Visible to the public Keystroke Analysis 2015Conflict Detection Enabled

SoS Newsletter- Advanced Book Block

SoS Logo

Keystroke Analysis 2015

Keystrokes are a basis for behavioral biometrics. The rhythms and patterns of the individual user can become the basis for a unique biological identification. Research into this area of computer security is growing. For the Science of Security, keystroke analysis is relevant to the hard problems of human behavior factors and predictive metrics.

Kalina, J.; Schlenker, A.; Kutilek, P., "Highly Robust Analysis of Keystroke Dynamics Measurements," in Applied Machine Intelligence and Informatics (SAMI), 2015 IEEE 13th International Symposium on, pp. 133-138, 22-24 Jan. 2015. doi: 10.1109/SAMI.2015.7061862

Abstract: Standard classification procedures of both data mining and multivariate statistics are sensitive to the presence of outlying values. In this paper, we propose new algorithms for computing regularized versions of linear discriminant analysis for data with small sample sizes in each group. Further, we propose a highly robust version of a regularized linear discriminant analysis. The new method denoted as MWCD-L2-LDA is based on the idea of implicit weights assigned to individual observations, inspired by the minimum weighted covariance determinant estimator. Classification performance of the new method is illustrated on a detailed analysis of our pilot study of authentication methods on computers, using individual typing characteristics by means of keystroke dynamics.

Keywords: covariance matrices; message authentication; pattern classification; statistical analysis; MWCD-L2-LDA; authentication method; implicit weight assignment; keystroke dynamics measurements; minimum weighted covariance determinant estimator; regularized linear discriminant analysis; robust classification performance analysis; typing characteristics; Atmospheric measurements; Particle measurements; Pollution measurement; Principal component analysis (ID#: 15-8169)


Bando, S.; Nozawa, A.; Matsuya, Y., "Multidimensional Directed Coherence Analysis of Keystroke Dynamics and Physiological Responses," in Noise and Fluctuations (ICNF), 2015 International Conference on, pp. 1-4, 2-6 June 2015. doi: 10.1109/ICNF.2015.7288595

Abstract: Techno-stress has been a problem in recent years with a development of information technology. Various studies have been reported about a relationship between key typing and psychosomatic state. Keystroke dynamics are known as dynamics of a key typing motion. The objective of this paper is to clarify the mechanism between keystroke dynamics and physiological responses. Inter-stroke time (IST) that was the interval between each keystroke was measured as keystroke dynamics. The physiological responses were heart rate variability (HRV) and respiration (Resp). The system consisted of IST, HRV, and Resp was applied multidimensional directed coherence in order to reveal a causal correlation. As a result, it was observed that strength of entrainment of physiological responses having fluctuation to IST differed in surround by the noise and a cognitive load. Specifically, the entrainment became weak as a cognitive resource devoted to IST was relatively increased with the keystroke motion had a robust rhythm. On the other hand, the entrainment became stronger as a cognitive resource devoted to IST was relatively decreased since the resource also devoted to the noise or the cognitive load.

Keywords: cognitive systems; human factors; HRV; IST; cognitive load; cognitive resource; heart rate variability; interstroke time; key typing motion dynamics; keystroke dynamics; multidimensional directed coherence analysis; physiological responses; psychosomatic state; respiration; techno-stress; Coherence; Dynamics; Fluctuations; Heart rate variability; Noise; Physiology; Stress; keystroke dynamics; multidimensional directed coherence; physiological responses (ID#: 15-8170)


Vizer, L.M.; Sears, A.; "Classifying Text-Based Computer Interactions for Health Monitoring;" Pervasive Computing, IEEE, vol. 14, no. 4, pp. 64-71, Oct.-Dec. 2015. doi: 10.1109/MPRV.2015.85

Abstract: Detecting early trends indicating cognitive decline can allow older adults to better manage their health, but current assessments present barriers precluding the use of such continuous monitoring by consumers. To explore the effects of cognitive status on computer interaction patterns, the authors collected typed text samples from older adults with and without pre-mild cognitive impairment (PreMCI) and constructed statistical models from keystroke and linguistic features for differentiating between the two groups. Using both feature sets, they obtained a 77.1 percent correct classification rate with 70.6 percent sensitivity, 83.3 percent specificity, and a 0.808 area under curve (AUC). These results are in line with current assessments for MC--a more advanced disease--but using an unobtrusive method. This research contributes a combination of features for text and keystroke analysis and enhances understanding of how clinicians or older adults themselves might monitor for PreMCI through patterns in typed text. It has implications for embedded systems that can enable healthcare providers and consumers to proactively and continuously monitor changes in cognitive function.

Keywords: health care; human computer interaction; patient monitoring; pattern classification ;text analysis; AUC; PreMCI; area under curve; classification rate; classifying text-based computer interaction; cognitive function; computer interaction pattern; constructed statistical model; continuous monitoring; current assessment; health monitoring; healthcare provider; keystroke analysis; premild cognitive impairment; text analysis; unobtrusive method; Aging; Computational modeling; Data models; Dementia; Monitoring; Pragmatics; Predictive models; aging; cognitive impairment; healthcare; human-computer interaction; personal health informatics; pervasive computing (ID#: 15-8171)


Gonzalez, N.; Calot, E.P., "Finite Context Modeling of Keystroke Dynamics in Free Text," in Biometrics Special Interest Group (BIOSIG), 2015 International Conference of the, pp. 1-5, 9-11 Sept. 2015

doi: 10.1109/BIOSIG.2015.7314606

Abstract: Keystroke dynamics analysis has been applied successfully to password or fixed short texts verification as a means to reduce their inherent security limitations, because their length and the fact of being typed often makes their characteristic timings fairly stable. On the other hand, free text analysis has been neglected until recent years due to the inherent difficulties of dealing with short term behavioral noise and long term effects over the typing rhythm. In this paper we examine finite context modeling of keystroke dynamics in free text and report promising results for user verification over an extensive data set collected from a real world environment outside the laboratory setting that we make publicly available.

Keywords: cryptography; text analysis; finite context modeling; fixed short texts verification; free text analysis; keystroke dynamics analysis; password; user verification; Context; Context modeling; Security; Standards; Timing; Training (ID#: 15-8172)


Darabseh, A.; Siami Namin, A., "On Accuracy of Keystroke Authentications Based on Commonly Used English Words," in Biometrics Special Interest Group (BIOSIG), 2015 International Conference of the, pp. 1-8, 9-11 Sept. 2015. doi: 10.1109/BIOSIG.2015.7314612

Abstract: The aim of this research is to advance the user active authentication using keystroke dynamics. Through this research, we assess the performance and influence of various keystroke features on keystroke dynamics authentication systems. In particular, we investigate the performance of keystroke features on a subset of most frequently used English words. The performance of four features such as i) key duration, ii) flight time latency, iii) digraph time latency, and iv) word total time duration are analyzed. Experiments are performed to measure the performance of each feature individually as well as the results from the different subsets of these features. Four machine learning techniques are employed for assessing keystroke authentications. The selected classification methods are two-class support vector machine (TC) SVM, one-class support vector machine (OC) SVM, k-nearest neighbor classifier (K-NN), and Naive Bayes classifier (NB). The logged experimental data are captured for 28 users. The experimental results show that key duration time offers the best performance result among all four keystroke features, followed by word total time. Furthermore, our results show that TC SVM and KNN perform the best among the four classifiers.

Keywords: cryptography; learning (artificial intelligence); natural language processing; pattern classification; support vector machines; K-NN; Naive Bayes classifier; commonly used English words; digraph time latency feature; flight time latency feature; k-nearest neighbor classifier; key duration feature; keystroke authentications; keystroke dynamics authentication systems; keystroke features; machine learning techniques; one-class support vector machine SVM; two-class support vector machine SVM; user active authentication; word total time duration feature (ID#: 15-8173)


Roth, J.; Xiaoming Liu; Ross, A.; Metaxas, D., "Investigating the Discriminative Power of Keystroke Sound," in Information Forensics and Security, IEEE Transactions on, vol. 10, no. 2, pp. 333-345, Feb. 2015. doi: 10.1109/TIFS.2014.2374424

Abstract: The goal of this paper is to determine whether keystroke sound can be used to recognize a user. In this regard, we analyze the discriminative power of keystroke sound in the context of a continuous user authentication application. Motivated by the concept of digraphs used in modeling keystroke dynamics, a virtual alphabet is first learned from keystroke sound segments. Next, the digraph latency within the pairs of virtual letters, along with other statistical features, is used to generate match scores. The resultant scores are indicative of the similarities between two sound streams, and are fused to make a final authentication decision. Experiments on both static text-based and free text-based authentications on a database of 50 subjects demonstrate the potential as well as the limitations of keystroke sound.

Keywords: acoustic signal processing; authorisation; directed graphs; keyboards; statistical analysis; text analysis; authentication decision; continuous user authentication application; digraph latency; discriminative power; free text-based authentications; keystroke dynamics modeling; keystroke sound segments; score matching; sound streams; static text-based authentications; statistical features; user recognition ;virtual alphabet learning; virtual letters; Acoustics; Authentication; Feature extraction; Histograms; Keyboards; Presses; Training; Keystroke sound; continuous authentication; keyboard typing; keystroke dynamics (ID#: 15-8174)


Sitova, Z.; Sedenka, J.; Yang, Q.; Peng, G.; Zhou, G.; Gasti, P.; Balagani, K.S., "HMOG: New Behavioral Biometric Features for Continuous Authentication of Smartphone Users," in Information Forensics and Security, IEEE Transactions on , vol. PP, no. 99, pp. 1-1, 8 December 2015. doi: 10.1109/TIFS.2015.2506542

Abstract: We introduce Hand Movement, Orientation, and Grasp (HMOG), a set of behavioral features to continuously authenticate smartphone users. HMOG features unobtrusively capture subtle micro-movement and orientation dynamics resulting from how a user grasps, holds, and taps on the smartphone. We evaluated authentication and biometric key generation (BKG) performance of HMOG features on data collected from 100 subjects typing on a virtual keyboard. Data was collected under two conditions: sitting and walking. We achieved authentication EERs as low as 7.16% (walking) and 10.05% (sitting) when we combined HMOG, tap, and keystroke features. We performed experiments to investigate why HMOG features perform well during walking. Our results suggest that this is due to the ability of HMOG features to capture distinctive body movements caused by walking, in addition to the hand-movement dynamics from taps. With BKG, we achieved EERs of 15.1% using HMOG combined with taps. In comparison, BKG using tap, key hold, and swipe features had EERs between 25.7% and 34.2%. We also analyzed the energy consumption of HMOG feature extraction and computation. Our analysis shows that HMOG features extracted at 16Hz sensor sampling rate incurred a minor overhead of 7.9% without sacrificing authentication accuracy. Two points distinguish our work from current literature: 1) we present the results of a comprehensive evaluation of three types of features (HMOG, keystroke, and tap) and their combinations under the same experimental conditions; and 2) we analyze the features from three perspectives (authentication, BKG, and energy consumption on smartphones).

Keywords: Accelerometers; Authentication; Feature extraction; Gyroscopes; Legged locomotion; Magnetometers; Resistance; Behavioral biometrics; HMOG; biometric key generation; continuous authentication; energy evaluation (ID#: 15-8175)


Mondal, S.; Bours, P., "Continuous Authentication in a Real World Settings," in Advances in Pattern Recognition (ICAPR), 2015 Eighth International Conference on, pp. 1-6, 4-7 Jan. 2015. doi: 10.1109/ICAPR.2015.7050673

Abstract: Continuous Authentication by analysing the user's behaviour profile on the computer input devices is challenging due to limited information, variability of data and the sparse nature of the information. As a result, most of the previous research was done as a periodic authentication, where the analysis was made based on a fixed number of actions or fixed time period. Also, the experimental data was obtained for most of the previous research in a very controlled condition, where the task and environment were fixed. In this paper, we will focus on actual continuous authentication that reacts on every single action performed by the user. The experimental data was collected in a complete uncontrolled condition from 52 users by using our data collection software. In our analysis, we have considered both keystroke and mouse usages behaviour pattern to avoid a situation where an attacker avoids detection by restricting to one input device because the continuous authentication system only checks the other input device. The result we have obtained from this research is satisfactory enough for further investigation on this domain.

Keywords: authorisation; computer input devices; continuous authentication system; data collection software; periodic authentication; Authentication; Computers; Feature extraction; Mathematical model; Mice; Presses; Software; Behavioural Biometrics; Continuous Authentication; Keystroke Dynamics;Mouse Dynamics; Trust Model (ID#: 15-8176)


Mondal, S.; Bours, P., "Context Independent Continuous Authentication Using Behavioural Biometrics," in Identity, Security and Behavior Analysis (ISBA), 2015 IEEE International Conference on, pp. 1-8, 23-25 March 2015. doi: 10.1109/ISBA.2015.7126342

Abstract: In this research, we focus on context independent continuous authentication that reacts on every separate action performed by a user. The experimental data was collected in a complete uncontrolled condition from 53 users by using our data collection software. In our analysis, we considered both keystroke and mouse usage behaviour patterns to prevent a situation where an attacker avoids detection by restricting to one input device because the continuous authentication system only checks the other input device. The best result obtained from this research is that for 47 bio-metric subjects we have on average 275 actions required to detect an imposter where these biometric subjects are never locked out from the system.

Keywords: behavioural sciences computing; biometrics (access control); message authentication; behavioural biometrics; context independent continuous authentication; continuous authentication system; data collection software; keystroke; mouse usage behaviour patterns; Authentication; Biometrics (access control);Feature extraction; Mathematical model; Mice; Presses ;Training (ID#: 15-8177)


Idrus, S.Z.S.; Cherrier, E.; Rosenberger, C.; Mondal, S.; Bours, P., "Keystroke Dynamics Performance Enhancement with Soft Biometrics," in Identity, Security and Behavior Analysis (ISBA), 2015 IEEE International Conference on, pp. 1-7, 23-25 March 2015. doi: 10.1109/ISBA.2015.7126345

Abstract: It is accepted that the way a person types on a keyboard contains timing patterns, which can be used to classify him/her, is known as keystroke dynamics. Keystroke dynamics is a behavioural biometric modality, whose performances, however, are worse than morphological modalities such as fingerprint, iris recognition or face recognition. To cope with this, we propose to combine keystroke dynamics with soft biometrics. Soft biometrics refers to biometric characteristics that are not sufficient to authenticate a user (e.g. height, gender, skin/eye/hair colour). Concerning keystroke dynamics, three soft categories are considered: gender, age and handedness. We present different methods to combine the results of a classical keystroke dynamics system with such soft criteria. By applying simple sum and multiply rules, our experiments suggest that the combination approach performs better than the classification approach with best result of 5.41% of equal error rate. The efficiency of our approaches is illustrated on a public database.

Keywords: behavioural sciences computing; biometrics (access control); behavioural biometric modality; biometric characteristics; classification approach; combination approach; keystroke dynamics performance enhancement; soft biometrics; Authentication; Biometrics (access control);Databases; Feature extraction; Support vector machines; Timing (ID#: 15-8178)


Dangra, B.S.; Rajput, D.; Bedekar, M.V.; Panicker, S.S., "Profiling Of Automobile Drivers Using Car Games," in Pervasive Computing (ICPC), 2015 International Conference on, pp. 1-5, 8-10 Jan. 2015. doi: 10.1109/PERVASIVE.2015.7087173

Abstract: In this paper we use car games as a simulator for real automobiles, and generate driving logs that contain the vehicle data. This includes values for parameters like gear used, speed, left turns taken, right turns taken, accelerator, braking and so on. From these parameters we have derived some more additional parameters and analyzed them. As the input from automobile driver is only routine driving, no explicit feedback is required; hence there are more chances of being able to accurately profile the driver. Experimentation and analysis from this logged data shows possibility that driver profiling can be done from vehicle data. Since the profiles are unique, these can be further used for a wide range of applications and can successfully exhibit typical driving characteristics of each user.

Keywords: automobiles; computer games; digital simulation; traffic engineering computing; automobile driver profiling; car games; driving characteristics; driving log generation; simulator; vehicle data; Acceleration; Automobiles; Computational modeling; Computers; Games; Gears; Part profiles; User profiling; behavioral patterns; biometrics; gaming; keystroke identification (ID#: 15-8179)


Jiaju Huang; Daqing Hou; Schuckers, S.; Zhenhao Hou, "Effect of Data Size on Performance of Free-Text Keystroke Authentication," in Identity, Security and Behavior Analysis (ISBA), 2015 IEEE International Conference on, pp. 1-7, 23-25 March 2015. doi: 10.1109/ISBA.2015.7126361

Abstract: Free-text keystroke authentication has been demonstrated to be a promising behavioral biometric. But unlike physiological traits such as fingerprints, in free-text keystroke authentication, there is no natural way to identify what makes a sample. It remains an open problem as to how much keystroke data are necessary for achieving acceptable authentication performance. Using public datasets and two existing algorithms, we conduct two experiments to investigate the effect of the reference profile size and test sample size on False Alarm Rate (FAR) and Imposter Pass Rate (IPR). We find that (1) larger reference profiles will drive down both IPR and FAR values, provided that the test samples are large enough, and (2) larger test samples have no obvious effect on IPR, regardless of the reference profile size. We discuss the practical implication of our findings.

Keywords: authorisation; biometrics (access control);keyboards; FAR; IPR; authentication performance; behavioral biometric; data size; false alarm rate; free-text keystroke authentication; imposter pass rate; keystroke data; physiological traits; public datasets; reference profile size; test sample size; Authentication; Bioinformatics; Databases; Distance measurement; Intellectual property; Standards; Testing (ID#: 15-8180)


Antal, M.; Szabo, L.Z., "An Evaluation of One-Class and Two-Class Classification Algorithms for Keystroke Dynamics Authentication on Mobile Devices," in Control Systems and Computer Science (CSCS), 2015 20th International Conference on, pp. 343-350, 27-29 May 2015. doi: 10.1109/CSCS.2015.16

Abstract: In this paper we study keystroke dynamics as an authentication mechanism for touch screen based devices. The authentication process decides whether the identity of a given person is accepted or rejected. This can be easily implemented by using a two-class classifier which operates with the help of positive samples (belonging to the authentic person) and negative ones. However, collecting negative samples is not always a viable option. In such cases a one-class classification algorithm can be used to characterize the target class and distinguish it from the outliers. We implemented an authentication test-framework that is capable of working with both one-class and two-class classification algorithms. The framework was evaluated on our dataset containing keystroke samples from 42 users, collected from touch screen-based Android devices. Experimental results yield an Equal Error Rate (EER) of 3% (two-class) and 7% (one-class) respectively.

Keywords: Android (operating system); authorisation; error analysis; mobile computing; pattern classification; touch sensitive screens; Android devices; EER; authentication test-framework; equal error rate; keystroke dynamics authentication; mobile devices; one-class classification algorithms; touch screen based devices; two-class classification algorithms; Authentication; Biometrics (access control); Error analysis; Feature extraction; Keyboards; Mobile handsets; Training; biometrics; keystroke dynamics; mobile authentication; one-class classification; touchscreen (ID#: 15-8181)


D'Lima, N.; Mittal, J., "Password Authentication using Keystroke Biometrics," in Communication, Information & Computing Technology (ICCICT), 2015 International Conference on, pp. 1-6, 15-17 Jan. 2015. doi: 10.1109/ICCICT.2015.7045681

Abstract: The majority of applications use a prompt for a username and password. Passwords are recommended to be unique, long, complex, alphanumeric and non-repetitive. These reasons that make passwords secure may prove to be a point of weakness. The complexity of the password provides a challenge for a user and they may choose to record it. This compromises the security of the password and takes away its advantage. An alternate method of security is Keystroke Biometrics. This approach uses the natural typing pattern of a user for authentication. This paper proposes a new method for reducing error rates and creating a robust technique. The new method makes use of multiple sensors to obtain information about a user. An artificial neural network is used to model a user's behavior as well as for retraining the system. An alternate user verification mechanism is used in case a user is unable to match their typing pattern.

Keywords: authorisation; biometrics (access control);neural nets; pattern matching; artificial neural network; error rates; keystroke biometrics; password authentication; password security; robust security technique; typing pattern matching; user behavior; user natural typing pattern; user verification mechanism; Classification algorithms; Error analysis; Europe; Hardware; Monitoring; Support vector machines; Text recognition; Artificial Neural Networks; Authentication; Keystroke Biometrics; Password; Security (ID#: 15-8182)


Chammas, Edgard; Mokbel, Chafic; Likforman-Sulem, Laurence, "Arabic Handwritten Document Preprocessing and Recognition," in Document Analysis and Recognition (ICDAR), 2015 13th International Conference on, pp. 451-455, 23-26 Aug. 2015. doi: 10.1109/ICDAR.2015.7333802

Abstract: Arabic handwritten documents present specific challenges due to the cursive nature of the writing and the presence of diacritical marks. Moreover, one of the largest labeled database of Arabic handwritten documents, the OpenHart-NIST database includes specific noise, namely guidelines, that has to be addressed. We propose several approaches to process these documents. First a guideline detection approach has been developed, based on K-means, that detects the documents that include guidelines. We then propose a series of preprocessing at text-line level to reduce the noise effects. For text-lines including guidelines, a guideline removal preprocessing is described and existing keystroke restoration approaches are assessed. In addition, we propose a preprocessing that combines noise removal and deskewing by removing line fragments from neighboring text lines, while searching for the principal orientation of the text-line. We provide recognition results, showing the significant improvement brought by the proposed processings.

Keywords: Hidden Markov models; Image recognition; Image segmentation; Optical imaging; Optical reflection; Text recognition; Writing; Arabic Handwriting Recognition; Guideline removal; Handwritten Document preprocessing; Noise removal; OpenHaRT database; Textline image Preprocessing (ID#: 15-8183)


Fwa Hua Leong, "Automatic Detection of Frustration of Novice Programmers from Contextual and Keystroke Logs," in Computer Science & Education (ICCSE), 2015 10th International Conference on, pp. 373-377, 22-24 July 2015. doi: 10.1109/ICCSE.2015.7250273

Abstract: Novice programmers exhibit a repertoire of affective states over time when they are learning computer programming. The modeling of frustration is important as it informs on the need for pedagogical intervention of the student who may otherwise lose confidence and interest in the learning. In this paper, contextual and keystroke features of the students within a Java tutoring system are used to detect frustration of student within a programming exercise session. As compared to psychological sensors used in other studies, the use of contextual and keystroke logs are less obtrusive and the equipment used (keyboard) is ubiquitous in most learning environment. The technique of logistic regression with lasso regularization is utilized for the modeling to prevent over-fitting. The results showed that a model that uses only contextual and keystroke features achieved a prediction accuracy level of 0.67 and a recall measure of 0.833. Thus, we conclude that it is possible to detect frustration of a student from distilling both the contextual and keystroke logs within the tutoring system with an adequate level of accuracy.

Keywords: Java; computer science education; feature extraction; intelligent tutoring systems; programming; regression analysis; Java tutoring system; contextual logs; keystroke logs; lasso regularization; logistic regression; novice programmers; programming exercise session; student frustration detection; Accuracy; Context modeling; Java; Mathematical model; Programming profession; Sensors; frustration; keystrokes; learning; novice; programming (ID#: 15-8184)



Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.