget+com/200-/0-/0//morse;code;trumps;sms;in;'ead;to;'ead;
speed;teEting;com&at/
5e&+09: #9estern Carolina Uni4ersity&D (,ccessed on 20;09;2011 at 10+00pm* a#ai$a&$e on
WF:2X httpC55et!"cu!edu5aidc5.io9e-1ages5.iometricsD,eystro+e!html
9-
5e&+0-: #Biometric $dentification()uthentication "echniques&D (,ccessed on 21;09;2011
at -+00pm* a#ai$a&$e on WF:2X
'ttp://www+a$tisinc+com/resources/Biometric/tec'niCues+p'p
5e&+0/: #biometric solution&D (,ccessed on 22;09;2011 at 1/+00pm* a#ai$a&$e on
WF:2X 'ttp://www+&iometric;so$utions+com/indeE+p'p7storyMper%ormanceY&iometrics
5e&+01: #*eystroke Dynamics - Benchmark Data SetJD (,ccessed on 2/;0-;2011 at
4+00pm* a#ai$a&$e on WF:2X 'ttp://www+cs+cmu+edu/Zkeystroke/
5e&+03: #+ser authentication using keystroke
Dynamics for cellular phoneJD (,ccessed on 2/;0-;2011 at 4+00pm* a#ai$a&$e on WF:2X
'ttp://ieeeEp$ore+ieee+org/stamp/stamp+jsp7arnum&erM0-1193
9/