|
1
|
- Paul Dowland
- Network Research Group
- University of Plymouth
|
|
2
|
- Background information
- Data mining approach
- Keystroke analysis overview
- Potential measures
- Experiment
- Conclusions
|
|
3
|
- Need improved user authentication and continuous monitoring
- Monitoring needs to be transparent
- User characteristics (profile) needs to be updated regularly
- Keystroke analysis is one of a number of potential characteristics
|
|
4
|
- Experiment overview:
- Small number of test users
- Data collected from Windows PCs:
- Memory, application and CPU usage
- Network throughput
- OS command usage
- Process creation/termination
- Six algorithms evaluated
|
|
5
|
- Selection, pre-processing, data mining and interpretation
|
|
6
|
- Accuracy of six algorithms
|
|
7
|
- Static at login
- Periodic dynamic
- Continuous dynamic
- Keyword specific
- Application specific
|
|
8
|
- Digraph latency
- Trigraph latency
- Keyword latency
- Mean error rate
- Mean typing rate
|
|
9
|
- Focussed on digraph latencies
- Used statistical / NN approaches
- FAR/FRR rates ~< 10%
- Controlled environments
|
|
10
|
- Digraph samples & application logged
- 8 subjects
- 760,000 digraph samples
- 4 usable application profiles
- DM analysis provided 53% acceptance rate
|
|
11
|
- Digraph, trigraph, keywords and applications logged
- 35 users profiled
- Over 5.7 million keystrokes recorded
- Statistical results:
- digraphs 1.7% FAR, trigraphs
4.4%
|
|
12
|
|
|
13
|
- Keystroke analysis
- Authentication
- Monitoring
- Response
- Can be combined with other measures / responses
|
|
14
|
- Need to consider complementary measures
- Keyboard analysis and mouse dynamics
- Keyboard analysis and facial recognition
- Mouse dynamics and voice recognition
- Larger scale trial
|
|
15
|
- DM techniques may be useful in identifying discrete behavioural patterns
- Keystroke analysis could be both an authentication and response method
- Keystroke analysis could provide transparent authentication/supervision
|
|
16
|
|
Notes
