The document discusses the application of machine learning in cybersecurity, specifically focusing on keystroke dynamics for user identification. It outlines the steps for implementing applied machine learning, including data collection, preparation, model training, prediction, and deployment. Additionally, it highlights the process of analyzing typing patterns to detect anomalies for fraud prevention.

1. LOREM
I P S U M
LEARNING FROM
BIOMETRICS
To prevent #CyberSecurity 🕵 threats
Valerio Maggio
@leriomaggio Data Scientist & Pythonistas @ FBK
vmaggio@fbk.eu

2. DOLOR
S I T
A M E T
SORRY, WHO?
• Post Doc Researcher
• Background in CS
• Interested in Machine & Deep Learning
• Core in Biomedicine & Environment
here
We’re looking for students for
Internship & (PhD) Thesis
• Applied Machine Learning (a.k.a. Data Science)
https://mpbalab.fbk.eu

3. DONEC
F I N I B U
S A C
• Geek & Nerd
• Fellow Pythonista since 2006
this is a better me !-)
SORRY, WHO?
100K points if
you get this pun !-)
github.com/leriomaggio

5. Machine
Learning

6. B
U
Z
Z
W
O
R
D
S

7. NULLA
C O N G U
E S A P I E
N
WHAT THE CLOUDS SAY

8. VITAE
A U G U E
C O N S E
C T E T U R
WHAT THE CLOUDS KEEP
SAYING…

9. AT
CONVALLIS
M I
A U C T O R .
WHAT THE CLOUDS STILL
SAY…

10. FUSCE
F E U G I A T
WHAT THE CLOUDS
FINALLY SAY!
Learning from Data
for future predictions

11. ACHINE
LEARNING
LAVOURS

12. SED
SUSCIPIT
I N
E L I T
M O L L I S
SUPERVISED SETTING
• Input Data are accompanied with
labels the ML model can learn from
• i.o.w. labels are reference for the
model to estimate the expected
outcomes

13. DIGITS CLASSIFICATION
Labels are
Categories

14. HOUSE PRICES ESTIMATION
Labels are
Real numbers

15. FRINGILLA
M A E C E
N A S
G R A V I D
A S
UNSUPERVISED
SETTING
• No label is provided
• Learning directly from data
• e.g. Clustering

16. CLUSTERING

17. FUSCE
F E U G I A T
WHAT THE CLOUDS
FINALLY SAY!

18. EU TURPIS
V O L U P T A
T

19. Let’s play with
all of this!

21. IPSUM
E G E T
A U C T O R APPLIED ML IN 5 STEPS
• Collect the Data
1. Look at the Data & Clean the Data
2. Prepare the data
3. Train your model(s)
4. Predict using your best model using unseen data
(namely: data NOT used in training)
5. Deploy your system in production

23. TWO COMMON FRAUDS
Account Hijacking
Card Faking

24. TWO COMMON FRAUDS
Account Hijacking
User Identification

25. USER IDENTIFICATION

26. KEYSTROKE DYNAMICS
Keystroke dynamics consists in analysing the way a user types by monitoring
keyboard inputs thousand of times per second, and processing this data through an
algorithm, which then defines a pattern for future comparison
Identifying an individual based on their way of typing on a physical or virtual keyboard

27. KEYSTROKE DYNAMICS
Time between two key pressures
Time between one pressure and one release
Time between one release and one pressure
Time between two key release
Intuition:
Users have unique ways to
type on keyboards
(i.e. typing patterns)

28. KEYSTROKE DYNAMIC
Time between two key pressures
Down-Down Time
Time between one pressure and one release-
Dwell Time
Time between one release and one pressure
Flight Time
Time between two key release
Up-Up Time

29. LOOKING FOR
ANOMALIES

30. DATA COLLECTION
Time between two key pressures
Down-Down Time
Time between one pressure and one release-
Dwell Time
Time between one release and one pressure
Flight Time
Time between two key release
Up-Up Time
• Dataset Statistics:
• 50 different users
• 450+ patterns each

31. DONEC
M E N U S
U R N A
STEP 1: LOOK AT
THE DATA AND
CLEAN THEM

32. UP-UP TIME - USERNAME FIELD - WEB VS APP

33. UP-UP TIME - PASSWORD FIELD - WEB VS APP

34. DWELL TIME - USERNAME FIELD - WEB VS APP

35. DWELL TIME - PASSWORD FIELD - WEB VS APP

36. DATA
CLEANING
Complexity-Invariant
Distance Measure

37. FEATURE SCALING (NORMALISATION)
Original
Feature Data
MinMax Scaling
Standard Scaling

38. PULVINAR
V I T A E
E L I T .
STEP 2:PREPARE
THE DATA
TRAIN-TEST CUT

39. WHAT
WE
DO

40. WHAT
WE
REALLY
DO K-Fold Cross Validation

41. VIVAMUS
F I N I B
U S
R I S U S
STEP 3-4:TRAIN
AND TEST ML
MODEL

42. Deep AutoEncoder
Encoder Decoder
…
Classification Deep Network
One AutoEncoder + FC Network
Outlier Detector (per user)
DEEPKS

43. Deep AutoEncoder
Encoder Decoder
DEEPKS
1. AUTOENCODER
Trained on genuine keystroke patterns
Unsupervised Machine (Deep) Learning

44. Deep AutoEncoder
Encoder Decoder
DEEPKS
2. DISCRIMINATOR
Trained on genuine &
adversarial patterns

45. EVALUATION METRICS
Confusion Matrix
over ~5200 samples

46. SAMPLE
SIZE TEST
Q: How many patterns would I
need to be confident about the
accuracy of the model ?

47. Feature Importance
rf.fit(X,y_DL)

48. NON
DIAM
B L A N D
I T
F E R M E
N T U M .
STEP 5:DEPLOY
YOUR SOLUTION

49. Models
Database
Model
Service
Feature
Database
Data
Collector
Feature Detection
Orchestration
Model
Training
Service
Feature
Extraction
Alarms
Dashboard
Models Models
Features
+ Labels
Features
Features
Raw Data
Alarm
Prediction
Request
Labels
1
2
3
9
SOC
Alarms
Database
4
5 6
7
Score
Confirmation/
Rejection
Features
8
10
11
12

50. API Engine
Feature
extractor
DL Model
{json}
Raw data, features,
predictions

51. SHAMELESS
PLUG

52. pydata.it
pycon.it

53. EUROSCIPY 2018
Fondazione Bruno Kessler | Associazione Python Italia
University of Trento
Northern Italy | Trentino Region Tentative dates:
Aug. 28 - Sept. 01 2018
Be posted on euroscipy.org

54. trento.python.it
Next Meetup: Feb, 22 2018 - h19:00 ➡ @Clab

55. SHAMELESS
SELF
PROMOTION
https://github.com/leriomaggio/deep-learning-keras-tensorflow

56. THANK YOU!
🍻
Now it’s time for Cheers
🥓
@leriomaggio
vmaggio@fbk.eu