Security and Protection in Information Processing Systems

Abstract

A number of previous studies have investigated the use of keystroke analysis as a means of authenticating users? identities at the point of initial login. By contrast, relatively little research has focused upon the potential of applying the technique for identity verification during the logged-in session. Previous work by the authors has determined that keystroke analysis is a viable metric for continuous monitoring, provided that sufficient data is captured to create a reliable profile. This paper presents a series of results from a three-month trial in which profiles were created using digraph, trigraph and keyword-based keystroke latencies. The profiles were based upon a total of over 5 million keystroke samples, collected from 35 participants. The results demonstrate that the techniques offer significant promise as a means of non-intrusive identity verification during keyboard-related activities, with an optimum false acceptance rate of 4.9% being observed at a rate of 0% false rejection.