Why did my detector do that?!: predicting keystroke-dynamics error rates

Authors:
Kevin Killourhy;Roy Maxion
Affiliations:
Dependable Systems Laboratory, Computer Science Department, Carnegie Mellon University, Pittsburgh, PA;Dependable Systems Laboratory, Computer Science Department, Carnegie Mellon University, Pittsburgh, PA
Venue:
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Year:
2010

Citing 6
Cited 6

An Intrusion-Detection Model

IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Identity authentication based on keystroke latencies

Communications of the ACM
Typing Patterns: A Key to User Identification

IEEE Security and Privacy
Evaluating the Reliability of Credential Hardening through Keystroke Dynamics

ISSRE '06 Proceedings of the 17th International Symposium on Software Reliability Engineering
User authentication through typing biometrics features

IEEE Transactions on Signal Processing
Continual retraining of keystroke dynamics based authenticator

ICB'07 Proceedings of the 2007 international conference on Advances in Biometrics

An efficient user verification system via mouse movements

Proceedings of the 18th ACM conference on Computer and communications security
Towards building a masquerade detection method based on user file system navigation

MICAI'11 Proceedings of the 10th Mexican international conference on Advances in Artificial Intelligence - Volume Part I
Masquerade attacks based on user's profile

Journal of Systems and Software
Keystroke timing analysis of on-the-fly web apps

ACNS'13 Proceedings of the 11th international conference on Applied Cryptography and Network Security
The Windows-Users and -Intruder simulations Logs dataset (WUIL): An experimental framework for masquerade detection mechanisms

Expert Systems with Applications: An International Journal
A survey of intrusion detection techniques for cyber-physical systems

ACM Computing Surveys (CSUR)

Quantified Score

Hi-index	0.00

Visualization

Abstract

A major challenge in anomaly-detection studies lies in identifying the myriad factors that influence error rates. In keystroke dynamics, where detectors distinguish the typing rhythms of genuine users and impostors, influential factors may include the algorithm itself, amount of training, choice of features, use of updating, impostor practice, and typist-to-typist variation. In this work, we consider two problems. (1) Which of these factors influence keystroke-dynamics error rates and how? (2) What methodology should we use to establish the effects of multiple factors on detector error rates? Our approach is simple: experimentation using a benchmark data set, statistical analysis using linear mixed-effects models, and validation of the model's predictions using new data. The algorithm, amount of training, and use of updating were strongly influential while, contrary to intuition, impostor practice and feature set had minor effect. Some typists were substantially easier to distinguish than others. The validation was successful, giving unprecedented confidence in these results, and establishing the methodology as a powerful tool for future anomaly-detection studies.