Journal of Sensors

Journal of Sensors / 2015 / Article
Special Issue

Recent Advances in Security and Privacy for Wireless Sensor Networks

View this Special Issue

Research Article | Open Access

Volume 2015 |Article ID 935986 | 14 pages | https://doi.org/10.1155/2015/935986

Sequence Alignment with Dynamic Divisor Generation for Keystroke Dynamics Based User Authentication

Academic Editor: Fei Yu
Received28 Nov 2014
Revised05 Jan 2015
Accepted20 Jan 2015
Published02 Aug 2015

Abstract

Keystroke dynamics based authentication is one of the prevention mechanisms used to protect one’s account from criminals’ illegal access. In this authentication mechanism, keystroke dynamics are used to capture patterns in a user typing behavior. Sequence alignment is shown to be one of effective algorithms for keystroke dynamics based authentication, by comparing the sequences of keystroke data to detect imposter’s anomalous sequences. In previous research, static divisor has been used for sequence generation from the keystroke data, which is a number used to divide a time difference of keystroke data into an equal-length subinterval. After the division, the subintervals are mapped to alphabet letters to form sequences. One major drawback of this static divisor is that the amount of data for this subinterval generation is often insufficient, which leads to premature termination of subinterval generation and consequently causes inaccurate sequence alignment. To alleviate this problem, we introduce sequence alignment of dynamic divisor (SADD) in this paper. In SADD, we use mean of Horner’s rule technique to generate dynamic divisors and apply them to produce the subintervals with different length. The comparative experimental results with SADD and other existing algorithms indicate that SADD is usually comparable to and often outperforms other existing algorithms.

1. Introduction

In an era which is full of electronic services, people want to have more convenient and faster ways to assist their needs. This includes reading emails, searching information through online communication, transferring files, and paying bills online. For example, online file transfer involves storage mechanisms in a cloud system. To use these services for our private needs, we must register a login ID and password. As for the online bill payment, we must login with our ID and password before we can pay or transfer money to other users. However, it can happen that criminals detect our login ID and password and utilize our credentials to commit crimes such as stealing important files or money. Therefore, stronger and more secure authentication mechanism has to be designed and implemented to prevent these issues.

Considerable amount of authentication mechanisms has been introduced. One of the examples is a biometric system [1]. Biometric system can be divided into two folds, which are physiology-based approach and behavior-based approach. Physiology-based approaches in the authentication system include use of iris, voice, and fingerprint. In contrast, behavior-based approach includes keystroke dynamics on keyboard, mouse, or smart phone. In this paper, we focus more on the behavior-based approach. Behavior-based approach has advantages that it is inexpensive, is easy to implement, and needs no extra hardware to operate. One possible drawback of the behavior-based approach is that its performance can be lower than that of physiology-based approach, but it can reduce the personal risk of a user. For example, in fingerprint-based authentication, an imposter can cut off the genuine user’s hand in order to access the security system. However, this kind of attack is ineligible for behavior-based approach. If the imposter wants to break a system, his choice can be limited in either forcing the genuine user to type it or emulating the genuine user’s typing by practice. Therefore, there is still a considerable amount of researchers performing behavior-based research because they believe that keystroke dynamics can improve the security and it will be a common approach to be used in the future [210].

Keystroke dynamics concerns timing details of people’s typing data [11]. The timing detail means the duration between pressing a key and releasing a key or vice versa. Keystroke dynamics can be applied with the machine learning to discover knowledge about people’s typing behavior [8], emotion [12], gender [3], dominant hand [4], and so forth. In this paper, we associate the typing behavior with the authentication system. It is reasonable to use the keystroke dynamics in the authentication system because some users have special typing patterns. For example, some people use only one hand to type whereas the others use both hands [4]. Moreover, Syed et al. [8] have proven three interesting hypotheses in their research. One of the evidence is that users present significantly dissimilar pattern when typing. Another hypothesis is about the relationship between users’ typing ability and the event sequence. The event sequence is defined as the sequence of key-up and key-down events with actual key values incorporated. More explanation for event sequence can be reviewed in their paper [8]. In their result, it is shown that there is no correlation between users’ typing skill and the event sequence. Last hypothesis discusses the effect of habituation on the event sequences of a user. It reveals that the keystroke dynamics data that is typed later is more representative than the data which is typed earlier. This means that it is difficult for imposters to imitate legitimate users’ typing patterns. Besides typing behavior, we can observe that different people have different walking styles (or gait). That is, we can conjecture a person correctly just by hearing the footstep without seeing him/her. It can be possible that, sometimes, we can surmise a person correctly by looking at the appearances and walking style from behind. In summary, we can identify a person easily by using these special characteristics or so-called special habits. These characteristics or habits include typing behavior.

The common timing details that we can obtain from keystroke dynamics are dwell time and flight time. Dwell time, also known as duration time [9], is the length of time between when a key is pressed and when a key is released. Flight time, also known as interval time [9], however, is the length of time between when a key is released and when a next key is pressed. More details are discussed in Section 4.

There is a considerable amount of machine learning algorithms introduced for keystroke dynamics such as naïve Bayes [13], support vector machines (SVM) [10], nearest-neighbor [2], and Euclidean distance measure [14]. In this paper, we choose sequence alignment algorithm. Sequence alignment algorithm is fundamentally concerned about measuring the similarity between multiple sequences. Suppose a user logs in an account in any platform, the system has to check the existence of her identification information before it checks her password. It is well known that this password matching involves complicated encryption of plain text in symmetric password systems [15] or modular arithmetic operations for asymmetric password systems [16]. However, in a more abstract view, this is basically string matching. When a system checks the password, firstly it checks the first letter from the currently inserted password with the first letter from the stored password in the database, followed by the second letter, the third letter, and so forth until all letters are verified. Sequence alignment is a more general and stronger algorithm which measures the similarity between objects. Hence, we consider that sequence alignment algorithm is an appropriate algorithm to be used in this paper.

Of the current research we are aware of, there is still no specific algorithm to be used as the common algorithm in keystroke dynamics research. However, in Revett’s research [7], he shows that the sequence alignment algorithm has performed sufficiently when it is applied into the keystroke dynamics. Besides that, some researchers have provided new idea into keystroke dynamics. Giot and Rosenberger’s [3] research introduces a new soft biometric for keystroke dynamics based on gender recognition. Idrus et al. [4] also introduce more valuable information such as the type of hand used, age, and the dominant hand. These extra amounts of information can be used as reference in order to help to improve the performance of algorithms when the algorithms are applied into keystroke dynamics. Furthermore, Syed et al. [8] show the concept of event sequences used in the keystroke dynamics. This event sequences help to distinguish the typing behavior of a user.

The next section describes sequence alignment algorithm. Section 3 discusses the proposed method. Sections 4 and 5 explain the experimental method and the results of the experiment, respectively. The final section presents several concluding remarks and future research issues.

2. Sequence Alignment Algorithm

Sequence alignment is an algorithm that calculates the similarity among two or more sequences [17]. This algorithm is widely used in bioinformatics areas such as deoxyribonucleic acid (DNA) sequences, ribonucleic acid (RNA) sequences, or protein sequences. In Revett’s [7] research, he has applied the sequence alignment algorithm into the keystroke dynamics and obtained encouraging results. In this paper, we show the performance comparison of our proposed method, Revett’s sequence alignment algorithm, and other previous work.

The keystroke dynamics is generated in timestamp format (millisecond). Since values in timestamp format vary and can be infinity, it is inappropriate to apply keystroke dynamics to sequence alignment algorithm directly. Therefore, we have to discretize the timestamp into subintervals. Each subinterval will represent a different category. For example, this process is similar to a questionnaire construction. We usually allow a user to choose few options, such as “strongly disagree,” “disagree,” “neither disagree nor agree,” “agree,” and “strongly agree.” Sometimes, we also just make it shorter to three options which are “disagree,” “neither disagree nor agree,” and “agree.” But usually we just put maximum options to five or six options. We do not put too many categories into the questionnaire because it is hard to be analyzed later. Revett [7] has used twenty categories (i.e., twenty bins) in his research. These twenty categories are extracted from the letters of amino acid. These letters represent “ACDEFGHIKLMNPQRSTVWY.” With the use of twenty bins in keystroke dynamics, it becomes much suitable for sequence alignment algorithm to be used.

We explain the algorithm design of sequence alignment in the following paragraphs. Firstly, we have to get the difference of the time interval from a feature, for instance, dwell time. This time interval difference is obtained from the difference between maximum time and minimum time. The maximum time of dwell time means the longest time for a user to press a key and release a key. The minimum time of dwell time, on the other hand, is the shortest time for a user to press a key and release a key. The formula is defined bywhere is the number of the column (attribute).

After we obtain the difference of the time interval from an attribute, we have to divide the difference of time intervals into twenty subintervals. The length of subintervals is defined bywhere is the number of the column. The reason why we have to get the rangeDiff is because we need to know the length of each category. If a new dwell time is close to the minimum time of dwell time, it will be categorized as letter A. The next category is C, followed by D, and so forth. If a new dwell time is close to the maximum dwell time, then it will be categorized as Y. At the end of calculation, each category has the exact same length, rangeDiff, because static divisor is used. Labeling (mapping) a new time can be formulated by where is the number of the row (also known as entry) and is the number of the column. If a new time of a feature is less than the minimum time of the feature or greater than the maximum time of the feature (it mostly happens in the testing phase), it will be categorized as a different alphabet letter and is excluded in the alignment. Equations (1), (2), and (3) are the equations used to map the keystrokes to proper alphabet letters.

Once a row of data (entry) is changed to the corresponding alphabet letters, we run the sequence alignment algorithm. One point is scored if the label is matched in an attribute. Otherwise, no points are scored. The score is described aswhere is the number of the column. When an entry is completely verified, we sum all the scores. It is then defined bywhere is the number of the row, is the number of the column, and is the total number of the columns. This final score is then compared with the user-specified threshold. The higher the final score is, the higher the possibility that the new data is recognized as the genuine user is. In order to present a clear description for the whole algorithm design, we display the pseudocode of this algorithm in Algorithm 1.

Input: Training data extracted from a genuine user, . Testing data extracted from a genuine user or an imposter, .
In the training phase:
(1) for each attribute   do
(2)
(3)
(4) end  for
(5) for each attribute   do
(6) diff
(7) rangeDiff diff/20
(8) end  for
(9) for each row and each attribute in   do
(10)label ceil(()/rangeDiff)
(11)if label = 0
(12)  label 1// If the data is exactly the same value as minimum time, then it should categorize as label
(13)model label// We just keep it as to represent
(14) end for
In the testing phase:
(1) Convert the to alphabet letter format based on the minimum point and the range difference from step 3 and step 7
   respectively, from training phase, and then we just run one time from step 9 to step 14 from training phase.
(2) for each row in model do
(3) for each attribute in   do
(4)    if = model
(5)    Score 1
(6) end for
(7) Final_Score sum(Score)
(8) end for
(9) Checking_Score mean(Final_Score)// Can be max, min, median, mean, and mode
(10) return Checking_Score
Output: The score then used to compare the threshold

In Algorithm 1, we can see that there are training phase and testing phase. In the training phase, the algorithm starts by calculating the maximum and the minimum for each attribute. It calculates the range difference (rangeDiff) for each attribute. Finally, it calculates labels to construct models.

In the testing phase, the algorithm converts the given testing data to alphabet letter format based on the minimum point obtained at step 3 and the range difference from step 7 in Algorithm 1. After that, it executes the conversion loop described from steps 9 to 14 for once on the test data. This is the conversion process described in step 1 in the testing phase.

After the conversion, for the actual recognition, for each row in the model, the algorithm calculates the score (Final_Score) for the row and the test data. This score is a summation of match scores (score in Algorithm 1) between the attribute in the row of the model and the attribute in the test data. Finally, the statistical summary of information including maximum, minimum, median, mean, and mode of the scores is calculated for the comparison with corresponding thresholds.

3. Sequence Alignment with Dynamic Divisor Generation Algorithm

In this paper, we propose sequence alignment with dynamic divisor generation (SADD) algorithm. SADD checks the degree of sufficiency of the dataset and then provides a proper divisor instead of static divisor as shown in (2) for each attribute. We show the steps to check the degree of sufficiency of the dataset and the reason we used dynamic divisor instead of static divisor in next paragraphs.

As a human, we are unfamiliar with a new thing immediately from the beginning. We have to practice a few times to get accustomed to the new thing. For example, consider an athlete who wants to run a 100-meter track in 10 seconds. However, this is nearly impossible if she is a beginner. She has to train hard and practice regularly. The time record from the first day until the day she manages to run a 100-meter track in 10 seconds could be illustrated as a graph which is shown in Figure 1. It is worth noting that, after few months of training, she will find it very difficult to reduce the time (i.e., less than 10 seconds) to finish the 100-meter track. This is because there is a limitation point of where we can reach even despite how hard we have trained and practiced. We called this phenomenon “realm point.” Realm point refers to the temporal or spatial point when the user is accustomed to something or the user has a habit on something. This is also a reason why the world record of 100 meters currently remained at 9.58 seconds.

The phenomenon (i.e., realm point) that we have discussed previously can be applied for most activities including the typing speed of a password. Unfortunately, it is difficult to know how many hours, days, weeks, months, or years needed to reach the realm point of typing speed. Every user will have different time to reach realm point even with all the other conditions fixed. We do not know if the users are reaching the realm point or not in the beginning of the experiment, and real authentication systems do not know this either. For the best case, the data we collected cover from the beginning of the day to the realm point (or after realm point). For the worst case, it can be from the beginning of the day until the middle of the days, as shown in Figure 2.

For (1) and (2), we have to find each category in each subinterval. Figures 3(a) and 3(b) present the graph when the best case and worst case are applied with (1) and (2). Note that the intervals highlighted inside the red rectangle box are the ones mapped to the alphabet letters and are stored as a model in the database. This constructed model will be used to verify the new data. In particular, for the worst case, it can be seen that the categories generated do not cover whole information. Hence, if the genuine user gets accustomed to the password typing, then the minimum time of the new data she has inserted is lower than the minimum time in the database. Thus, in turn, this new data has high probability to be rejected as the imposter because it is out of category. In order to avoid this problem, we propose SADD in this paper. We use a subset of alphabet letters (e.g., 15 bins) and apply it to the dataset if its contents are insufficient. The idea is illustrated in Figure 4. We point out this problem to ensure that the model that we used in the database is always faultless and still can be used as a rewind case like when a user is sick and her typing speed becomes slower than usual but her typing behavior is still the same.

Now, we explain the proposed algorithm design. Firstly, (1) remains the same. The main procedure of SADD is to find the correct and suitable divisor used in (2). To find a proper divisor in each attribute, we exploit Horner’s rule [18] to get the mean. Figure 5 shows the illustration of the way we use Horner’s rule to calculate the mean. The grey line stated with 2 (known as line 2) on the right hand side is the mean of the first point (maximum point) and the second point. Line 3 is the mean of line 2 and third point. Line 4, however, is the mean of line 3 and the fourth point. The calculation is repeated by summing the previous output and the new data and then halving the sum. The repetition is terminated if it is reached to the end of the data. As shown in Figure 5, line 11 is the mean of line 10 and eleventh point. We also can observe that line 11 is closed to the realm point. By obtaining line 11, we can conclude that this user has reached to the realm point. The calculation for mean of each attribute by using Horner’s rule is defined bywhere is the number of the row and is the number of the column.

From line 11 in Figure 5, we observe that the calculated mean is near to the minimum point (i.e., realm point) and is far from the maximum point (i.e., beginning point). To get the proper divisor, we have to find the ratio of the mean from minimum point and the maximum point to the mean. The formula is described aswhere is the number of the column and .

Once we obtain the ratio, we calculate the divisor bywhere is the number of the column, is 20 for twenty bins, and .

After that, we replace the twenty values from (2) to this new divisor. It is calculated aswhere is the number of the column.

Consider the worst case shown in Figure 3(b). Note that the first letter should not be labeled as “A” but a certain letter in the middle of the alphabet. Therefore, we modify (3) as follows:where is the number of the row, is the number of the column, and is for the twenty bins. This means that the new data which is closer to the maximum point will be classified as “Y” and followed by “W,” “V,” “T,” and so forth. The calculation of score and the final score remains the same as (4) and (5). In order to clearly explain our proposed algorithm, we provide Algorithm 2.

Input: Training data extracted from a genuine user, . Testing data extracted from a genuine user or an imposter, .
In the training phase:
(1) for each attribute   do
(2)
(3)
(4) end for
(5) for each attribute   do
(6) mean
(7) for each row   do// Start from second row
(8)   mean (mean + )/2
(9) end for
(10)diff
(11)ratio (mean − )/diff
(12)divisor 20 − (20 * ratio)
(13)rangeDiff (diff/divisor)
(14) end  for
(15) for each row and each attribute in   do
(16)label ceil(()/rangeDiff) + (20 − divisor)
(17)if label = 0
(18)  label 1// If the data is exactly the same value as the minimum time, then it should be categorized as label
(19)model label// We just preserve it as to represent
(20) end  for
In the testing phase:
(1) Convert the to the alphabet letter format based on the minimum point the rane difference from step 3 and step 7
   respectively, from training phase. And then we run from step 15 to step 20 for just once time.
(2) for each row in model do
(3)for each attribute in   do
(4)   if = model
(5)   Score 1
(6)end for
(7)Final_Score sum(Score)
(8) end for
(9) Checking_Score mean(Final_Score)// Can be max, min, median, mean, and mode
(10) return Checking_Score
Output: The score then used to compare the threshold

In the training phase of Algorithm 2, we calculate the mean by Horner’s rule in steps 5 to 9. We calculate ratio in (7) at step 11, divisor in (8) at step 12, and range difference in (9) at step 13. Label assignment described in (10) is implemented at step 16 of Algorithm 2.

4. Experimental Method

4.1. Training and Testing Phase

In the keystroke dynamics, there are six common timing elements that we can use between two different keystrokes. They are as follows.(i)Hold (H): it is a duration time (or a dwell time) of pressing a key:(a)a holding time of the first key, H1;(b)a holding time of the second key, H2.(ii)Up-down (UD): it is a duration time (or a flight time) between key-up of the first key and key-down of the second key.(iii)Down-down (DD): it is a duration time between key-down of the first key and key-down of the second key; it is the sum of H1 and UD.(iv)Up-up (UU): it is a duration time between key-up of the first key and key-up of the second key; it is the sum of UD and H2.(v)Down-up (DU): it is a duration time between key-down of the first key and key-up of the second key; it is the sum of DD and H2.

In our experiment, we use the CMU benchmark dataset [5]. This dataset consists of four elements, which are H1, H2, UD, and DD. However, we doubt that the DD element is not an appropriate element to be used in sequence alignment or similar algorithms. This is because sequence alignment algorithm is comparing attribute by attribute. In this case, it is checking element by element. Since DD is the sum of H1 and UD, there is a possibility to obtain the same value of DD with different value of H1 and UD. For instance, consider the following example with two different instances as shown in Figure 7.

Assume that Instance number 1 is the data that we have collected from a genuine user and it is used as model and Instance number 2 is a new data inserted by an imposter. Since it is a short example, we omit the procedure to convert the timestamp format into consensus sequence (label format). As we explain above, the sequence alignment algorithm is checking element by element. The first element it checks is H1. Based on (4), since the H1 of Instance number 2 is mismatched with the H1 of Instance number 1, the zero score is given. Next, the algorithm checks the UD element. They are mismatched too, and so zero score is given. Finally, the algorithm checks the last element, DD. Since they are matched to each other, one score is given. If the threshold given from a system is one, then Instance number 2 will be predicted as a genuine user. Otherwise, it will be rejected as an imposter’s. If the system predicts Instance number 2 as a genuine user, then it will cause a lot of loss to the genuine user. Besides that, the example we show is a short example. However, in the real life, there can be a considerable amount of DD elements. If it is too fortunate for an imposter whose entire DD elements are matched (due to DD element being the sum of H1 and UD) with some entries of genuine users in the stored model and the threshold given is the total number of DD elements, then the system will accept this instance as a genuine user. Then, the imposter can access the system.

Therefore, in order to discover the effectiveness of DD elements in the authentication, we create another dataset from benchmark dataset which is having no DD elements (by removing all DD attributes from original dataset). Other than that, we also want to evaluate how effective it is to use all elements in the authentication. Hence, we create another dataset from benchmark dataset which is having extra UU and DU elements (by adding UU and DU attributes into original dataset). Basically, the difference between these three datasets is the number of the attributes used in the experiment. The first dataset (Dataset number 1) consists of 31 attributes, the second dataset (Dataset number 2) consists of 21 attributes, and the last dataset (Dataset number 3) has 51 attributes.

As for the benchmark dataset and two extra datasets we have created, each dataset contains 20,400 typing password entries. In each dataset, it consists of 51 subjects involved in this experiment. Each subject has 400 entries. In our experiment, during the training phase, we select one subject as genuine user and the remaining 50 subjects as imposters. First 200 entries of the chosen subject are used as training data. However, the remaining 200 entries of the chosen subject are used as testing data. Besides that, we obtain the first five entries from the remaining 50 subjects as testing data too. In total, there are 450 entries used in the testing phase. Based on Killourhy and Maxion [5] research, the reason they use the top five from the remaining 50 subjects is because they assume the imposter is unfamiliar to the password. In our experiment, we will operate at least 51 times in each dataset, and thus the number of total runs for three datasets will be 153 runs.

4.2. Performance of Evaluation Using ROC Curves

The main performance of evaluation in our experiment is using receiver operating characteristic (ROC) curves. We compare our algorithm and other approaches by showing the graph in ROC curves. One of the examples of ROC curves is shown in Figure 6. The label at -axis is true positive rate. True positive rate is the rate when an imposter is detected. And the -axis labels the false positive rate, which is the rate when a genuine user is detected as an imposter. We can calculate the equal error rate (EER) from the ROC curve. EER is the point that is intersected by diagonal line and the curve line. We can conclude that an algorithm’s performance is higher than others if the curve line is closer to the 1.0 point -axis or the area under the curve (AUC) is larger than other algorithms.

5. Experimental Results

As aforementioned, we run three different datasets in our experiment. The first dataset is the CMU benchmark dataset, the second dataset is without the DD element, and the last dataset is with extra UU and DU elements. Table 1 shows the performance of our algorithm (SADD), sequence alignment, median vector proximity [6], Mahalanobis distance, Manhattan distance, and Euclidean distance. Table 1 has shown that our proposed algorithm produced higher performance than other previous work. Although the results for Dataset number 3 are not the best among the six algorithms, our algorithm, SADD, shows only 0.001 difference, in terms of EER, compared with the median vector proximity algorithm. Based on the results, it can be seen that our algorithm is comparable or outperforms in any case, either with or without some elements (i.e., UU, DD, UD, and DU elements).


AlgorithmEER
Dataset number 1Dataset number 2Dataset number 3

SADD
Sequence alignment
Median vector proximity
Mahalanobis
Manhattan
Euclidean

In order to observe the performance of each algorithm in each subject, we produce the area under curve (AUC) in Tables 2, 3, and 4 with Dataset number 1, Dataset number 2, and Dataset number 3, respectively. If the total of AUC is close to value 1, then it means that the classification of that particular algorithm is desirable. These results are related with those in Table 1. We can view from Tables 2 and 3 that SADD consists of highest value of AUC. Therefore, SADD has shown the highest performance with Dataset number 1 and Dataset number 2 in Table 1. However, Table 4 shows that median vector proximity has highest value of AUC, and this is the reason why median vector proximity has highest performance with Dataset number 3 in Table 1. From Table 3, it is worthwhile to note that although median vector proximity shows overall higher accuracy, SADD has more wins (i.e., 20 wins) than median vector proximity has (i.e., 19 wins) for Dataset number 3.


SubjectAlgorithm
SADDSequence alignmentMedian vector proximityMahalanobisManhattanEuclidean

10.912940.920240.912550.848440.818860.79240
20.970290.964910.967940.880180.873740.86002
30.985420.976900.959170.969260.895720.84620
40.994720.992490.996340.972160.965880.93968
50.977590.977710.978670.962180.938600.95596
60.988960.988720.989270.979720.941900.92976
70.999360.998350.998000.989440.994480.99088
80.993950.993590.994980.967620.958780.95658
90.999180.998460.999330.977720.971900.93394
100.999700.999780.993110.961020.964040.94450
110.989050.990860.967660.938180.877280.85674
120.896760.858880.874520.910100.816410.82154
130.998710.996260.998090.991840.983280.97100
140.987660.983630.982690.921300.895080.87682
150.994420.994600.994300.976280.959160.93830
160.974300.958750.954980.931300.819560.83250
170.963470.962030.967230.942580.946380.93536
180.979770.974530.996340.989980.852260.63850
190.966280.960970.990020.992720.919260.86964
200.986310.981690.979710.959140.942420.91234
210.987080.977600.989390.979280.955040.94054
220.991450.987470.991110.964480.900740.85908
230.993910.986140.983250.989120.949380.91076
240.989120.989020.992390.964220.961780.92958
250.905240.896500.964630.912560.926420.88396
260.861540.858870.879430.843460.762340.73782
270.911780.934070.902870.795920.830820.84098
280.882610.879200.899010.938320.813720.71792
290.980550.985070.923000.897900.809300.76686
300.958560.948970.937000.931060.813900.80098
310.996040.990280.998990.999640.980060.96314
320.980610.981220.958020.941780.905000.87796
330.973990.966020.975990.957660.931160.90708
340.993560.989580.991640.945220.920620.89656
350.902700.862830.928570.879560.709920.61772
360.981760.970690.989480.932140.902280.87042
370.998730.997070.999110.969740.983620.96498
380.994880.986350.997020.992900.955780.89508
390.970150.958770.958110.975900.924480.89638
400.965460.961430.958830.930780.893060.90874
410.892180.909120.854440.802080.707200.76250
420.992640.991120.991900.971400.951620.93066
430.923200.911660.980070.939640.551740.52548
440.988600.981140.980770.955660.906780.89028
450.966130.961700.971950.947780.947920.95978
460.999740.999300.998310.992860.990160.97922
470.999260.999100.999040.990860.991300.97598
480.979990.968640.976390.955960.964320.96334
490.999960.999940.999000.995040.998940.99572
500.995330.993440.987780.945220.938000.93418
510.988530.985660.981250.952380.921360.93976

Total 
Wins
49.50412
20
49.28132 
8
49.43454 
18
48.25168 
5
46.03375 
0
44.84610 
0


SubjectAlgorithm
SADDSequence alignmentMedian vector proximityMahalanobisManhattanEuclidean

10.886240.907320.876910.848440.825840.79356
20.955600.955770.938950.880180.865600.85034
30.985900.979930.961520.969260.905240.85016
40.992220.991020.994390.972160.966840.93098
50.948650.964620.944410.962180.935280.95348
60.989010.991150.987060.979720.958800.93774
70.999280.997760.996360.989440.994940.98914
80.991560.989710.988890.967620.965740.96284
90.999260.998390.999280.977720.989640.95676
100.996450.998840.986510.961020.965320.94166
110.988000.988090.957660.938180.881720.85402
120.910100.871880.882520.910100.823320.81468
130.998510.996460.998360.991840.986460.97188
140.988520.982810.981310.921300.905440.88206
150.993500.994770.989940.976280.967140.93850
160.982410.972880.953400.931300.856160.84848
170.958740.963970.946730.942580.946760.93334
180.990800.988000.996530.989980.903000.68836
190.974840.971160.992440.992720.944620.87930
200.983980.981430.976880.959140.944620.91040
210.990480.983060.988780.979280.962140.94290
220.989670.988490.988300.964480.925180.86614
230.996640.988860.978130.989120.960660.91082
240.985870.986210.985570.964220.965840.93000
250.918430.909060.959420.912560.925100.86990
260.845440.852660.856730.843460.760240.73304
270.871000.930430.826630.795920.811640.83336
280.939370.935770.939860.938320.822620.6955
290.973350.984950.915980.897900.826540.77378
300.949880.943290.898730.931060.815440.78808
310.998860.997790.999260.999640.986000.96808
320.976980.981680.946390.941780.925840.88910
330.982580.976300.973670.957660.939220.90810
340.995770.992150.992900.945220.934100.90136
350.957290.928420.962610.879560.752520.61538
360.990260.983810.993330.932140.925980.87978
370.998930.997730.998880.969740.989480.96940
380.996520.992690.997300.992900.967020.90490
390.978340.971800.957700.975900.940780.90424
400.973300.968710.945010.930780.914120.91472
410.833260.882580.787420.802080.689620.74806
420.992720.992540.990480.971400.959180.93112
430.959770.948530.985910.939640.601020.52690
440.984700.978800.972690.955660.927280.89918
450.948540.957230.944420.947780.949860.95918
460.999730.999590.998740.992860.992840.98012
470.999380.999020.997110.990860.995000.97770
480.963730.960010.943360.955960.965540.96292
490.997580.997420.997360.995040.999280.99722
500.991670.987570.976270.945220.941320.93674
510.989040.989740.971480.952380.926460.93746

Total
Wins
49.48265
23
49.47285
14
49.02047
10
48.25168
2
46.53034
1
44.94286
1


SubjectAlgorithm
SADDSequence alignmentMedian vector proximityMahalanobisManhattanEuclidean

10.918780.915610.928030.848440.821340.79844
20.970170.963010.970680.880180.883800.85948
30.984150.979330.957220.969260.904080.85802
40.996020.993160.996970.972160.967900.94638
50.988450.988430.991800.962180.955240.96498
60.991110.989880.990430.979720.929560.92516
70.999280.998840.998740.989440.995440.99210
80.994340.994220.995100.967620.950000.94710
90.998770.996930.997210.977720.958440.92222
100.999700.999740.996890.961020.966400.94618
110.988620.988640.969650.938180.876600.86392
120.890500.864450.844900.910100.821280.83304
130.998770.997020.997270.991840.979920.96996
140.985200.981270.978070.921300.885480.87208
150.990060.990710.992990.976280.949720.93500
160.956550.943690.944440.931300.806480.83034
170.966800.967420.974500.942580.950200.93990
180.962250.954840.987150.989980.800960.60398
190.955160.952330.982630.992720.902000.86606
200.983980.981310.976500.959140.942020.91498
210.979550.972190.985990.979280.954420.94144
220.990330.986960.990620.964480.896460.86752
230.991090.984970.980920.989120.945740.91436
240.991580.991090.994100.964220.957200.92892
250.879580.872530.962720.912560.930300.89172
260.870850.875090.880640.843460.770440.74542
270.923240.930920.926300.795920.845160.84584
280.861180.879800.885060.938320.850350.77736
290.976650.980560.920370.897900.803440.76698
300.959480.951890.951760.931060.825360.81706
310.985300.976860.996730.999640.974760.95788
320.977320.977060.952750.941780.889740.87134
330.977960.976390.977760.957660.935540.91100
340.990970.987950.988720.945220.917660.90142
350.864850.848800.884780.879560.732780.64826
360.97600.967740.978590.932140.904580.88226
370.998920.996920.999440.969740.981500.96516
380.985890.975230.994200.992900.945340.88950
390.971960.965550.948970.975900.913500.89376
400.968150.967670.962020.930780.883260.90798
410.912680.922350.883910.802080.727020.77560
420.991970.990960.990860.971400.950820.93314
430.891820.890060.962340.939640.542520.54492
440.987090.981540.981080.955660.895620.88752
450.974110.973390.983410.947780.949000.96054
460.999710.999420.998380.992860.988200.97910
470.999520.999570.998730.990860.988260.97440
480.984050.975240.986390.955960.961460.96468
490.999960.999940.999910.995040.997340.99464
500.992120.991900.987800.945220.934880.92860
510.989370.985960.982430.952380.923980.94170

Total
Wins
49.36191
20
49.21733
6
49.38885
19
48.25168 
6
45.96349 
0
44.99934 
0

Besides step 9 in the testing phase from Algorithms 1 and 2, we comment that we can use the statistical summary information such as minimum, maximum, mean, median, or mode when we calculate the checking score. In order to show the effectiveness of the statistical metric in the experiment, we provide the results with different statistical metrics in the form of the average of the EER with its standard deviation in Table 5. Interestingly, the result with mean metric has the higher performance than other statistical metrics such as median or mode. Furthermore, our proposed algorithm shows the highest performance in three datasets.


Statistical metricSADDSequence alignment
Dataset number 1Dataset number 2Dataset number 3Dataset number 1Dataset number 2Dataset number 3

Minimum0.273 ± 0.0920.335 ± 0.0790.264 ± 0.0960.400 ± 0.0730.472 ± 0.0370.325 ± 0.106
Maximum0.083 ± 0.0610.092 ± 0.0590.084 ± 0.0670.088 ± 0.0610.098 ± 0.0560.086 ± 0.065
Mean0.076 ± 0.0600.078 ± 0.0600.082 ± 0.0620.084 ± 0.0610.079 ± 0.0530.087 ± 0.061
Median0.087 ± 0.0610.095 ± 0.0640.091 ± 0.0630.102 ± 0.0650.115 ± 0.0620.099 ± 0.064
Mode0.134 ± 0.0760.135 ± 0.0700.146 ± 0.0730.157 ± 0.0780.153 ± 0.0700.160 ± 0.078

In addition, we operate an experiment with different number of the bins (different number of the categories) to test the effectiveness of the number of bins toward our proposed algorithm and the sequence alignment algorithm with static divisor. We show the result in Table 6. The statistical metric that we used to operate in this experiment is mean. Table 6 indicates that 20 bins or 30 bins have almost the same performance. However, depending on the dataset, we have to use different number of bins in order to produce optimal performance. As the results shown in Table 6, Dataset number 1 and Dataset number 2 have to use 20 bins to perform the highest results for SADD algorithm, but 30 bins have to be used in Dataset number 3 for SADD algorithm in order to obtain the highest results. Meanwhile, 30 bins are much appropriate to be used with SA algorithm in Dataset number 1 and Dataset number 3 and 20 bins, on the other hand, are much suitable for Dataset number 2.


BinsDataset number 1Dataset number 2Dataset number 3
SADDSASADDSASADDSA

100.083 ± 0.0700.089 ± 0.0730.079 ± 0.0660.077 ± 0.0640.095 ± 0.0790.101 ± 0.082
200.076 ± 0.0600.084 ± 0.0610.078 ± 0.0600.079 ± 0.0530.082 ± 0.0620.087 ± 0.061
300.077 ± 0.0590.084 ± 0.0590.082 ± 0.0680.083 ± 0.0610.076 ± 0.0570.084 ± 0.060
400.077 ± 0.0600.086 ± 0.0610.082 ± 0.0670.087 ± 0.0620.079 ± 0.0590.084 ± 0.061
500.079 ± 0.0590.086 ± 0.0620.084 ± 0.0680.087 ± 0.0620.079 ± 0.0600.085 ± 0.063

In Revett’s research [7], he shows that the sequence alignment algorithm has performed effectively when it is applied into the keystroke dynamics. He also provides the steps of applying sequence alignment in the keystroke dynamics. However, there is still much more to improve as we have described in Section 3. Therefore, we have proposed our method named sequence alignment with dynamic divisor generation (SADD) algorithm which checks the degree of sufficiency of the dataset and provides a proper divisor to each attribute. Our result proves that SADD has higher performance than the sequence alignment algorithm using static divisor in every attribute.

Al-Jarrah [6] has proposed the median proximity vector in his paper. He provides a very good performance of this algorithm by using median instead of mean in his experiment. In our proposed algorithm, we apply various statistical metrics in the experiments to find the most appropriate measure.

Giot and Rosenberger’s [3] research introduces a new soft biometric for keystroke dynamics based on gender recognition. Besides that, the similar study from Idrus et al. [4] also introduces more valuable information such as the number of hands used (i.e., one hand or both hands), age, and the dominant hand (i.e., left or right). This extra information can be used as reference in order to help to improve the performance of algorithms. Although we do not include this extra information into our experiment due to the limitation information that we can obtain from the CMU benchmark dataset, we believe that this extra information will be beneficial in the future work.

Syed et al. [8] show the concept of event sequences used in the keystroke dynamics. These event sequences help in distinguishing the typing behavior of a user. Most keystroke dynamics use key-down and key-up without actual key values. However, introducing too many dimensions can cause the curse of dimensionality. Therefore, it is interesting to extend our algorithm to accommodate these event sequences in the future work.

7. Conclusion

In this paper, we have proposed sequence alignment with dynamic divisor generation (SADD) for user authentication by using the keystroke dynamics. Based on the experiments we have conducted, our algorithm produces promising results and also mostly outperforms other previous work. We also empirically show that the dynamic divisor generally outperforms static divisor. We believe that the dynamic divisor takes an important role in sequence alignment algorithm because it calculates the degree of sufficiency of the dataset (by using mean of Horner’s rule) and then it provides faultless calculation for an appropriate divisor to be used in each attribute. These dynamic divisors help to prevent the genuine user’s data digressed from the legal categories.

Based on Giot and Rosenberger’s [3] research, they introduce a new soft biometric for keystroke dynamics based on gender recognition. They have done interesting work by introducing this new information in keystroke dynamics. Furthermore, Idrus et al. [4] also introduce more valuable information such as the type of hands used (i.e., one hand or both hands), age, and the dominant hand (i.e., left or right). However, they just study the effectiveness of using the information. Therefore, it will be interesting to apply this extra information to our future study. We also like to discover more valuable information besides the information we have discussed above.

Conflict of Interests

The authors declare that there is no conflict of interests regarding the publication of this paper.

Acknowledgment

This work was supported by the National Research Foundation of Korea (NRF) grant funded by the Korea government (MEST) (no. NRF-2013R1A1A2013401).

References

  1. J. C. Poss, D. Boye, and M. W. Mobley, “Biometric voice authentication,” Patent and Trademark Office, Washington, DC, USA, U.S. Patent no. 7,386,448, 2008. View at: Google Scholar
  2. S. Cho, C. Han, D. H. Han, and H.-I. Kim, “Web-based keystroke dynamics identity verification using neural network,” Journal of Organizational Computing and Electronic Commerce, vol. 10, no. 4, pp. 295–307, 2000. View at: Publisher Site | Google Scholar
  3. R. Giot and C. Rosenberger, “A new soft biometric approach for keystroke dynamics based on gender recognition,” International Journal of Information Technology and Management, vol. 11, no. 1-2, pp. 35–49, 2012. View at: Publisher Site | Google Scholar
  4. S. Z. S. Idrus, E. Cherrier, C. Rosenberger, and P. Bours, “Soft biometrics for keystroke dynamics,” in Image Analysis and Recognition, vol. 7950 of Lecture Notes in Computer Science, pp. 11–18, Springer, Berlin, Germany, 2013. View at: Publisher Site | Google Scholar
  5. K. S. Killourhy and R. A. Maxion, “Comparing anomaly-detection algorithms for keystroke dynamics,” in Proceedings of the IEEE/IFIP International Conference on Dependable Systems & Networks (DSN '09), pp. 125–134, IEEE, July 2009. View at: Publisher Site | Google Scholar
  6. M. M. Al-Jarrah, “An anomaly detector for keystroke dynamics based on medians vector proximity,” Journal of Emerging Trends in Computing and Information Sciences, vol. 3, no. 6, pp. 988–993, 2012. View at: Google Scholar
  7. K. Revett, “A bioinformatics based approach to user authentication via keystroke dynamics,” International Journal of Control, Automation and Systems, vol. 7, no. 1, pp. 7–15, 2009. View at: Publisher Site | Google Scholar
  8. Z. Syed, S. Banerjee, and B. Cukic, “Leveraging variations in event sequences in keystroke-dynamics authentication systems,” in Proceedings of the IEEE 15th International Symposium on High-Assurance Systems Engineering (HASE '14), pp. 9–16, IEEE, January 2014. View at: Publisher Site | Google Scholar
  9. X. Wang, F. Guo, and J.-F. Ma, “User authentication via keystroke dynamics based on difference subspace and slope correlation degree,” Digital Signal Processing: A Review Journal, vol. 22, no. 5, pp. 707–712, 2012. View at: Publisher Site | Google Scholar
  10. E. Yu and S. Cho, “Keystroke dynamics identity verification—its problems and practical solutions,” Computers and Security, vol. 23, no. 5, pp. 428–440, 2004. View at: Publisher Site | Google Scholar
  11. R. Moskovitch, C. Feher, A. Messerman et al., “Identity theft, computers and behavioral biometrics,” in Proceedings of the IEEE International Conference on Intelligence and Security Informatics (ISI '09), pp. 155–160, June 2009. View at: Publisher Site | Google Scholar
  12. A. F. M. N. H. Nahin, J. M. Alam, H. Mahmud, and K. Hasan, “Identifying emotion by keystroke dynamics and text pattern analysis,” Behaviour & Information Technology, vol. 33, no. 9, pp. 987–996, 2014. View at: Publisher Site | Google Scholar
  13. N. B. Amor, S. Benferhat, and Z. Elouedi, “Naive Bayes vs decision trees in intrusion detection systems,” in Proceedings of the ACM Symposium on Applied Computing, pp. 420–424, ACM, March 2004. View at: Google Scholar
  14. R. Fabbri, L. D. F. Costa, J. C. Torelli, and O. M. Bruno, “2D Euclidean distance transform algorithms: a comparative survey,” ACM Computing Surveys, vol. 40, no. 1, article 2, 2008. View at: Publisher Site | Google Scholar
  15. R. Koch, M. Golling, and G. D. Rodosek, “Behavior-based intrusion detection in encrypted environments,” IEEE Communications Magazine, vol. 52, no. 7, pp. 124–131, 2014. View at: Google Scholar
  16. P. O. Asagba and E. O. Nwachukwu, “RSA asymmetric cryptosystem beyond homogeneous transformation,” West African Journal of Industrial and Academic Research, vol. 9, no. 1, pp. 3–12, 2014. View at: Google Scholar
  17. D. W. Mount, Bioinformatics: Sequence and Genome Analysis, Cold Spring Harbour, Cold Spring Harbour Laboratory Press, 2nd edition, 2004. View at: Publisher Site
  18. T. H. Cormen, C. E. Leiserson, R. L. Rivest, and C. Stein, Introduction to Algorithms, MIT Press, 3rd edition, 2009.

Copyright © 2015 Jiacang Ho and Dae-Ki Kang. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

925 Views | 343 Downloads | 3 Citations
 PDF  Download Citation  Citation
 Download other formatsMore
 Order printed copiesOrder