AI Chat Paper
Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.
{{lang === 'zh_CN' ? '文章概述' : 'Summary'}}
{{lang === 'en_US' ? '中' : 'Eng'}}
Chat more with AI
Powered by AMiner. Clicking this button will take you away from SciOpen.
Home Tsinghua Science and Technology Article
PDF (72.8 MB)
Cite
EndNote(RIS) BibTeX
Collect
Submit Manuscript AI Chat Paper
Show Outline
Outline
Show full outline
Hide outline
Outline
Show full outline
Hide outline
Open Access

Performance Evaluation of an Anomaly-Detection Algorithm for Keystroke-Typing Based Insider Detection

National Key Laboratory of Science and Technology on Blind Signal Processing, Chengdu 610041, China.
Ministry of Education Key Lab for Intelligent Networks and Network Security, Xi’an Jiaotong University, Xi’an 710004, China.
Show Author Information

Abstract

Keystroke dynamics is the process to identify or authenticate individuals based on their typing rhythm behaviors. Several classifications have been proposed to verify a user’s legitimacy, and the performances of these classifications should be confirmed to identify the most promising research direction. However, classification research contains several experiments with different conditions such as datasets and methodologies. This study aims to benchmark the algorithms to the same dataset and features to equally measure all performances. Using a dataset that contains the typing rhythm of 51 subjects, we implement and evaluate 15 classifiers measured by F1-measure, which is the harmonic mean of a false-negative identification rate and false-positive identification rate. We also develop a methodology to process the typing data. By considering a case in which the model will reject the outsider, we tested the algorithms on an open set. Additionally, we tested different parameters in random forest and k nearest neighbors classifications to achieve better results and explore the cause of their high performance. We also tested the dataset on one-class classification and explained the results of the experiment. The top-performing classifier achieves an F1-measure rate of 92% while using the normalized typing data of 50 subjects to train and the remaining data to test. The results, along with the normalization methodology, constitute a benchmark for comparing the classifiers and measuring the performance of keystroke dynamics for insider detection.

Keywords

keystroke dynamicsinsider identificationF1-measurenormalizationone-class classification

References

[1]
K. Mickelberg, N. Pollard, and L. Schive, US cybercrime: Rising risks, reduced readiness. Available: https://www.pwc.com/us/en/increasing-it-effectiveness/publications/assets/2014-us-state-of-cybercrime.pdf, 2014.
[2]
T. Carthy, Australian cyber security centre: 2015 Cyber security survey. Available: https://www.acsc.gov.au/publications/ACSC_CERT_Cyber_Security_Survey_2015.pdf, 2015.
[3]
T. Carthy, Australian cyber security centre: 2016 Cyber security survey. Available: https://www.acsc.gov.au/publications/ACSC_Threat_Report_2016.pdf, 2016.
[4]
Z. G. Li, W. L. Han, and W. Y. Xu, A large-scale empirical analysis of Chinese web passwords, in Proc. 23rd USENIX Conf. Security Symposium, San Diego, CA, USA, 2014.
[5]
M. L. Mazurek, S. Komanduri, T. Vidas, L. Bauer, N. Christin, L. F. Cranor, P. G. Kelley, R. Shay, and B. Ur, Measuring password guessability for an entire university, in Proc. 2013 ACM SIGSAC Conf. Computer & Communications Security, Berlin, Germany, 2013.
Crossref
[6]
R. Joyce and G. Gupta, Identity authentication based on keystroke latencies, Commun. ACM, vol. 33, no. 2, pp. 168-176, 1990.
Crossref Google Scholar
[7]
O. Coltell, J. M. Badfa, and G. Torres, Biometric identification system based on keyboard filtering, in Proc. IEEE 33rd Annu. 1999 Int. Carnahan Conf. Security Technology, Madrid, Spain, 1999.
[8]
J. Ilonen, Keystroke dynamics: Advanced topics in information processing. Available: http://www.it.lut.fi/kurssit/03-04/010970000/seminars/Ilonen.pdf, 2006.
[9]
R. V. Yampolskiy and V. Govindaraju, Behavioural biometrics: A survey and classification, Int. J. Biometrics, vol. 1, no. 1, pp. 81-113, 2008.
Crossref Google Scholar
[10]
E. Z. Yu and S. Cho, GA-SVM wrapper approach for feature subset selection in keystroke dynamics identity verification, in Proc. 2003 Int. Joint Conf. Neural Networks, Portland, OR, USA, 2003.
Crossref
[11]
L. C. F. Araujo, L. H. R. Sucupira Jr, M. G. Lizarraga, L. L. Ling, and J. B. T. Yabu-Uti, User authentication through typing biometrics features, IEEE Trans. Signal Process., vol. 53, no. 2, pp. 851-855, 2005.
Crossref Google Scholar
[12]
D. Hosseinzadeh, S. Krishnan, and A. Khademi, Keystroke identification based on Gaussian mixture models, in Proc. 2006 IEEE Int. Conf. Acoustics Speech and Signal Processing, Toulouse, France, 2006.
[13]
D. Hosseinzadeh and S. Krishnan, Gaussian mixture modeling of keystroke patterns for biometric applications, IEEE Trans. Systems Man Cybern. Part C (Appl. Rev.), vol. 38, no. 6, pp. 816-826, 2008.
Crossref Google Scholar
[14]
M. Villani, Keystroke biometric identification studies on long-text input, PhD dissertation, Pace University, New York, NY, USA, 2007.
[15]
R. A. Maxion and K. S. Killourhy, Keystroke biometrics with number-pad input, in Proc. 2010 IEEE/IFIP Int. Conf. Dependable Systems & Networks, Chicago, IL, USA, 2010.
Crossref
[16]
P. Bours, Continuous keystroke dynamics: A different perspective towards biometric evaluation, Inf. Secur. Techn. Rep., vol. 17, nos. 1&2, pp. 36-43, 2012.
Crossref Google Scholar
[17]
Y. B. Deng and Y. Zhong, Keystroke dynamics user authentication based on Gaussian mixture model and deep belief nets, ISRN Signal Process., vol. 2013, p. 565183, 2013.
Crossref Google Scholar
[18]
N. Zheng, K. Bai, H. Huang, and H. N. Wang, You are how you touch: User verification on smartphones via tapping behaviors, in Proc. 22nd Int. Conf. Network Protocols, Raleigh, NC, USA, 2014.
Crossref
[19]
D. Buschek, A. De Luca, and F. Alt, Improving accuracy, applicability and usability of keystroke biometrics on mobile touchscreen devices, in Proc. 33rd Annu. ACM Conf. Human Factors in Computing Systems, Seoul, Korea, 2015.
Crossref
[20]
M. Antal and L. Z. Szabó, An evaluation of one-class and two-class classification algorithms for keystroke dynamics authentication on mobile devices, in Proc. 20th Int. Conf. Control Systems and Computer Science, Bucharest, Romania, 2015.
Crossref
[21]
K. S. Killourhy and R. A. Maxion, Keystroke password dataset, http://www.cs.cmu.edu/~keystroke/, 2009.
[22]
K. S. Killourhy and R. A. Maxion, Comparing anomaly-detection algorithms for keystroke dynamics, in Proc. 2009 IEEE/IFIP Int. Conf. Dependable Systems & Networks, Lisbon, Portugal, 2009.
Crossref
[23]
R. O. Duda, P. E. Hart, and D. G. Stork, Pattern Classification, 2nd ed. New York, NY, USA: John Wiley & Sons, 2001.
[24]
ISO, ISO/IEC 19795–1: 2006 Information technology– biometric performance testing and reporting, part 1: Principles and framework, Geneva, Switzerland, 2006.
[25]
M. Ding and H. Tian, PCA-based network traffic anomaly detection, Tsinghua Sci. Technol., vol. 21, no.5, pp. 500-509, 2016.
Crossref Google Scholar
[26]
I. J. Goodfellow, J. Pouget-Abadie, M. Mirza, B Xu, D. Warde-Farley, S. Ozair, A. Courville, and Y. Bengio, Generative adversarial networks, arXiv preprint arXiv: 1406.2661, 2014.
Google Scholar
[27]
X. Wu, K. Xu, and P. Hall, A survey of image synthesis and editing with generative adversarial networks, Tsinghua Sci. Technol., vol. 22, no.6, pp. 660-674, 2017.
Crossref Google Scholar
Tsinghua Science and Technology
Volume 23 Issue 5,
October 2018
Pages 513-525
DOI: 10.26599/TST.2018.9010014
Cite this article:
He L, Li Z, Shen C. Performance Evaluation of an Anomaly-Detection Algorithm for Keystroke-Typing Based Insider Detection. Tsinghua Science and Technology, 2018, 23(5): 513-525. https://doi.org/10.26599/TST.2018.9010014

558

Views

44

Downloads

2

Crossref

N/A

Web of Science

2

Scopus

0

CSCD

Altmetrics
Received: 30 July 2017
Revised: 07 September 2017
Accepted: 08 September 2017
Published: 17 September 2018
© The author(s) 2018
Return