a keystroke dynamic based biometric for person authentication · to use keystroke dynamics as...

A keystroke dynamic based biometric for person authentication

R.Abinaya1, Dr.AN.Sigappi2 1Research Scholar, 2Associate Professor

Department of Computer Science & Engineering, Annamalai University,

Chidambaram, Taminadu, India

[email protected], [email protected]

ABSTRACT

Keystroke Dynamics is avital biometric solution for person authentication. Based upon keystroke dynamics, this paper designs and

develops an online system, collects two public databases for supporting the research on keystroke authentication, exploits the Discrete cosine

transform (DCT) to characterize the keystroke dynamics, and provides BeiHang keystroke dynamics results of Three popular classification

algorithms, Random forest classifier, support vector machine and Random tree classifier.

Keywords: Keystroke Dynamics, Biometrics, DCT, SVM, Random forest classifier, Random Tree Classifier, ROC.

I. INTRODUCTION

In today’s scenario there is a major threat to appropriation the personal as well as official data. Data which is easily nearby from

the storage device by an unauthenticated user is a major disquiet and needs to be exterminated. Dependency on computer systems and

networks has undertaken a sea change. Over the years this dependency has improved tremendously, as today computers have

conquered every field e.g. education, business, hospitality etc. Essential information such as criminal and medical records, personal

letters and bills are stored on computer devices. The main issue is the security of these systems and to ensure security there is need of

user which means confirming the facts which are given by a exact user. To ensure security there is need of user authentication.

Authentication is the method to determine that the person really is, in fact what it claims to be.

Increase in number of software and devices for hacking and cracking causes gains in unauthorized access which results in

manipulation of important data. Methods like user ID and password which is mostly used as security is now not reliable and secure

due to rapidly increase in hackers and crackers. Also this method no longer provides consistent security measures because passwords

are prone to shoulder surfing and passwords can also be hacked. To gain secure and efficient access either user must change his

password frequently or the user should use strong password (combination of alphabets, numeric and special symbols). Users do not

respect these conditions as they feel them quite strict and difficult to be applied. The solution to above said problems is keystroke

dynamics. Keystroke Dynamics is a behavioral biometric approach to enhance the computer access rights. It verifies the individual by

its keystroke typing pattern. Keystroke biometric is based on the assumption that the typing pattern of each user is unique. The

objective of this review paper is to summarize the well-known approaches used in keystroke dynamics [1].

Approaches of User Authentication:

1. Object Based: In this approach to recognize the user, appearance of a smart card or some key is required. Strong user identification

techniques like mixture of password with the tokens are needed to use them. It becomes more awkward if the users forget their details

such as PIN numbers or make errors and if the card gets locked after some number of incorrect attempts.

2. Knowledge Based: To access the physical passwords are the most commonly used tools but the flaw is that generally the individual

chooses very easy passwords that can be easily guessed or hacked by computer literate professionals, so even a hacker can appear a

genuine user.

3. Biometric Based: In this kind of a system, the user has to give a individual physical characteristic like fingerprints. This is the most

correct and suitable method. The reason is because biometrics is straight linked and dependent on the user while the password or

token can be used by some other person. This method is almost perfect as these have no loopholes such as forgetting the password or

carrying the card [1]

What is Biometrics? Traditionally, authentication measures rested upon tools such as passwords and PINs. The main defect with these

methods is that the identification of a individual is not done, but the capability to access the information demanded is calculated. But

transition is taking place in corporate sector, education sector, defence sector etc. where biometric system has been introduced. It is

comparison of information that user gives during login with a database of information that was previously recorded. It identifies the

person’s recorded informational attributes so it doesn’t depend on the person’s previous knowledge. Biometric authentication relies on

physical characteristics of the user. There are two distinct categories separating the methodology of this authentication [2]. Two

categories are: Physiological biometrics and Behavioural biometrics.

Physiological Biometrics: It illustrates those features that describe who the user is depending on the physical attributes e.g.

fingerprints, Iris and retina scanning. For this additional hardware required.

International Journal of Pure and Applied MathematicsVolume 118 No. 5 2018, 769-783ISSN: 1311-8080 (printed version); ISSN: 1314-3395 (on-line version)url: http://www.ijpam.euSpecial Issue ijpam.eu

769

Behavioural Biometrics: It is based on typing pattern, Voice recognition and Signature style. Behavioral characteristics can be

composed without the requirement of any extra hardware [3]. This study will focus on Behavioral biometric technique i.e. Keystroke

Dynamics.

General Description of Biometrics Technologies:

1. Fingerprints: Fingerprint systems perform the analysis of the patterns found on fingertips. User identification is achieved by

Automated Fingerprint Identification Systems (AFIS) and fingerprint recognition systems.

2. Hand Geometry: It evaluates unique hand characteristics such like length of the finger, its thickness and surface area. It’s a high

cost but highly accurate method. It is used as an entry method for secure areas of airports, hospitals and government agencies.

3. Face Recognition: Face recognition analyses unique facial characteristics of the eyes, nose, lips, etc. A digital motion detection

camera is essential to capture an image of the face. It is used for public applications such as ATMs or license verification.

4. Voice recognition these systems capture unique voice features such as pitch, tone and frequency to authenticate a user. It is used in

telephony applications which allow users to log into financial and other systems.

5. Retina scanning It is a method for identification of the unique blood vessel pattern at the back portion of the eye by directing low-

intensity infrared light through the pupil. Retinal scanning can be quite accurate. It is required that user should focus on a particular

point.

6. Iris scanning: Iris scanning analyzes the pattern of flecks on the iris, which is on the surface of the eye. It is also expensive

method.

7. Hand Signature: Signature verification analyzes the way a user signs the name. Signing features such as speed, velocity, and

pressure are considered.

8 .Keystroke Dynamics This method analyzes the way a user types on a fatal, by monitoring the keyboard input. Since the input

device is the remaining Keyboard, this approach is not exclusive. Overview of Keystroke Dynamics This method focuses on the

typing pattern of a user at a fatal and then evaluating the input identifying habitual typing rhythm pattern. Keystroke features are

usually obtained using the timing particulars of the key down or key hold or events. It is known by different names such as typing

biometrics and typing rhythms. The main advantage of using keystroke dynamics is that it does not require any extra hardware [4].

Two basic features used for keystroke dynamics are Key Hold time and Inter Key time.

Dwell time is the duration that a key is held down.

Flight time is the duration between pressing a key and releasing the next key

Dwell Time (DT): Dwell time also known as key hold time refers how long a key was held pressing down or the amount of

time between pressing and releasing a single key

Flight Time (FT): Flight time also known as latency time, inter key time or interval time. It refers to the amount of time

between pressing and releasing two successive keys. It involves key event (press or release) from two keys, which could be

comparable or different characters When typing a text, Flight time and dwell time are unique for each user, and is

independent of overall typing speed. This is an important factor that is directly related to user acceptability to the technology.

The technology should offer user as much comfortable and transparency as possible by not overloading user with long

inputs, memorization of complex strings, or provide huge amounts of repetitive input.

ppTime (PP): the latencies of when the two buttons (keys) are pressed;

Hold s RP-Latency Holdp

PP-Latency

𝑡𝑝

1 𝑡𝑟

1 𝑡𝑝

2

𝑡𝑟

2

Fig 1.Keystroke dynamics events (press and release) and three of its most popular features: Hold Time, Release-Press (RP)Latency and

Press-Press (PP)Latency.

International Journal of Pure and Applied Mathematics Special Issue

770

rrTime (RR): the latencies of when the two buttons (keys) are released;

prTime (PR): the durations of when one button (key) is pressed and the other is released;

rpTime (RP): the latencies of when one button (key) is released and the other is pressed;

vector (V): the concatenation of the four previous timing values

Objectives of this Project Work:

To use keystroke dynamics as biometric trait for person authentication and analyses the performance of various classifiers in

authentication experiments on selected biometric datasets.

Advantages of Keystroke Dynamics

Compared to written signatures typing pattern cannot be reproduced. Most security systems allow limited number of

incorrect attempts. After few incorrect attempts they block the account

Compared to physiological biometric systems such as fingerprint, Iris detection Keystroke dynamics does not require any extra

hardware. Thus implementation and deployment cost is low.

2 RELATED WORKS:

From the time the concept of Keystroke Dynamics was introduced, much advancement in the field has taken place. Several

techniques came into existence since then. They are described below in details with their strengths and limitations as follows:

N. Chourasia Nandini, 2014 has introduced an additional layer of security for the authentication of the user, Keystroke

Dynamics. The security can be implemented in android phones or any other smart phones through which internet is accessible as well

as online transactions can be performed. Data set was collected to measure the performance and evaluation procedure was developed.

A mathematical model was presented before implementation. A. K. Hussain and M. M. Alnabhan, 2014 in his study presented an

advanced keystroke authentication model increase the strength. The keystroke structure involved two components, Firstly the

deviation in typing time of user Secondly a unique user secret code. This system solved the problem of large deviations in keystroke

dynamics and improved keystroke authentication level was provided [6]. K. Senathipathi, Krishnan Batri, 2014 A comparative

analysis of Particle Swarm Optimization and Genetic algorithm has been shown bythe author with respect to keystroke dynamics. The

author select the feature selection for the proposed method uses Particle Swarm Optimization (PSO) algorithm and Typing rhythms

are the rawest form of data stemming from the interaction between users and computers then sampled and analyzed, they may

become a useful tool to ascertain personal identity. this paper, made a comparative analysis of Particle Swarm Optimization and

Genetic Algorithm with respect to Keystroke Dynamics [7].The author T.Maheswari and S. Anitha, 2014 has introduced a novel

approach for authentication that was based on biometric characteristics i.e. Keystrokes of the password entry. The author has

measured three phases namely, fingerprint, login credential based on username and password and keystroke dynamics. Two stages

were also considered that are Training and testing stage. Training stage was implemented during enrolment and testing during

verification period [8]. D. Rudrapal, S. Das, and S. Debbarma, 2014 has combined different matrices and calculation was performed

to find keystroke latency as measure of disorder. The author make authentication persuasively more secure than the usual password

used in both offline and online transactions.With the help of empirical data . this works author takes the Keystroke latency and

duration is inadequate for user authentication, which motivates exploring other matrices. combination of different matrices and

calculation of degree of disorder on keystroke latency as well as duration to generate user profile. Statistical analysis on these matrices

evaluates enhanced authentication process respectively.The result of proposed method showed FRR of 8% and FAR of 2%, which

enhanced the existing authentication result using keystroke dynamics [9] . A. Ahmed and I. Traore, 2014 presented a new approach

for the free text analysis of keystrokes that combined monograph and digraph analysis. A neural network had been used to predict

missing digraphs based on the relation between the monitored keystrokes. The heterogeneous experiment involved 53 users, the

follow up experiment in a homogeneous environment considered only 17 volunteers. The results obtained from this research were

promising with reduced error rates[10] J. V. Monaco, N. Bakelman, S.-H. Cha,and C. C. Tappert, 2014 evaluated and developed a

new classification algorithm with reduced error rate. The average and standard deviation of dwell and flight time has been used for

feature extraction. The vector difference authentication model altered a class problem into a two-class problem and model was used

for the classification procedure. The performance was characterised by Receiver Operating Characteristics curves [11]. M. Rybnik, M.

Tabedzki, M. Adamski, and K. Saeed, 2013) has used non-fixed text of various sizes for efficient user authentication with keystroke

dynamics. The approach had been tested on a small sample of users, and data was collected using web based application over Internet.

Nine individuals were participated from whom keystrokes samples were collected which corresponds to the use conditions of a

computer system in a home or small business. Each individual typed a long text twice in the five sessions of more than 250 characters,

ten samples for each person was collected in this way. The author stated that keystroke dynamics is valuable biometrics approach for

authentication of users that is achieved by using only trouble-free classifier and few keystroke features [12]. S. I. Hassan, M. M.

Selim, and H. Hala,2013 implemented a keystroke biometric system that solved the problem of variations in samples and threshold

that is adaptive in nature was considered. The proposed system was evaluated using CMU dataset and for this study, a new dataset has

also been created. Four Distance based algorithms were implemented. Standard deviation of the training samples was also considered

therefore, Manhattan including standard deviation has given accurate results [13]. A. Schclar, L. Rokach, A. Abramson, and Y.

Elovici, 2012 has provided novelty in the field of authentication of users for login. It was based on two approaches. The first approach

is called Cluster representative which used a unique user as a representative from each cluster. The second approach called Inner

Cluster representative which selects that user as a representative whose biometric profiles were the most similar to that of examined


771

use [14]. Z. Syed, S. Banerjee, Q. Cheng, and B. Cukic, 2011 presented as study of habitual pattern of users to new passwords. He

stated that when entering a simple password the variation between successive trials did not exhibit much difference. There was no

significant habituation improvement in total password typing time in case of simple passwords. He also stated that in case of complex

passwords there was significant variance in habitual pattern as well as total keystroke timings [15] M. Karnan, M. Akila, and N.

Krishnaraj, 2011 discussed various feature extraction methods andclassification methods related to keystroke dynamics.There was a

clear explanation of statistical methods,pattern recognition algorithms and neural networks thatcan be used as approaches for

classification. Shortsample texts were considered for the analysis purpose.[16] A.Kolakowska, 2011 compared the performance of

Relative method, absolute method and method based on feature distribution parameters for user authentication. For training data

collection purpose a web application was created. File was used to store the details of keystroke features like key hold time and key

release time. The feature vectors that represented the key timings comprising different values. With this modification quality of the

methods were improved compared to previous methods. [17] P. S. Teh, A. B. J. Teoh, C. Tee, and T. S. Ong, 2010 proposed an

approach to give strength to password authentication system. It incorporated numerous keystroke dynamic information. To combine

keystroke dynamics information a two-layer amalgamated structure was proposed. For feature matching two methods named

Gaussian probability density function and Direction similarity measure were proposed and six fusion rules were employed when

authenticated user was not able to type in his usual speed due to some hand injury. The system obtained very good results [18]. Akash

Sanghi, Y.D.S. Arya ,2017 author proposed security system which will analyze user typing behavior and discriminate between

authentic and non authentic users. This approach provides high level of security as well as it is cost effective because no extra

hardware is required. Two features such as key hold time and key interchange time were considered. Samples from both authentic as

well as non authentic user were recorded then neural network was trained on those samples. Finally user will be authenticated on the

basis of his typing pattern [19]. Jing and Zhang [20] proposed an approach to find discriminant bands (a group of coefficients) in the

transformed space. Their approach searches the discriminant coefficients in the transformed space group by group. In this case, it is

possible to lose a discriminant coefficient placing beside the non discriminant coefficients in a group [21].

Objectives of this work:

To use keystroke dynamics as biometric trait for person authentication and analyses the performance of various classifiers in

authentication experiments on selected biometric datasets. Advantages of Keystroke Dynamics Compared to written signatures typing

pattern cannot be reproduced. Most security systems allow limited number of incorrect attempts. After few incorrect attempts they

block the account. Compared to physiological biometric systems such as fingerprint, Iris detection Keystroke dynamics does not

require any extra hardware. Thus implementation and deployment cost is low.

3 PROPOSED RESEARCH WORK

In this project, the authentication of person by keystroke dynamics by BeiHang keystroke dynamics Datasets they proposed

DCT feature vector, random forest and random tree, SVM as a classifier.

The BeiHang Keystroke Dynamics Database

We have obtained two databases by using the proposed embedded system and the online system respectively. It can be used

by researchers to test their algorithms and eventually boost the development of keystroke dynamics.There are 209 subjects involved in

building the databases. It should be noted that 10 subjects of Dataset A of Database 2 are from Dataset B of Database 2. The first

database, named BeiHang Keystroke Dynamics Database 1, is captured by the online system, and the second one, named BeiHang

Keystroke Dynamics Database 2, is collected from the embedded system. The subjects gather registration data from genuine users

used as training samples, log-in data from genuine users and log-in data from intruders. All the data are stored in text format; they can

be downloaded at.

In each folder of Database 1, the only training file contains 4 or 5 registration samples and the file name is in the format of,

say, [12345] (-regliaoxiaoying).txt meaning that this is the training file for ID being 12345 and password being [liaoxiaoyin] with

being the label of the file. All the testing files have the same format: [Year-Month-Day Hour.Min.Sec] ID(-loginPSW)_

IsGenuine_IsPostive.txt, where IsGenuine = 0 or 1 represents the data from a genuine user or an intruders; IsPostive = y or n

represents the positive data from a user or the negative data from an intruder. For example, the testing file, [2009-12-30

14.07.01]12345(-loginliaoxiaoying)_1_n.txt, indicates that the login time is 2009-12-30 14.07.01, ID is 12345, PSW is liaoxiaoying,

and it is negative data from an intruder.

The file names in Database 2 have been simplified. The folders are named as PSW or the time when the data were collected.

In the folder,[.txt] stores genuine user registration data. The entire testing files are in the form of time-index_IsGenuine_ IsPostive.txt.

The BeiHang Keystroke Dynamics Database 1 includes 1902 test samples and 477 training samples from 117 subjects. The whole

Database 1 is divided into two subsets, Dataset A and Dataset B, collected from two different environments. Dataset A was collected

in Internet Cafe. It contains 49 subjects, 212 training samples, 157 testing samples from genuine users and 996 testing samples from

intruders, as shown in Table 1. The developed commercial system was embedded into the login system of an online application. In

Database 1, Dataset B was collected online in a university lab. It contains 68 subjects, 265 training samples, 214 testing samples from

genuine users and 535 testing samples from intruders. The BeiHang Keystroke Dynamics Database 2 was collected by the embedded

system, which contains 5089 test samples and 478 training samples from 92 subjects. Dataset A and B in Database 2 are released for

research purpose. Dataset A of Database 2 contains 52 subjects, 228 training samples, 717 testing samples from genuine users and

1468 testing samples from intruders. Dataset B of database 2 contains 50 subjects, 250 training samples, 1103testing samples from


772

genuine users and 1801 testing samples from intruders. The details are given in Table 1. It is worth noting that there are 10 subjects

appear both in these two subsets. Which contain data of stable typing rhythms?

Table 1: Description of dataset A and dataset B

DATASET A DATASET B

Number of inducers 816 Number of inducers 365

Number of Training 417 Number of training 685

Number of Users 198 Number of users 551

Total 1428 Total 1601

All the data in these dataset are original collected , without any manual modification .Generallya password is represented by

following stream P1,R1,P2,R2,...,Pn,Rn,where p1 and r1 represented as the press and release time of the ith keystroke of a password

the meaning of different files are shown by their file names.

Database Access

To download the databases for research purpose, one can visit http://www.vmonaco.com/keystrokes The BeiHang keystroke

Dynamics -datasets or send an email to the corresponding author.

3.1 Benchmark Algorithms

The framework of our Keystroke Dynamic System is shown in Fig. Feature extraction and classification algorithm are the

main components and are discussed in detail in the following sections.

Fig: 2 Framework of the Keystroke Dynamics System

3.1.1 Feature Extractions

Suppose a password is represented by the following sequence:

P1, R1, P2 ,R2 ,…, Pn , Rn (1)

Where represent the press and the release time of the ith keystroke of a password

The elements of the feature vector extracted from the original keystroke information are classified into two categories:

dwelling time and flight time. The dwelling time is calculated by Ri- Pi, and the flight time by Pi-Ri-1.

Therefore, the extracted feature from the original sequence is represented as:

I= (R1-P1,P2-R1,R2- P2,...,Pn-Rn- 1,Rn-Pn). (2)

The above feature is also called the original feature. The number of the registration samples collected in the training

procedure is 4 or 5..

In signal processing and object recognition, the transformed features are extensively studied such as Fast Fourier Transform

(FFT), Discrete Cosine Transform (DCT), and Gabor wavelets. This paper investigates these three transformation methods to further


773

enhance the performance of keystroke dynamics systems using the original feature directly. Different from most of previous works

focusing on classifier design, this paper design better features for performance improvement.

DCT (Discrete Cosine Transform):

DCT feature extraction approaches are considered and a new efficient approach is proposed. DCT feature extraction consists

of two stages. In the first stage, the DCT is applied to the entire data to obtain the DCT coefficients, and then some of the coefficients

are selected to construct feature vectors in the second stage. Dimension of the DCT coefficient matrix is the same as the input text. In

fact the DCT, by itself, does not decrease data dimension; so it compresses most signal information in a small percent of coefficients.

Discrete cosine transform (DCT) [21–28] are the important approaches of this class. Some special properties of DCT make it a

powerful transform in image processing applications, including face recognition. DCT is very close to the KLT and has a strong

ability for data decorrelation [26]. There are fast algorithms for DCT realization, which is not the case for KLT. Combination of

statistical and deterministic transforms constructs a third type of feature extraction approaches with both advantages. In this type,

DCT reduces the dimension of data to avoid singularity and decreases the computational cost of PCA and LDA. Chen et al. After

applying the DCT to an image, some coefficients are selected and others are discarded in data dimension reduction. The selection of

the DCT coefficients is an important part of the feature extraction process. In most of the approaches which utilize the DCT, not

enough attention was given to coefficients selection (CS). The coefficients are usually selected with conventional methods such as

zigzag or zonal masking. These conventional approaches are not necessarily efficient in all the applications and for all the databases.

In general, the DCT coefficients are divided into three bands (sets), namely low frequencies, middle frequencies and high

frequencies. itvisualizes these bands. Low frequencies are correlated with the illumination conditions and high frequencies represent

noise and small variations (details). Middle frequencies coefficients contain useful information and construct the basic structure of the

image. From the above discussion, it seems that the middle frequencies coefficients are more suitable candidates in face recognition.

Although coefficients selection, the second stage of the feature extraction, is an important part of the feature extraction process and

strongly influences the recognition accuracy, but it has received only scant attention.

DCT and coefficients selection For an M N values, where each single data corresponds to a 2D matrix, DCT coefficients are

calculated as follows:

𝑓(𝑢, 𝑣) =1

√mn∝ (𝑢) ∝ (𝑣) ∑ 𝑓(𝓍, 𝓎) ∗ cos(

(2x + 1)uπ

2M

M−N

𝓍=0

∗ cos((2x + 1)vπ

2N

Where u=0, 1.....M, and v=0,1,..N (3)

∝ (𝜔) = {

1

√2 𝜔=0

1 𝑜𝑡ℎ𝑒𝑟𝑤𝑖𝑠𝑒} (4)

F(𝓍, 𝓎) is theobject intensity function and F(𝓊, 𝓋) is a 2D matrix of DCT coefficients. Block-based implementation and the entire

image are the two implementations of the DCT. Entire Data DCT has been used in this paper. The DCT is applied to the entire Data to

obtain the frequency coefficient matrix of the same dimension.DCT has mainly used in this paper to change the dimension for getting

better results.

3.2 Feature Vector:

The password is represented as following sequence

𝑃1, 𝑅1, 𝑃2, 𝑅2 … … 𝑃𝑛, 𝑅𝑛

Where𝑃1 and𝑅1 represents the press and release time of the ith keystroke of a password.the element of the feature vector extracted

from the original keystroke information are classified in to two categorizes: Dwelling time and Flight time. Dwelling time is

calculated by 𝑅1-𝑃1 and the Flight time is calculated by 𝑃𝑖-𝑅𝐼−1

3.2.1 Feature Vector Extraction:

Therefore the extracted feature from the original sequence is represented as

I = (𝑅1 − 𝑃1,𝑃2 − 𝑅1, 𝑅2 − 𝑃2, … … . , 𝑃𝑛 − 𝑅𝑛−1, 𝑅𝑛 − 𝑃𝑛)

Example:

If 12 letter password means 12/6 = 6, therefore I = 6., if i = 1 I = 𝑅1 − 𝑃1 ,if i = 2 where i = 𝑃2 − 𝑅1 ,𝑅2 − 𝑃2., if i = 3 Where i = 𝑃3 −𝑅2, 𝑅3 − 𝑃3., if i = 4 where 𝑃4 − 𝑅3, 𝑅4 − 𝑃4., if I = 5 where i = 𝑃5 − 𝑅4, 𝑅5 − 𝑃5., if i = 6 where i = 𝑃6 − 𝑅5, 𝑅6 − 𝑃6.

Example:

User 1 Data values:

0,117340,282839,353985,558993,647279,1004653,1095798,1227438,1312870,1534808,1637380

Where P denotes

𝑃1=0,

𝑃2= 282839,


774

𝑃3=558993

𝑃4=1004653

𝑃5=1227438

𝑃6=1534808

Where R denotes

𝑅1=117340

𝑅2=353985

𝑅3=647279

𝑅4=1095798

𝑅5=1312870

𝑅6=1637380

By this sequence

I = (𝑅1 − 𝑃1,𝑃2 − 𝑅1, 𝑅2 − 𝑃2, … … . , 𝑃𝑛 − 𝑅𝑛−1, 𝑅𝑛 − 𝑃𝑛) (3)

We get Feature Vector V = 117340, 165499, 71146, 205008, 88286, 357374, 91145, 308217, 85432, 22938, 102572

3.2.2 Classifier algorithm:

Fusion of Features and Classifiers:

Mixture of different knowledgeable decision of widely studied in previous twenty years. Combination methods can be

grouped by the level at which they operate. The simplest way is in the feature level, where different kinds of features are concatenated

into an extended feature vector. This combination inherits the advantages of different features, and any classifier is easily used with

them to build the final classification model. Combination can also be done in the level of decision or output score, which is called

classifier-level combination. It is a quite popular way as the score is generally considered as a new kind of feature. This paper

investigates both methods for performance improvement. For feature-level combination, we can easily get the new extended features.

DCT features vector Similar to the feature-level combination, the classifier-level combination is based on the scores of classifiers.

Supposed we have k classifiers, whose classifiers and dct feature combination score is denoted as score level fusion vector.

3.2.3 Experiment:

In this section, we present benchmark experimental results for some classification and feature extraction algorithms on the

BeiHang Keystroke Dynamics Databases. The extensive research experiments bring the evaluation of different features, classifiers,

and their fusions.

We also exhibit those specific rhythms for different individuals can lead to high performance, which can be used in practical

applications, such as password protection.

3.2.4 Evaluation criteria:

In the research experiments, we use the False Positive Rate and the True Positive Rate for evaluation metrics. The former is

the percentage of intruders who can enter the accounts by imitating the typing manner of genuine users. The latter is the percentage of

genuine users who can successfully log into the system with the right keystroke manner. By changing the threshold in the

classification procedure, we obtain a series of True Positive Rates and False Positive Rates, and then we use these results to draw a

ROC curve. The ROC curve is used for evaluation of various algorithms including the Random forest classifier, classifier random tree

classifier with the original feature DCT. We also provide the Equal Error Rate (EER) for further evaluation of different methods. EER

is the percentage where the False Positive Rate equals the False Negative Rate.

3.2.5 Classifier, Features and Training:

This section explains the classifier that we used, the features it employed, and its training and testing. The MATLAB

Programming environment (version 2013 a) was used for analyses And WEKA 6 for Classifier analysis.

3.2.6 Classifier – support vector machine:

SVM generally applies to linear boundaries. In the case where a linear boundary is inappropriate SVM can map the input

vector in to a high dimensional feature space By choose a non linear mapping, the SVM construct a optimal separating hyper plane in

the higher dimensional space .The function K is defined as the k rnalfunction for generating the inner products to construct machines

with different types of non-linear decision surfaces in the input space.

𝐾(𝓍, 𝓍𝑖) = Φ(𝓍). Φ(𝓍𝑖) (5)

The kernel function may be of any symmetric functions that satisfy the Mercer’s conditions (courant and Hilbert , 1953) there are

several SVM kernel function .

SVM Gaussian – inner product kernels are

Gaussian ℯ𝓍𝓅[−∥𝓍𝕋−𝓍𝑖∥

2𝜎2 ] (6)


775

Where x is the input patterns , 𝑥𝑖 is variance ,1 ≤ 𝑖 ≤ 𝑁𝑠, where 𝑁𝑠is the number of support vectors ,𝛽𝜊,𝛽1 are constant

values. p is the degree of the polynomial. Although support vector machines are often considered to be the best classifiers currently

available, random forests are strong competitors, frequently outperforming SVMs .The random forest classifier is generally a good

performer because it is robust against noise, and because its tree-classification rules enable it to find informative signatures in small

subsets of the data (i.e., automatic feature selection).

3.2.7 Features used in the classifier

During typing, all key-press (key-down) and key-release (key-up) events were time stamped and recorded. From these

events, each of the three features used in the random forest classifier, SVM, Random tree can be derived: (1) hold time (time elapsed

from key-down to key-up of a single key); (2) digram latency(time elapsed from the key-down of a character being typed to the key-

down of the next character); and (3) diagram interval (key-up to key-down latencies between diagrams ).For a ten-digit passcode,

there are 11 hold times(including the return key), 10 key-down to key-down latencies, and 10 key-up to key-down intervals, which

taken together form a 31-dimensional vector that represents each passcode repetition. All three features were used, because they form

a superset of the features commonly used by other researchers. Although some of these features are linearly dependent, this is not a

concern when using a random forest, because the random forest performs feature selection as part of its training, thereby

accommodating any linear dependencies among features.

4. RESULTS AND DISCUSSIONS

DATASET A:

Results for dataset A

Table .no: 3 EER Results with different feature dimensions and classifier on Dataset 1, where* indicates results

Dataset A

Random Forest

Classifier

Random tree

Classifier Support Vector

Machine

classifier

Accurac

y

ERR

Rate

Accurac

y

ERR

Rate

Accura

cy

ERR

Rate

DCT –

Feature

(DIM=10) 79.7 13.2 81.0 18.9 79.6 20.4

DCT – Feature

(DIM=12) 80.3 15.6 80.5 19.4 83.2 16.8

DCT –

Feature

(DIM =

14)

77.5 11.4 80.1 19.8 86.3 13.7

DATASET B:

Results for dataset B:

Table .no:3 EER Results with different feature dimensions and classifier on Dataset B, where* indicates results

Dataset A

Random Forest

Classifier

Random tree

Classifier Support Vector

Machine

classifier

Accurac

y

ERR

Rate

Accurac

y

ERR

Rate

Accura

cy

ERR

Rate

DCT –

Feature (DIM=10)

80.5 15.4 79.4 20.5 81.2 18.3

DCT –

Feature (DIM=12)

80.5 15.6 80.5 19.4 78.8 21.2

DCT –

Feature

(DIM = 14)

81.6 14.1 81.6 18.3 84.3 15.7

4.1 Roc Curve:

Receiver operating curve or Relative operating characteristic (ROC): The ROC plot is a visual characterization of the trade-

off between the FMR and the FNMR. In general, the matching algorithm performs a decision based on a threshold that determines

how close to a template the input needs to be for it to be considered a match. This type of graph is called a Receiver Operating

Characteristic curve (or ROC curve.) It is a plot of the true positive rate against the false positive rate for the different possible cut

points of a diagnostic test. An ROC curve demonstrates several things:


776

It shows the tradeoffs between sensitivity and specificity (any increase in sensitivity will be accompanied by a decrease in

specificity). The closer the curve follows the left-hand border and then the top border of the ROC space, the more accurate the test.

The closer the curve comes to the 45-degree diagonal of the ROC space, the less accurate the test. The slope of the tangent line at a

cutpoint gives the likelihood ratio (LR) for that value of the test. You can check this out on the graph above. Recall that the LR for T4

< 5 is 52. This corresponds to the far left, steep portion of the curve. The LR for T4 > 9 is 0.2. This corresponds to the far right, nearly

horizontal portion of the curve. The area under the curve is a measure of text accuracy

4.1.1 Comparison of the ROC Results for two Datasets (particularly SVM classifier)

Fig no:3 A10_SVM_ROC_79.6

The above curve shows the ROC curve for Dataset A with dimension 10 in SVM classifiers the overall accuracy is 79.6

Fig no: 4 A12_SVM_ROC_83.0


Fig no 5 A14_SVM_ROC_86.3


777


Fig.no: 6 B10_SVM_ROC_81.2

The above curve shows the ROC curve for Dataset B with dimension 10 in SVM classifiers the overall accuracy is 81.2

Fig.no.7 B12_SVM_ROC_78.8


Fig no :6 B14_SVM_ROC_84.3


4.1.2 Performance Evolution:

The performance of a biometric system is generally characterized by the receiver operating characteristic (ROC) curve. It can

be summarized by the equal error rate (EER), the point on the curve where the fall acceptance rate (FAR)and false rejection rate

(FRR) are equal. Other system evaluation criteria include efficiency, adaptability, robustness, and convenience .Performance:

measures the performance of a biometric system in terms of acquisition and recognition errors. In order to evaluate the performance of


778

a biometric system, we generally need a test benchmark and performance metrics. According to the International Organization for

Standardization ISO/IEC 19795-1, the performance metrics are divided in to three sets: Acquisition performance metrics such as the

Failure-To-Enroll rate (FTE). Verification system performance metrics such as the Equal Error Rate (EER). Identification system

performance metrics such as the False-Negative and the False- Positive Identification Rates (FNIR and FPIR, respectively).

Effectiveness: Effectiveness indicates the ability of a method to correctly differentiate genuine and imposter. Performance indicators

employed by the researches are summarized as follow.

False Rejection Rate (FRR) refers to the percentage ratio between falsely denied genuine users against the total number of genuine

users accessing the system. Occasionally known as False Nonmatch Rate (FNMR) or type 1 error . A lower FRR implies less

rejection and easier access by genuine user

.

False Acceptance Rate (FAR) is defined as the percentage ratio between falsely accepted unauthorized users against the total number

of imposters accessing the system. Terms such as False Match Rate (FMR) or type 2 error refers to the same meaning. A smaller

FAR indicates less imposter accepted.

Equal Error Rate (EER) is used to determine the overall accuracy as well as a comparative measurement against other systems. It

may be sometimes referred to as

Crossover: Error Rate (CER). Result comparison portrayed in the next section will mainly be express with FAR, FRR, and EER.

𝐹𝑅𝑅 = 𝑁𝑢𝑚𝑏𝑒𝑟 𝑜𝑓 𝑟𝑒𝑓𝑢𝑠𝑒𝑑 𝑔𝑒𝑛𝑢𝑖𝑛𝑒𝑠

𝑇𝑜𝑡𝑎𝑙 𝑛𝑜 𝑜𝑓 𝑔𝑒𝑛𝑢𝑖𝑛𝑒𝑠

𝐹𝐴𝑅 = 𝑁𝑢𝑚𝑏𝑒𝑟 𝑜𝑓 𝐴𝑐𝑐𝑒𝑝𝑡𝑒𝑑 𝑖𝑚𝑝𝑜𝑠𝑡𝑒𝑟

𝑇𝑜𝑡𝑎𝑙 𝑛𝑜 𝑜𝑓 𝑖𝑚𝑝𝑜𝑠𝑡𝑒𝑟

4.1.3 Confusion matrix: for SVM - Gaussian:

One of the most important classification concepts is contained in the confusion matrix (for error) this matrix is a table that

represents the performance of an algorithm and form which other matrices can be derived the column of the matrices represents the

instances actually belong . the matrix makes it easy to see if the system is confusing two classes, hence the name. This matrix can

categorize in to two categories (e.g. Positive and negative) and counts the correctly classified (true)or falsely classified

(false)instances per class. Now, a success in when an instances is predicted correctly as a true positive (tp) or a true negative (tn). An

error is when an instance’s class is predicted incorrectly such that it is either a false positive (fp) or a false negative (fn)

Classification and actual class True positives false negatives (P)

False positives (P) true negatives (N)

Where P represents positive rate and N represents Negative rate

Table .no: A10 Confusion Matrix– SVM Gaussian:

Classification

Actual class

436 176

67 749

Table .no: A12 – Confusion Matrix SVM Gaussian :

Classification

Actual class

484 128

68 748

Table .no: A14 – Confusion Matrix SVM Gaussian :

Classification

Actual class 422 190

102 714


779

Table .no: B10 – Confusion Matrix SVM Gaussian

Classification

Actual class

1159 77

224 141


Classification

Actual class

1173 63

217 88


Classification

Actual class

1171 65

186 179

𝑡𝑝 Classification mans a correct classification of the instances. Originating from a deceptive messages 𝑓𝑝 are instances that are

supposedly truthful but classified as deceptive 𝑓𝑝 are instances that were derived from deceptive messages but are classified as

truthful. 𝑡𝑛 are instances that originate from truth messages and are classified as such some of actual deceptive (positive) instances is

p with p=𝑡𝑝+𝑓𝑛 here SVM Gaussian takes B14 dimension get 𝑡𝑝= 1171 and the sum of actual truthful (negative) instances N with

N=𝑓𝑝+𝑡𝑛 .and P and N with p=𝑡𝑝+𝑓𝑝 ,p=1357 N= 𝑓𝑛+𝑡𝑛,N=244 represented as sum of instances are classified respectively.

Chart No: 1 Different Dimensions Level by DCT for various classifiers for Dataset B

The above chart describes the different dimension level by DCT accuracy rate with various classifiers. Hence the performance matrix

shown by the ROC curve.

79.780.3

77.5

81 80.5 80.179.6

83.2

86.3

727476788082848688

DCT –FEATURE (DIM=10)

DCT – FEATURE (DIM=12)


Random Forest Classifier

Random Tree Classifier

Support Vector MachineClassifier


780

Chart No: 2 Different Dimensions Level by DCT for various classifiers for Dataset B

The above chart describes the different dimension level by DCT accuracy rate with various classifiers. Hence the performance matrix

shown by the ROC curve.

5 CONCLUSIONS AND FUTURE WORK

Two large databases have been collected and open for public research. Different features and benchmark algorithms have

been tested and summarized. We design both DATASET for protection device and an online keystroke dynamics system. The new

feature includes DCT and their combinations. The benchmark results are obtained by the one-class support vector machine, Gaussian

model as classifier, applied on the original and extended features. Our future work will focus on boosting the classifiers and

promoting the applications.

REFERENCE:

1. R.Abinaya, AN.Sigappi “Survey of Biometric Systems: Evolution and Challenges” proceedings of the nationalconference

on Multimedia signal processing and applications (NCMSPA) ISBN NO: 978-81922221-6-5, 2016

2. Pin Shen Teh, Andrew Beng Jin Teoh and Shigang Yue1, “A Survey of Keystroke Dynamics Biometrics” Hindawi

Publishing Corporation The Scientific World Journal Volume 2013, Article ID 408280, 24 pages

http://dx.doi.org/10.1155/2013/408280

3. Shimaa I. Hassan , Mazen M. Selim , and Hala H. zayed “User Authentication with Adaptive Keystroke Dynamics”

IJCSI International Journal of Computer Science Issues, Vol. 10, Issue 4, No 2, July 2013 ISSN (Print): 1694-0814 | ISSN

(Online): 1694-0784 [3], 2014

4. Roy A. Maxion and Kevin S. Killourhy “Keystroke Biometrics with Number-Pad Input” IEEE/IFIP International

Conference on Dependable Systems & Networks (DSN) .,2010.

5. Rosy Vinayak1 , Komal Arora “A Survey of User Authentication using Keystroke Dynamics ” International Journal of

Scientific Research Engineering & Technology (IJSRET), ISSN 2278 – 0882 Volume 4, Issue 4, April 2015

6. Hussain et al. (A. K. Hussain and M. M. Alnabhan, 2014” Advanced authentication scheme using a predefined keystroke

structure” International Journal of Computer,2014

7. Senathipathi, Krishnan Batri, “An analysis of Particle Swarm Optimization and Genetic Algorithm with respect to

keystroke dynamics” Green Computing Communication and Electrical Engineering (ICGCCEE), Electronic ISBN: 978-1-4799-4982-3 ,DVD ISBN: 978-1-4799-4983-0 , 2014

8. Maheswari and S. Anitha, 2014) “Remote User Authentication Scheme: A Comparative Analysis and Improved

Behavioral Biometrics Based Authentication Scheme” Published in: Micro-Electronics and Telecommunication

Engineering (ICMETE), 2016

9. Rudrapal, S. Das, and S. Debbarma, “Improvisation of Biometrics Authentication and Identification through

Keystrokes Pattern Analysis” International Conference on Distributed Computing and Internet Technology

ICDCIT: Distributed Computing and Internet Technology pp 287-292, 2014

10. Ahmed and I. Traore “Biometric Recognition Based on Free-Text Keystroke Dynamics”.Referenced in: IEEE Biometrics

CompendiumIEEE RFIC Virtual JournalIEEE RFID Virtual Journal Page(s): 458 - 472 , Published in: IEEE Transactions on

Cybernetics ( Volume: 44, Issue: 4, April 2014

11. Monaco, N. Bakelman, S.-H. Cha,and C. C. Tappert, “One-handed Keystroke Biometric Identification Competition

“ Biometrics (ICB), 2015 International Conference on Electronic ISBN: 978-1-4799-7824-3 Print ISSN: 2376-4201

80.5 80.5

81.6

79.480.5

81.681.2

78.8

84.3

76

78

80

82

84

86

DCT –FEATURE (DIM=10)



Random Forest Classifier

Random Tree Classifier

Support Vector MachineClassifier


781

12. Rybnik et al. (M. Rybnik, M. Tabedzki, M. Adamski, and K. Saeed. “User Authentication for Mobile Devices” Computer

Information Systems and Industrial Management pp 47-58, , 2013

13. Hassan et al. (S. I. Hassan, M. M. Selim, and H. Hala,” User Authentication with Adaptive Keystroke Dynamics” IJCSI

International Journal of Computer Science Issues, Vol. 10, Issue 4, No 2, July 2013 ISSN (Print): 1694-0814 | ISSN

(Online): 1694-0784,2013.

14. Schclar , L. Rokach, A. Abramson, and Y. Elovici “User Authentication Based on Representative Users” IEEE

Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews) ( Volume: 42, Issue: 6, Nov. 2012 )

Page(s): 1669 – 167, , 2012

15. Syed, S. Banerjee, Q. Cheng, and B. Cukic, 2011 “Effects of User Habituation in Keystroke Dynamics on Password

Security Policy” High-Assurance Systems Engineering (HASE), 2011 IEEE 13th International Symposium on ISSN

Information: INSPEC Accession Number: 12461980

16. Karnan, M. Akila, and N. Krishnaraj, 2011 “Biometric personal authentication using keystroke dynamics: A review”

Applied Soft Computing “Volume 11, Issue 2, March 2011, Pages 1565-1573

17. Kolakowska” Computer Recognition Systems “ Advances in Intelligent and Soft Computing book series (AINSC,

volume 95), , 2011

18. Teh , A. B. J. Teoh, C. Tee, and T. S. Ong “Keystroke dynamics in password authentication enhancement” Expert

Systems with Applications Volume 37, Issue 12, December 2010, Pages 8618-8627

19. Akash Sanghi, Y.D.S. Arya “Survey, Applications and Security of Keystroke Dynamics for User Authentication

“International Journal of Computer & Mathematical Sciences IJCMS ISSN 2347 – 8527 Volume 6, Issue 9 September 2017.

20. X.Y. Jing, D. Zhang, “A face and palmprint recognition approach based on discriminant DCT feature extraction”,

IEEE Transactions on Systems, Man and Cybernetics 34 (6) (2004) 2405–2415

21. S. Dabbaghchian, A. Aghagolzadeh, M.S. Moin, “Reducing the effects of small sample size in DCT domain for face

recognition,” in: International Symposium on Telecommunication (IST), 2008

22. D. Ramasubramanian, Y.V. Venkatesh, “Encoding and recognition of faces based on the human visual model and

DCT,” Journal of Pattern Recognition 34 (2001) 2447–2458

23. C. Podilchuk, X. Zhang, “Face recognition using DCT based feature vectors” Proceeding of IEEE (1996)

24. R. Tjahyadi, W. Liu, S. Venkatesh,” Application of the DCT energy histogram for face recognition” International

Conference on Information Technology Applications (2004) 305–310.

25. D. Zhong, I. Defee, “Pattern recognition in compressed DCT domain” Proceeding of IEEE International Conference on

Pattern Recognition (ICPR) (2004) 2031–2034

26. Z.M. Hafed, M.D. Levine, “Face recognition using the discrete cosine transform” International Journal of Computer

Vision 43 (3) (2001) 167–188.

27. M.J. Er, W. Chen, S. Wu., “High speed face recognition based on discrete cosine transform and RBF neural networks”,

IEEE Transactions on Neural Networks 16 (3) (2005) 679–691.

28. Z. Pan, A.G. Rust, H. Bolouri,” Image redundancy reduction for neural network classification using discrete cosine

transforms”, Proceeding of International Joint Conference on Neural Networks (Como, Italy) 3 (2000) 149–154


782

a keystroke dynamic based biometric for person authentication · to use keystroke dynamics as...

Documents