A Scientific Understanding of Keystroke Dynamics

A Scientific Understanding of Keystroke Dynamics

Keystroke dynamics technology to distinguish people based on their typing rhythms could revolutionize insider-threat detection. Insiders accessing backdoors, using shared accounts, or masquerading as other users would be exposed by their unique typing rhythms. In the past thirty years, dozens of cla...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
1. Verfasser: Killourhy, Kevin S
Format: Report
Sprache:eng
Schlagworte:
DETECTORS
DYNAMICS
ERRORS
KEYSTROKE DYNAMICS
KEYSTROKES
METHODOLOGY
MIXED-EFFECTS MODELS
Operations Research
RATES
SHARING
STATISTICS
STRATEGY
TEST AND EVALUATION
TRAINING
TYPING
USER NEEDS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Keystroke dynamics technology to distinguish people based on their typing rhythms could revolutionize insider-threat detection. Insiders accessing backdoors, using shared accounts, or masquerading as other users would be exposed by their unique typing rhythms. In the past thirty years, dozens of classifiers have been proposed for distinguishing people using keystroke dynamics many have obtained excellent results in evaluation. However, when evaluations are replicated, the results are often wildly different; one classifier's error rate jumped from 1% to 85% upon replication. Classifier error rates depend on a multitude of factors; until the effects of these factors on error rates are understood, keystroke dynamics cannot realize its promise. To tackle this multitude-of-factors problem, we developed the following methodology: (1) evaluate multiple classifiers under systematically ranging conditions; (2) analyze the results with linear mixed-effects models (LMMs), a technique for inferential statistics well suited to understanding how various factors affect classifier error rates; and (3) validate the models, demonstrating that they accurately predict error rates in subsequent evaluations. In three investigations using this methodology, we found that while some classifiers had lower error rates than others, the differences were overshadowed by the effects of factors other than the classifier. For the best classifier, error rates vary from 0% to 63% depending on the user. Impostors triple their chance of evading detection if they touch type. On the bright side, the best combination of timing features (hold times and up-down times) reduces error rates by over 50%. Other configuration tweaks, such as increased training and an updating strategy, offer further opportunity to significantly reduce error rates. This research was sponsored by the National Science Foundation under grant numbers CNS-0430474, CNS-0435382, CNS-0716677, Defense Advanced Research Projects Agency under grant number FA8721-05-C-0003; Department of Interior under grant number NBCHC-030109; and Commonwealth of Pennsylvania under grant number C000016682.