Behavioral biometrics and machine learning to secure website logins

Abstract

In a world dominated by e-commerce and electronic transactions, the business value of a secure website is immeasurable. With the ongoing wave of Artificial Intelligence and Big Data, hackers have far more sophisticated tools at their disposal to orchestrate identity fraud on login portals. Such attacks bypass static security rules and hence protection against them requires the use of machine learning based ‘intelligent’ security algorithms. This paper explores the use of client behavioral biometrics to secure website logins. A client’s mouse dynamics, keystrokes and click patterns during login are used to create a customized security model for each user that can differentiate the user of interest from any other impersonator. Such a model, combined with existing protocols, will provide enhanced security for the user’ profile, even if credentials are compromised. The module first employs a means of collecting relevant behavioral data from the client side when a new account is created. The collection module can easily be integrated with any web application without impacting website performance. After sufficient collection of login data, a biometric-based fraud detection algorithm is created that secures the account against future impersonators. Our choice of algorithms is the Multilayer Perceptron, Support Vector Machine and Adaptive Boosting, the outcomes of which are polled to give the prediction. We find that such a model shows good performance (accuracy, precision and recall) for different train: test splits. Moreover, the model is easily implementable for any web based authentication, is scalable and can be fully automated, if a dataset like ours can be created from client activity on the web application of interest.