Notes
Slide Show
Outline
1
A Long-term Trial of Keystroke Profiling Using Digraph, Trigraph and Keyword Latencies
  • Steven Furnell
  • Network Research Group
  • University of Plymouth
2
Overview
  • Background information
  • Keystroke analysis overview
  • Potential measures
  • Experiment overview
  • Results
  • Further work
  • Conclusions
3
Background information
  • Need improved user authentication and continuous monitoring
  • Monitoring needs to be transparent
  • User characteristics (profile) needs to be updated regularly
  • Keystroke analysis is one of a number of potential characteristics
4
Keystroke analysis overview
  • Static at login
  • Periodic dynamic
  • Continuous dynamic
  • Keyword specific
  • Application specific
5
Potential measures
  • Digraph latency
  • Trigraph latency
  • Keyword latency


  • Mean error rate
  • Mean typing rate
6
Previous work
  • Focussed upon digraph latencies
  • Used statistical / NN approaches


  • FAR/FRR rates ~< 10%


  • Controlled environments
7
Experiment overview
  • Digraph, trigraph and keyword logging
  • Applications being used also logged


  • 35 subjects
  • 3 month logging period


  • Nearly 6 million samples logged
8
Experiment overview
  • Keylogger installed on client PC
  • Transparently monitors latency (duration) of
    • Digraphs (e.g. T-H)
    • Trigraphs (e.g. T-H-E)
    • Keywords (e.g. T-H-E-R-E)
9
System-wide keystroke logging
10
Keystroke Logger
11
Participant typist skills (Card et al, 1980)
12
Results
  • Profiles were generated for each participant (one each for digraphs, trigraphs and keywords)
  • Sessions were then re-played to a comparator:
    • legitimate user samples (to measure FRR)
    • Other user samples (to measure FAR)
  • System optimised for 0% FRR
13
Results (average across users)
14
Real time composite keystroke analysis
  • A proof-of-concept demonstrator was developed
  • Uses a composite measure of digraph, trigraph and keyword latencies
  • Works in real-time
  • Can challenge users with a range of responses when alert thresholds exceeded
15
Real time composite keystroke analysis
16
Example user session
17
Application of keystroke analysis
  • Keystroke analysis
    • Authentication
    • Monitoring
    • Response


  • Can be combined with other measures / responses
18
Future development
  • Need to consider complementary measures
    • Keyboard analysis and mouse dynamics
    • Keyboard analysis and facial recognition
    • Mouse dynamics and voice recognition


  • Composite profiles
  • Statistical analysis techniques
  • Application-specific profiling
  • Even larger scale trials
  • Evaluation of impairments
19
Conclusions
  • Keystroke analysis could be both an authentication and response method
  • Keystroke analysis could provide transparent authentication/supervision
  • Further work is necessary to look at improved methods of anaylsis
20
A Long-term Trial of Keystroke Profiling Using Digraph, Trigraph and Keyword Latencies