1. The document proposes a novel method for continuously verifying user identity based on characteristics of their mouse interactions.
2. It introduces extracting features from individual mouse actions, in contrast to previous histogram approaches requiring aggregation of many actions.
3. The proposed algorithm is shown to outperform state-of-the-art methods by achieving higher verification accuracy while reducing response time.
BIOMETRICS AUTHENTICATION TECHNIQUE FOR INTRUSION DETECTION SYSTEMS USING FIN...IJCSEIT Journal
Identifying attackers is a major apprehension to both organizations and governments. Recently, the most
used applications for prevention or detection of attacks are intrusion detection systems. Biometrics
technology is simply the measurement and use of the unique characteristics of living humans to distinguish
them from one another and it is more useful as compare to passwords and tokens as they can be lost or
stolen so we have choose the technique biometric authentication. The biometric authentication provides the
ability to require more instances of authentication in such a quick and easy manner that users are not
bothered by the additional requirements. In this paper, we have given a brief introduction about
biometrics. Then we have given the information regarding the intrusion detection system and finally we
have proposed a method which is based on fingerprint recognition which would allow us to detect more
efficiently any abuse of the computer system that is running.
An Efficient User VErification System via Mouse MovementsOuzza Brahim
This document presents a new user verification system based on mouse movement biometrics. The system uses fine-grained angle-based metrics to characterize users' mouse movements. It then employs support vector machines to accurately and quickly verify users based on these mouse movement patterns. Experiments on over 1,000 users showed the system can verify a user within a few mouse clicks with high accuracy, making it suitable for online user verification. The key innovation is the use of angle-based metrics capturing the point-by-point direction and curvature of mouse movements.
In the age of Biometric Security taking over the traditional security features, this is a small intro to the Biometric features one can use to enhance the security. The various modalities have been explained.
This document provides an overview of biometric systems security and privacy. It defines biometrics and describes the stages of biometric identification and verification. It discusses types of biometrics like fingerprints, iris scans, and behavioral biometrics. The document outlines privacy assessments for biometric systems and security vulnerabilities like sensor attacks, replay attacks, and template modification. It also describes methods for template protection including biometric cryptosystems, cancellable biometrics, and hybrid approaches. Finally, it discusses privacy benefits in multimodal biometric systems that use multiple biometrics.
Sum Rule Based Matching Score Level Fusion of Fingerprint and Iris Images for...IRJET Journal
This document summarizes a research paper on multimodal biometrics identification using fingerprint and iris images. It discusses how a multimodal biometric system that fuses fingerprint and iris traits can improve identification accuracy over unimodal systems. The document outlines the architecture of multimodal biometric systems, including how different biometrics are acquired, processed independently, and then fused using techniques like score-level fusion. It also discusses related work on fingerprint and iris recognition individually, as well as previous research on multimodal biometrics fusion.
This PhD thesis by Zahid Akhtar examines the security of multimodal biometric systems against spoof attacks. It aims to evaluate the robustness of these systems to real spoof attacks, validate assumptions about the "worst-case" spoofing scenario, and develop methods to assess security without fabricating fake traits. Experiments are conducted on systems using face and fingerprint biometrics under various spoof attacks, and results show multimodal systems can be compromised by attacking a single trait, while the worst-case scenario does not always reflect real attacks.
The document provides an overview of biometric security systems. It defines biometrics as measuring unique human characteristics and discusses various physiological and behavioral biometric traits used for identification, including fingerprints, facial recognition, voice recognition, hand geometry, retina and iris scanning. It covers classification of biometric traits, factors for determining their effectiveness, functions of biometric systems, and concerns regarding privacy, standardization and overreliance. The document concludes by discussing potential future applications of biometric technologies in hospitals, forensics and membership programs.
This document provides an introduction to biometric security systems. It discusses how biometrics has evolved from early manual criminal identification techniques to modern automated systems. It describes some of the first commercial biometric devices used over 25 years ago for timekeeping and access control. It then summarizes several common biometric modalities used in existing security systems, including fingerprint, face, signature, voice, and gait recognition.
BIOMETRICS AUTHENTICATION TECHNIQUE FOR INTRUSION DETECTION SYSTEMS USING FIN...IJCSEIT Journal
Identifying attackers is a major apprehension to both organizations and governments. Recently, the most
used applications for prevention or detection of attacks are intrusion detection systems. Biometrics
technology is simply the measurement and use of the unique characteristics of living humans to distinguish
them from one another and it is more useful as compare to passwords and tokens as they can be lost or
stolen so we have choose the technique biometric authentication. The biometric authentication provides the
ability to require more instances of authentication in such a quick and easy manner that users are not
bothered by the additional requirements. In this paper, we have given a brief introduction about
biometrics. Then we have given the information regarding the intrusion detection system and finally we
have proposed a method which is based on fingerprint recognition which would allow us to detect more
efficiently any abuse of the computer system that is running.
An Efficient User VErification System via Mouse MovementsOuzza Brahim
This document presents a new user verification system based on mouse movement biometrics. The system uses fine-grained angle-based metrics to characterize users' mouse movements. It then employs support vector machines to accurately and quickly verify users based on these mouse movement patterns. Experiments on over 1,000 users showed the system can verify a user within a few mouse clicks with high accuracy, making it suitable for online user verification. The key innovation is the use of angle-based metrics capturing the point-by-point direction and curvature of mouse movements.
In the age of Biometric Security taking over the traditional security features, this is a small intro to the Biometric features one can use to enhance the security. The various modalities have been explained.
This document provides an overview of biometric systems security and privacy. It defines biometrics and describes the stages of biometric identification and verification. It discusses types of biometrics like fingerprints, iris scans, and behavioral biometrics. The document outlines privacy assessments for biometric systems and security vulnerabilities like sensor attacks, replay attacks, and template modification. It also describes methods for template protection including biometric cryptosystems, cancellable biometrics, and hybrid approaches. Finally, it discusses privacy benefits in multimodal biometric systems that use multiple biometrics.
Sum Rule Based Matching Score Level Fusion of Fingerprint and Iris Images for...IRJET Journal
This document summarizes a research paper on multimodal biometrics identification using fingerprint and iris images. It discusses how a multimodal biometric system that fuses fingerprint and iris traits can improve identification accuracy over unimodal systems. The document outlines the architecture of multimodal biometric systems, including how different biometrics are acquired, processed independently, and then fused using techniques like score-level fusion. It also discusses related work on fingerprint and iris recognition individually, as well as previous research on multimodal biometrics fusion.
This PhD thesis by Zahid Akhtar examines the security of multimodal biometric systems against spoof attacks. It aims to evaluate the robustness of these systems to real spoof attacks, validate assumptions about the "worst-case" spoofing scenario, and develop methods to assess security without fabricating fake traits. Experiments are conducted on systems using face and fingerprint biometrics under various spoof attacks, and results show multimodal systems can be compromised by attacking a single trait, while the worst-case scenario does not always reflect real attacks.
The document provides an overview of biometric security systems. It defines biometrics as measuring unique human characteristics and discusses various physiological and behavioral biometric traits used for identification, including fingerprints, facial recognition, voice recognition, hand geometry, retina and iris scanning. It covers classification of biometric traits, factors for determining their effectiveness, functions of biometric systems, and concerns regarding privacy, standardization and overreliance. The document concludes by discussing potential future applications of biometric technologies in hospitals, forensics and membership programs.
This document provides an introduction to biometric security systems. It discusses how biometrics has evolved from early manual criminal identification techniques to modern automated systems. It describes some of the first commercial biometric devices used over 25 years ago for timekeeping and access control. It then summarizes several common biometric modalities used in existing security systems, including fingerprint, face, signature, voice, and gait recognition.
Biometric Authentication Based on Hash Iris FeaturesCSCJournals
With an increasing emphasis on security, automated personal identification based on biometrics has been receiving extensive attention since its introduction in 1992. In this study, authentication system contained two parts: registration part and matching part. In both parts, iris image is used for personal identification. Localization of inner boundary only, extracted a region from the iris (without eyelashes problem), a feature vector is deduced from the texture of the image. The feature vector is used for classification of the iris texture, then it's treated by the hash function to produce the hash value (authentic value of a person). In matching part, produced hash value searched in the authorized person's database for taking a decision (success or fail) of the authentication. The method was evaluated on iris images takes from the CASIA iris image database version 1.0 [15]. The experimental results show that the vector extracted by the proposed method has very discriminating values that led to a recognition rate of over 100% on iris database. Also, authentication system is very accurate because it's used a secure method of authentication that iris-biometric and a hash function for avoiding stealing data from database.
The Survey of Architecture of Multi-Modal (Fingerprint and Iris Recognition) ...IJERA Editor
Biometrics based individual identification is observed as an effective technique for automatically knowing, with a high confidence a person’s identity. Multi-modal biometric systems consolidate the evidence accessible by multiple biometric sources and normally better recognition performance associate to system based on a single biometric modality.Multi biometric systems are used to overcome this issue by providing multiple pieces of indication of the same identity. This system provides effective fusion structure that combines information provided by the multiple field experts based on decision-level and score-level fusion method, thereby increasing the efficiency which is not conceivable in uni-modal system.Multi-modal biometrics can be attained through a fusion of two or more images, where the subsequent fused image will be more protected. This paper discusses various fusion techniques, architecture of multi-modal biometric authentication and working of biometric fusion i.e. Iris and Fingerprint recognition that are used in multi-modal biometrics
A Comparison Based Study on Biometrics for Human RecognitionIOSR Journals
Abstract: A biometric system provides automatic recognition of an individual based on a unique feature or
characteristic possessed by the individual. These biometric characteristic may physiological or behavioral.
Unlike other identification methods such as id proof, tokens and password, the distinct aspect of biometric
recognition comes into light from randomly distributed features in human being. In this paper, I describe the
novel comparison based upon various aspects to make easy selection for biometric device deployment in specific
environment. This paper proposes a comparison among all kind of biometric system available in the society.
The existing computer security systems used at various places like banking, passport, credit cards, smart cards,
PIN , access control and network security are using username and passwords for person identification.
Biometric systems also introduce an aspect of user convenience; it means one can be authorized by representing
himself or herself. In this paper, the main focus is on working principal of biometric technique, the various
biometrics systems and their comparisons.
Keywords: Biometrics, authentication, identification, recognition
This document proposes a biometrics-based authentication scheme for a multi-server environment using elliptic curve cryptography. It aims to provide a truly three-factor authenticated scheme. Existing methods use fingerprints, RSA, and wavelet transforms but have issues with efficiency, computational load, and accuracy under different lighting conditions. The proposed system uses a hybrid crypto approach combining biometrics, passwords, and smart cards for stronger security. It analyzes palm print textures for better characterization. This authentication scheme is intended to provide secure access control for applications like defense areas, banks, and privacy protection with low complexity and high efficiency compared to previous works.
This document describes the design and implementation of a fingerprint-based identity authentication system. The system uses an improved algorithm to extract minutiae features from fingerprints faster and more accurately than previous methods. It then employs an alignment-based matching algorithm to find correspondences between input and stored fingerprint templates without exhaustive search. Experimental results on standard fingerprint databases show the system can achieve good performance and satisfy response time requirements for authentication, taking about 1.4 seconds on average. The system provides a means of positive identity verification through fingerprint biometrics with a very high level of accuracy.
11.graphical password based hybrid authentication system for smart hand held ...Alexander Decker
Ray's Scheme is a proposed hybrid graphical password authentication system for smart handheld devices. The system combines recognition and recall-based techniques and has two phases: registration and authentication. During registration, the user selects a username, textual password, and graphical password by choosing objects and corresponding digits. During authentication, the user enters their username, password, and recalls the graphical password by selecting the objects and entering the digits. The system aims to provide more security while being user-friendly for smart devices.
Traditionally, in paper based election,voters cast their vote to select right candidate, where they simply put their vote in voting box and at the end of the voting day the votes are going to be count manually. This process was much time consuming as well as was erroneous. To overcome this drawback Electronic Voting Machine (EVM) was introduced. In EVM, Voter cast their vote by pressing the voting button which was on EVM. The Major advantage of EVM system is , the votes are counted automatically instead of manually. But the drawback of EVM machine was, the votes may get manipulated and was not secure. So to overcome all these drawbacks, research on biometric based voting system is going on. This Paper focuses on survey of different voting system using Fingerprint biometric through different algorithms and methods.
The document discusses biometrics and biometric systems. It defines biometrics as measurable biological characteristics that can be used to identify individuals. It then describes the main components of a biometric system, including sensors, feature extraction, matching, and databases. The document discusses verification and identification modes of biometric systems. It also explains the different types of errors that can occur in biometric systems, including false accepts and false rejects, and how performance is evaluated using metrics like FMR, FNMR, FTE, and FTC rates.
IRJET - Real Time Face Recognition in Electronic Voting System using RFID and...IRJET Journal
This document describes a proposed electronic voting system that uses RFID and face recognition for authentication. The system uses a two-step verification process: 1) RFID number verification and 2) face recognition using Haar cascade algorithms. If both authentications are successful, the voter can cast their vote for their desired candidate. The system aims to increase security over current voting methods by preventing counterfeit votes through multi-factor authentication. It also allows for faster vote counting than paper-based systems. The document provides details on implementation, the face detection methodology, and discusses results and limitations.
IRJET- Survey on Development of Fingerprint Biometric Attendance Management S...IRJET Journal
The document discusses a proposed smart attendance management system that integrates fingerprint biometric authentication with wireless connectivity. The system uses an Android mobile application to register users and record their attendance through fingerprint scans. It ensures employees are physically present at work by only allowing attendance checks when the mobile device is connected to the organization's wireless router. This prevents employees from falsely checking in without remaining on-site. The system aims to reduce costs compared to traditional fingerprint scanners while providing increased portability and convenience through the use of mobile phones and wireless technology.
This document discusses key considerations for protecting critical infrastructure from cybersecurity threats involving biometrics. It notes that while biometrics can strengthen security, biometric systems themselves must be secured against attacks. The document outlines vulnerabilities across different stages of biometric systems and recommends countermeasures like multi-factor authentication, flexible technology, and ongoing analysis to adapt to evolving threats. The overall message is that cybersecurity requires a holistic defense-in-depth approach when using biometrics to authenticate identity.
Biometric authentication uses unique human physical and behavioral characteristics for authentication purposes. Physical biometrics include fingerprints, facial patterns, iris scans, and retinal patterns. Behavioral biometrics analyze keystrokes, gait, voice, mouse movements, signatures, and cognition. Biometrics provide stronger authentication than passwords alone but have disadvantages like inability to change compromised biometrics and potential for "master fingerprints" to trick some devices. Biometrics are increasingly used for consumer, government, and corporate authentication.
The document discusses biometric systems for security. It defines biometrics as measuring biological traits to identify individuals. It then discusses the history of biometrics using fingerprinting in China in the 14th century. It describes the main types of biometric devices as behavioral (e.g. voice, signature) or physical (e.g. fingerprint, face) and lists their common uses including banking, attendance tracking, and data security. Finally, it compares biometric security to other methods and outlines some limitations such as noise in data and variations over time.
LUIS: A L IGHT W EIGHT U SER I DENTIFICATION S CHEME FOR S MARTPHONES IJCI JOURNAL
Smartphone usage has reached its peak. There has be
en a tremendous growth in the number of people
migrating from PCs to smart phones. Numerous scenar
ios such as loss of a phone, phone theft etc., can
lead to unauthorized use of one’s own smartphone. T
his raises the concern for securing personal and
private data. This project proposes a light weight
two level user identification scheme to recognize a
nd
authenticate the mobile phone based on the device h
olding and usage patterns. To validate the proposed
scheme, an application is created which takes a ges
ture input characterized by time of swiping the scr
een,
finger pressure, phone movements and location of sw
ipe on the screen through X and Y co-ordinate. A
threshold based matching scheme performs classifica
tion to find the true owner. Results show that the
scheme was able to achieve 90% true positives and 1
0% false positives with a 0.5% of battery usage.
Keystroke dynamics, or typing dynamics, is the detailed timing information that describes exactly when each key was pressed and when it was released as a person is typing at a computer keyboard.
Keystroke Dynamics Authentication with Project Management SystemIJSRD
Generally user authentication is done using username and password that is called as login process. This login process is not more secure because, however a login session is still unprotected to impersonator when the user leaves his computer without logging off. Keystroke dynamics methods can be made useful to verify a user by extracting some typing features then, after the authentication process has successfully ended. From the last decade several studies proposed the use of keystroke dynamics as a behavioral biometric tool to verify users. We propose a new method, for representing the keystroke patterns by joining similar pairs of consecutive keystrokes. The above proposed method is used to consider clustering the di-graphs which are based on their temporal features. In this project, authentication system is provide to project management system that make more Secure management system without acknowledging unauthorized user. The Project Management System addresses the management of software projects. It provides the framework for organizing and managing resources in such a way that these resources deliver all the work required to complete a software project within defined scope, time and cost constraints. The system applies only to the management of software projects and is a tool that facilitates decision making.
“Enhancing Iris Scanning Using Visual Cryptography”iosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
AN ENHANCED SECURITY FOR GOVERNMENT BASE ON MULTIFACTOR BIOMETRIC AUTHENTICATIONIJCNCJournal
This paper is demonstrating to create a system of multifactor authentication based on biometric verification. Our system use iris for the first factor and fingerprint for the second factor. nce an attacker attempts to attack the system, there must have two factors. If one of them is compromised or broken, the attacker still has at least one more barrier to breach before successfully breaking into the target. Furthermore, this system will be implemented to enhance security for accessing control login government system.
This document discusses methods for compressing mouse cursor activity data collected by websites for analytics purposes. It evaluates 10 compression algorithms, including 5 lossless and 5 lossy methods. The results show that different algorithms are suited to different goals, such as reducing bandwidth, improving client-side performance, or accurately replicating the original cursor data. Lossy algorithms like piecewise linear interpolation and distance-thresholding offered better performance and bandwidth reduction than lossless LZW compression. The study contributes to making mouse cursor tracking a practical technology by reducing the data size.
Measurment and Modeling of Eue-mouse Behavior in the Presence of Nonlinear Pa...Ouzza Brahim
This study examines eye and mouse behavior on search pages with both linear and nonlinear layouts. Eye tracking data was collected from participants performing search tasks. Results show that for nonlinear layouts, attention was not solely top-down as previously believed, and that both eye and mouse were sensitive to an element's position and relevance. Models were developed that could predict eye gaze from mouse activity with 67% accuracy, showing mouse tracking can provide insights into user attention patterns on complex search pages.
This document summarizes an approach to automatically detecting human and robot web traffic by analyzing HTTP request patterns. It describes using embedded JavaScript and CSS files to detect mouse/keyboard activity and standard browser behavior. Experiments on the CoDeeN content distribution network found this approach identified 95% of human users within 57 requests and 80% within 20 requests, with a maximum false positive rate of 2.4%. Since deploying this system, robot-related abuse complaints dropped by a factor of 10.
Biometric Authentication Based on Hash Iris FeaturesCSCJournals
With an increasing emphasis on security, automated personal identification based on biometrics has been receiving extensive attention since its introduction in 1992. In this study, authentication system contained two parts: registration part and matching part. In both parts, iris image is used for personal identification. Localization of inner boundary only, extracted a region from the iris (without eyelashes problem), a feature vector is deduced from the texture of the image. The feature vector is used for classification of the iris texture, then it's treated by the hash function to produce the hash value (authentic value of a person). In matching part, produced hash value searched in the authorized person's database for taking a decision (success or fail) of the authentication. The method was evaluated on iris images takes from the CASIA iris image database version 1.0 [15]. The experimental results show that the vector extracted by the proposed method has very discriminating values that led to a recognition rate of over 100% on iris database. Also, authentication system is very accurate because it's used a secure method of authentication that iris-biometric and a hash function for avoiding stealing data from database.
The Survey of Architecture of Multi-Modal (Fingerprint and Iris Recognition) ...IJERA Editor
Biometrics based individual identification is observed as an effective technique for automatically knowing, with a high confidence a person’s identity. Multi-modal biometric systems consolidate the evidence accessible by multiple biometric sources and normally better recognition performance associate to system based on a single biometric modality.Multi biometric systems are used to overcome this issue by providing multiple pieces of indication of the same identity. This system provides effective fusion structure that combines information provided by the multiple field experts based on decision-level and score-level fusion method, thereby increasing the efficiency which is not conceivable in uni-modal system.Multi-modal biometrics can be attained through a fusion of two or more images, where the subsequent fused image will be more protected. This paper discusses various fusion techniques, architecture of multi-modal biometric authentication and working of biometric fusion i.e. Iris and Fingerprint recognition that are used in multi-modal biometrics
A Comparison Based Study on Biometrics for Human RecognitionIOSR Journals
Abstract: A biometric system provides automatic recognition of an individual based on a unique feature or
characteristic possessed by the individual. These biometric characteristic may physiological or behavioral.
Unlike other identification methods such as id proof, tokens and password, the distinct aspect of biometric
recognition comes into light from randomly distributed features in human being. In this paper, I describe the
novel comparison based upon various aspects to make easy selection for biometric device deployment in specific
environment. This paper proposes a comparison among all kind of biometric system available in the society.
The existing computer security systems used at various places like banking, passport, credit cards, smart cards,
PIN , access control and network security are using username and passwords for person identification.
Biometric systems also introduce an aspect of user convenience; it means one can be authorized by representing
himself or herself. In this paper, the main focus is on working principal of biometric technique, the various
biometrics systems and their comparisons.
Keywords: Biometrics, authentication, identification, recognition
This document proposes a biometrics-based authentication scheme for a multi-server environment using elliptic curve cryptography. It aims to provide a truly three-factor authenticated scheme. Existing methods use fingerprints, RSA, and wavelet transforms but have issues with efficiency, computational load, and accuracy under different lighting conditions. The proposed system uses a hybrid crypto approach combining biometrics, passwords, and smart cards for stronger security. It analyzes palm print textures for better characterization. This authentication scheme is intended to provide secure access control for applications like defense areas, banks, and privacy protection with low complexity and high efficiency compared to previous works.
This document describes the design and implementation of a fingerprint-based identity authentication system. The system uses an improved algorithm to extract minutiae features from fingerprints faster and more accurately than previous methods. It then employs an alignment-based matching algorithm to find correspondences between input and stored fingerprint templates without exhaustive search. Experimental results on standard fingerprint databases show the system can achieve good performance and satisfy response time requirements for authentication, taking about 1.4 seconds on average. The system provides a means of positive identity verification through fingerprint biometrics with a very high level of accuracy.
11.graphical password based hybrid authentication system for smart hand held ...Alexander Decker
Ray's Scheme is a proposed hybrid graphical password authentication system for smart handheld devices. The system combines recognition and recall-based techniques and has two phases: registration and authentication. During registration, the user selects a username, textual password, and graphical password by choosing objects and corresponding digits. During authentication, the user enters their username, password, and recalls the graphical password by selecting the objects and entering the digits. The system aims to provide more security while being user-friendly for smart devices.
Traditionally, in paper based election,voters cast their vote to select right candidate, where they simply put their vote in voting box and at the end of the voting day the votes are going to be count manually. This process was much time consuming as well as was erroneous. To overcome this drawback Electronic Voting Machine (EVM) was introduced. In EVM, Voter cast their vote by pressing the voting button which was on EVM. The Major advantage of EVM system is , the votes are counted automatically instead of manually. But the drawback of EVM machine was, the votes may get manipulated and was not secure. So to overcome all these drawbacks, research on biometric based voting system is going on. This Paper focuses on survey of different voting system using Fingerprint biometric through different algorithms and methods.
The document discusses biometrics and biometric systems. It defines biometrics as measurable biological characteristics that can be used to identify individuals. It then describes the main components of a biometric system, including sensors, feature extraction, matching, and databases. The document discusses verification and identification modes of biometric systems. It also explains the different types of errors that can occur in biometric systems, including false accepts and false rejects, and how performance is evaluated using metrics like FMR, FNMR, FTE, and FTC rates.
IRJET - Real Time Face Recognition in Electronic Voting System using RFID and...IRJET Journal
This document describes a proposed electronic voting system that uses RFID and face recognition for authentication. The system uses a two-step verification process: 1) RFID number verification and 2) face recognition using Haar cascade algorithms. If both authentications are successful, the voter can cast their vote for their desired candidate. The system aims to increase security over current voting methods by preventing counterfeit votes through multi-factor authentication. It also allows for faster vote counting than paper-based systems. The document provides details on implementation, the face detection methodology, and discusses results and limitations.
IRJET- Survey on Development of Fingerprint Biometric Attendance Management S...IRJET Journal
The document discusses a proposed smart attendance management system that integrates fingerprint biometric authentication with wireless connectivity. The system uses an Android mobile application to register users and record their attendance through fingerprint scans. It ensures employees are physically present at work by only allowing attendance checks when the mobile device is connected to the organization's wireless router. This prevents employees from falsely checking in without remaining on-site. The system aims to reduce costs compared to traditional fingerprint scanners while providing increased portability and convenience through the use of mobile phones and wireless technology.
This document discusses key considerations for protecting critical infrastructure from cybersecurity threats involving biometrics. It notes that while biometrics can strengthen security, biometric systems themselves must be secured against attacks. The document outlines vulnerabilities across different stages of biometric systems and recommends countermeasures like multi-factor authentication, flexible technology, and ongoing analysis to adapt to evolving threats. The overall message is that cybersecurity requires a holistic defense-in-depth approach when using biometrics to authenticate identity.
Biometric authentication uses unique human physical and behavioral characteristics for authentication purposes. Physical biometrics include fingerprints, facial patterns, iris scans, and retinal patterns. Behavioral biometrics analyze keystrokes, gait, voice, mouse movements, signatures, and cognition. Biometrics provide stronger authentication than passwords alone but have disadvantages like inability to change compromised biometrics and potential for "master fingerprints" to trick some devices. Biometrics are increasingly used for consumer, government, and corporate authentication.
The document discusses biometric systems for security. It defines biometrics as measuring biological traits to identify individuals. It then discusses the history of biometrics using fingerprinting in China in the 14th century. It describes the main types of biometric devices as behavioral (e.g. voice, signature) or physical (e.g. fingerprint, face) and lists their common uses including banking, attendance tracking, and data security. Finally, it compares biometric security to other methods and outlines some limitations such as noise in data and variations over time.
LUIS: A L IGHT W EIGHT U SER I DENTIFICATION S CHEME FOR S MARTPHONES IJCI JOURNAL
Smartphone usage has reached its peak. There has be
en a tremendous growth in the number of people
migrating from PCs to smart phones. Numerous scenar
ios such as loss of a phone, phone theft etc., can
lead to unauthorized use of one’s own smartphone. T
his raises the concern for securing personal and
private data. This project proposes a light weight
two level user identification scheme to recognize a
nd
authenticate the mobile phone based on the device h
olding and usage patterns. To validate the proposed
scheme, an application is created which takes a ges
ture input characterized by time of swiping the scr
een,
finger pressure, phone movements and location of sw
ipe on the screen through X and Y co-ordinate. A
threshold based matching scheme performs classifica
tion to find the true owner. Results show that the
scheme was able to achieve 90% true positives and 1
0% false positives with a 0.5% of battery usage.
Keystroke dynamics, or typing dynamics, is the detailed timing information that describes exactly when each key was pressed and when it was released as a person is typing at a computer keyboard.
Keystroke Dynamics Authentication with Project Management SystemIJSRD
Generally user authentication is done using username and password that is called as login process. This login process is not more secure because, however a login session is still unprotected to impersonator when the user leaves his computer without logging off. Keystroke dynamics methods can be made useful to verify a user by extracting some typing features then, after the authentication process has successfully ended. From the last decade several studies proposed the use of keystroke dynamics as a behavioral biometric tool to verify users. We propose a new method, for representing the keystroke patterns by joining similar pairs of consecutive keystrokes. The above proposed method is used to consider clustering the di-graphs which are based on their temporal features. In this project, authentication system is provide to project management system that make more Secure management system without acknowledging unauthorized user. The Project Management System addresses the management of software projects. It provides the framework for organizing and managing resources in such a way that these resources deliver all the work required to complete a software project within defined scope, time and cost constraints. The system applies only to the management of software projects and is a tool that facilitates decision making.
“Enhancing Iris Scanning Using Visual Cryptography”iosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
AN ENHANCED SECURITY FOR GOVERNMENT BASE ON MULTIFACTOR BIOMETRIC AUTHENTICATIONIJCNCJournal
This paper is demonstrating to create a system of multifactor authentication based on biometric verification. Our system use iris for the first factor and fingerprint for the second factor. nce an attacker attempts to attack the system, there must have two factors. If one of them is compromised or broken, the attacker still has at least one more barrier to breach before successfully breaking into the target. Furthermore, this system will be implemented to enhance security for accessing control login government system.
This document discusses methods for compressing mouse cursor activity data collected by websites for analytics purposes. It evaluates 10 compression algorithms, including 5 lossless and 5 lossy methods. The results show that different algorithms are suited to different goals, such as reducing bandwidth, improving client-side performance, or accurately replicating the original cursor data. Lossy algorithms like piecewise linear interpolation and distance-thresholding offered better performance and bandwidth reduction than lossless LZW compression. The study contributes to making mouse cursor tracking a practical technology by reducing the data size.
Measurment and Modeling of Eue-mouse Behavior in the Presence of Nonlinear Pa...Ouzza Brahim
This study examines eye and mouse behavior on search pages with both linear and nonlinear layouts. Eye tracking data was collected from participants performing search tasks. Results show that for nonlinear layouts, attention was not solely top-down as previously believed, and that both eye and mouse were sensitive to an element's position and relevance. Models were developed that could predict eye gaze from mouse activity with 67% accuracy, showing mouse tracking can provide insights into user attention patterns on complex search pages.
This document summarizes an approach to automatically detecting human and robot web traffic by analyzing HTTP request patterns. It describes using embedded JavaScript and CSS files to detect mouse/keyboard activity and standard browser behavior. Experiments on the CoDeeN content distribution network found this approach identified 95% of human users within 57 requests and 80% within 20 requests, with a maximum false positive rate of 2.4%. Since deploying this system, robot-related abuse complaints dropped by a factor of 10.
This document discusses distinguishing human users from bot users in web search logs. It proposes using multiple thresholds for different classification criteria rather than single thresholds, to avoid misclassifying ambiguous cases. It also defines "strong criteria" that identify activity levels unlikely or impossible for humans, to avoid false positives. The authors apply this approach to the AOL search log to classify over 92% of users as human and 0.6% as bots, with the rest unclassified. Humans tend to display consistent behavior while bots can vary widely between criteria.
The document describes a proposed algorithm called Visitors' Online Behavior (VOB) for tracing visitors' online behaviors to effectively mine web usage data. The VOB algorithm identifies user behavior, creates user and page clusters, and determines the most and least popular web pages. It discusses how web usage mining analyzes user behavior logs to discover patterns. Preprocessing techniques like data cleaning, user/session identification, and path completion are applied to web server logs to maximize accurate pattern mining. Existing algorithms are described that apply preprocessing concepts to calculate unique user counts, minimize log file sizes, and identify user sessions.
User Identity Verification Using Mouse SignatureIOSR Journals
This document proposes a novel method for user identity verification using mouse signature. It captures mouse events such as mouse movements, clicks, and silences during a user's interaction with a canvas application. Features are extracted from these events to create a unique mouse signature for the user, which is stored in a database. When a user logs in, their current mouse signature is generated and compared to the stored signature to verify their identity. If the signatures match above a threshold like 80%, the user is authenticated. This adds an additional layer of security beyond just usernames and passwords. The system was designed to be more accurate than existing histogram-based approaches by verifying each individual mouse action.
ENHANCED AUTHENTICATION FOR WEB-BASED SECURITY USING KEYSTROKE DYNAMICSIJNSA Journal
Current password authentication system was proven not secure enough to protect the information from intruders. However, various research has been done and the results show the value of FRR still low and the value of FAR still high. Thus, one of the methods suggests, is enhancing the current system using keystroke dynamics. Keystroke dynamics is a type of biometric authentication that does not require any special hardware, easy to use as the same routine as normal password authentication. Therefore, this research proposed an authentication system using keystroke dynamics to prevent the system from intruders. A system is developed that consist of two parts which are enrolment and verification. Then, a prototype is developed for testing process that consists of 3 main modules, namely Enrolment, Client/Server Connection
and, Verification and Retraining. Based on the testing, the system proved that the keystroke dynamic authentication system was able to implement in client/server environment and shows the value of EER is low that indicates it provide a better system authentication. In future, the system can be improved by enhancing the security, performance, and user interface.
This document discusses the implementation of biometric voting systems through computer networks using fingerprints. It begins by introducing biometrics and how fingerprints are commonly used for identification. It then examines how a biometric voting system would work, including voters registering their fingerprint templates in a database, logging into a voting website, selecting a candidate, and having their fingerprint scanned to cast their vote. The document evaluates different biometric methods and argues that fingerprints are most efficient and accurate. It also discusses challenges with biometric systems, such as false acceptance and rejection rates.
This document is a report on biometric sensors written by Arhind Kumar Gautam for his Information Technology department. It contains an introduction to biometric sensors, a history of biometrics, definitions of biometric terms, descriptions of different types of biometric sensors including physical (fingerprint, face recognition, retina scan) and behavioral (voice recognition, signature) biometrics. It also discusses future applications of biometrics and provides a conclusion on biometric sensors.
This document provides an overview of biometric encryption, which is a technique that securely links a digital cryptographic key to a biometric template (such as a fingerprint image) during enrollment. It allows the key to be retrieved later during verification by matching a new biometric sample to the stored template. The key is independent of the biometric data, so compromising the key does not invalidate the use of that biometric, and the key can be easily updated. The document describes how biometric encryption uses correlation filtering of fingerprint images to generate a "bioscrypt" during enrollment that securely embeds the key, and then retrieves the key during verification by correlating a new fingerprint with the bioscrypt. It outlines the requirements for distortion tolerance
Running head BIOMETRIC MONITORING SYSTEM 1BIOMETRIC MONIT.docxsusanschei
Running head: BIOMETRIC MONITORING SYSTEM
1
BIOMETRIC MONITORING SYSTEM
2
Review APA format, Review references, Reread our paper many sentences with missing words, incomplete thoughts or grammar errors
Biometric Monitoring System
Term Paper
Tamara Williams
Management of Information Systems
Professor Marco A. Villarreal
Texas A&M University - CT
Introduction
Many companies and businesses need to adopt efficient employees’ monitoring systems. The management of these entities should have the ability to check that employees are within the designated working areas within the stipulated time. Therefore, the internal staff monitoring system should be operated in such a way that it ensures that it eliminates the possibility of an employee lying about their location and what times they are there. The company’s policy and system should deny the staff the ability to backtrack time and location, and the system should not give the employees capacity to perform relocation editing earlier than it was stated in the system. Firms in the past have adopted various manual systems as a way of ascertaining the whereabouts of staff at any given time, for example, the physical clock-in and clock out the system. In these systems, the employees should just register their presence by filling in their names and credentials on an attendance sheet.
Business organizations, schools, and training facilities have experienced significant challenges as the system allows for members of an organization to lie about their presence at any given time. A common problem is when employees form cliques in which co-workers sign for their colleagues who arrive and leave their designated areas of work. Whether its later and earlier than expected, their clock-ins and clock-outs will have the correct time stamp even if they are not there. The manual staff monitoring system offers cheaters a creative series of challenges. An employee who tends to leave their workstations more frequently, and the other employees that leave their work areas before their stipulated time, all of which the management will not detect because of anomalies in the system that will show the correct time. The overall effect of such weak and easily-to-manipulate systems in an organization lead to low staff output and a general decline in the efficiency of the company.
Going forward, there is a need for business entities, learning institutions, and premises which requires access from authorized personnel only to adopt a system which will ensure that the right person is checking I or out at the right time. The firms should implement a monitoring system which will seek for employees’ physical presence whenever one is checking into the system. Currently, one of the available options for institutions which need to implement a real-time employee monitoring system is the adoption of the biometric tracking system. A biometric system will seek to resolve the problem of voluntary wrongful reporting over time as the ...
Online Signature Authentication by Using Mouse Behavior Editor IJCATR
Several large-scale parole leakages exposed users to associate unprecedented risk of speech act and abuse of their data. associate inadequacy of password-based authentication mechanisms is turning into a serious concern for the complete data society. carries with it 3 major modules: (1) Mouse–Behavior dynamics Capture, (2) Feature Construction, and (3) coaching or Classification. the primary module serves to make a taking mouse behavior user signs. The second module is employed to extract holistic and procedural options to characterize mouse behavior and to map the raw options into distance-based options by exploitation numerous distance metrics. The third module, within the coaching section, applies neural network on the distance-based feature vectors to reckon the predominant feature elements, then builds the user’s profile employing a one-class classifier. within the classification section, it determines the user’s identity exploitation the trained classifier within the distance-based feature exploitation NN. A four Digit OTP is generated to the user’s email ID. The user are going to be giving the ‘2’ digit OTP and therefore the server are going to be giving balance ‘2’ digit OTP. Users ‘2’ digit OTP is verified by the server and contrariwise.
Continuous User Identity Verification through Secure Login SessionIRJET Journal
This document proposes a system for continuous user identity verification through secure login sessions using multi-modal biometrics. The system uses biometrics like fingerprints, facial recognition, and keyboard dynamics along with one-time passwords and random security questions to authenticate users. During login sessions, one-time passwords are sent to the user's email and random questions are asked every 5-10 minutes to continuously verify the user's identity. This prevents unauthorized access if the user leaves their device unattended during a session. The proposed system detects misuse of resources and prevents malicious activities through continuous multi-modal biometric authentication. Biometric and user data are stored on smartphones and web services.
Self Monitoring System to Catch Unauthorized ActivityIRJET Journal
The document describes a proposed self-monitoring system called SMS that detects unauthorized insider activity on a system. SMS monitors user activity at the system call level and creates user profiles to track normal usage patterns. It compares current activity to these profiles to identify anomalous behavior that may indicate a malicious intrusion. When SMS detects potential unauthorized activity, it takes a snapshot of the event and reports it to administrators. The system aims to improve on other intrusion detection systems by identifying insider threats in real-time at the system call level using data mining and forensic techniques.
Biometric system is a pattern identification system that recognizes an individual by determining the originality of the physical features and behavioral characteristic of that person. Of all the recently used biometric techniques, fingerprint identification systems have gained the most popularity because of the prolonged existence of fingerprints and its extensive use. Fingerprint is dependable biometric trait as it is an idiosyncratic and dedicated. It is a technology that is increasingly used in various fields like forensics and security purpose. The vital objective of our system is to make ATM transaction more secure and user friendly. This system replaces traditional ATM cards with fingerprint. Therefore, there is no need to carry ATM cards to perform transactions. The money transaction can be made more secure without worrying about the card to be lost. In our system we are using embedded system with biometrics i.e r305 sensor and UART microcontroller. The Fingerprint and the user_id of all users are stored in the database. Fingerprints are used to identify whether the Person is genuine. A Fingerprint scanner is used to acquire the fingerprint of the individual, after which the system requests for the PIN (Personal Identification Number). The user gets three chances to get him authenticated. If the fingerprints do not match further authentication will be needed. After the verification with the data stored in the system database, the user is allowed to make transactions.
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
IRJET - Human Identification using Major and Minor Finger Knuckle PatternIRJET Journal
This document proposes a novel method for human identification using major and minor finger knuckle patterns. A team of researchers led by Dr. Raja developed a system that extracts features from finger knuckle print images using Radon transform. The knuckle print images are treated as texture images and the Radon transform computes line integrals along parallel paths to represent the texture information. The proposed method aims to provide contactless and unrestricted human identification using finger knuckle biometrics.
IRJET- Human Identification using Major and Minor Finger Knuckle PatternIRJET Journal
This document proposes a method for human identification using major and minor finger knuckle patterns. A team of researchers led by Dr. Raja developed a novel person identification system that extracts knuckle print features using Radon transform. The knuckle print image is treated as a texture image, and Radon transform computes line integrals along parallel paths in certain directions to represent the texture information in the image. The proposed method aims to provide contactless and unrestricted access control using finger knuckle biometrics, which are user-centric and have stable and unique features.
IRJET- Handwritten Signature Verification using Local Binary Pattern Features...IRJET Journal
This document summarizes an research paper on offline handwritten signature verification using local binary pattern features and K-nearest neighbors classification. It describes preprocessing signatures using Otsu thresholding, extracting local binary pattern features, and classifying signatures with KNN. 40 signature recognition approaches were reviewed before designing this system. The system achieved an accuracy of 85% on a dataset of bank cheque signatures during testing.
IRJET - An Enhanced Signature Verification System using KNNIRJET Journal
This document proposes an enhanced signature verification system using K-nearest neighbors (KNN) classification. It discusses how signature verification aims to automatically determine if a biometric sample matches a claimed identity. The proposed system extracts features from signatures and uses KNN to classify signatures as genuine or forgeries. It also reviews related work on signature verification using techniques like artificial immune systems and discusses preprocessing steps like normalization to standardize signature size and reduce variations between signatures.
This document summarizes a research paper on identifying authorized users based on typing speed comparison. The paper proposes using a user's typing speed and patterns as a behavioral biometric for authentication. It analyzes keystroke dynamics data such as dwell times and flight times between keys. A neural network classifier is used to model users' typing behaviors based on monograph and digraph mappings. The proposed framework achieved reduced false positive and negative rates compared to existing password-based authentication methods. It provides a simple, low-cost way to increase computer security without additional hardware or training for users.
This document proposes a multimodal biometric security system that combines fingerprint, speech, and face recognition for authentication. It discusses different biometric techniques including fingerprint, face, and speech recognition and describes the modules involved in a multimodal system, such as the sensor, feature extraction, matching, and decision making modules. Different levels of data fusion are also covered, including sensor, feature, matching score, and decision level fusion. The document concludes that a multimodal system can improve performance over unimodal systems by reducing false acceptance and rejection rates, while increasing security.
IRJET- A Review on Security Attacks in Biometric Authentication SystemsIRJET Journal
This document summarizes security attacks on biometric authentication systems. It discusses how biometric systems are vulnerable to different types of attacks, including attacks at the user interface, interfaces between modules, software modules, and the biometric template database. These attacks aim to compromise the biometric template and reduce system security. The document also reviews intrinsic system failures and adversary attacks as reasons for system failure. It concludes by outlining several countermeasures that can help resist different security attacks, such as liveness detection, biometric cryptosystems, steganography, watermarking, and cancellable biometrics.
IMPLEMENTATION PAPER ON MACHINE LEARNING BASED SECURITY SYSTEM FOR OFFICE PRE...IRJET Journal
1. The document discusses the implementation of a machine learning-based security system for office premises using user authentication.
2. The proposed system uses four-step security including login credentials, one-time passwords, and face recognition to authenticate users and restrict unauthorized access, while also featuring auto-saving of data to servers and automatic logouts.
3. The system aims to provide strong security, integrity, and confidentiality of data by making unauthorized access more difficult through multi-factor authentication barriers.
Two-factor authentication- A sample writing _ZamanAsad Zaman
This document discusses various authentication methods including passwords, biometrics, tokens, two-factor authentication, and multi-factor authentication. It provides details on each method, including their strengths, weaknesses, and how they provide different levels of security. Multiple authentication factors can be combined to achieve stronger authentication through a multi-factor approach. The document also includes examples of how different authentication methods may be suitable for different access levels and use cases.
Similar to User Identity Verification via Mouse Dynamics (20)
Global Situational Awareness of A.I. and where its headedvikram sood
You can see the future first in San Francisco.
Over the past year, the talk of the town has shifted from $10 billion compute clusters to $100 billion clusters to trillion-dollar clusters. Every six months another zero is added to the boardroom plans. Behind the scenes, there’s a fierce scramble to secure every power contract still available for the rest of the decade, every voltage transformer that can possibly be procured. American big business is gearing up to pour trillions of dollars into a long-unseen mobilization of American industrial might. By the end of the decade, American electricity production will have grown tens of percent; from the shale fields of Pennsylvania to the solar farms of Nevada, hundreds of millions of GPUs will hum.
The AGI race has begun. We are building machines that can think and reason. By 2025/26, these machines will outpace college graduates. By the end of the decade, they will be smarter than you or I; we will have superintelligence, in the true sense of the word. Along the way, national security forces not seen in half a century will be un-leashed, and before long, The Project will be on. If we’re lucky, we’ll be in an all-out race with the CCP; if we’re unlucky, an all-out war.
Everyone is now talking about AI, but few have the faintest glimmer of what is about to hit them. Nvidia analysts still think 2024 might be close to the peak. Mainstream pundits are stuck on the wilful blindness of “it’s just predicting the next word”. They see only hype and business-as-usual; at most they entertain another internet-scale technological change.
Before long, the world will wake up. But right now, there are perhaps a few hundred people, most of them in San Francisco and the AI labs, that have situational awareness. Through whatever peculiar forces of fate, I have found myself amongst them. A few years ago, these people were derided as crazy—but they trusted the trendlines, which allowed them to correctly predict the AI advances of the past few years. Whether these people are also right about the next few years remains to be seen. But these are very smart people—the smartest people I have ever met—and they are the ones building this technology. Perhaps they will be an odd footnote in history, or perhaps they will go down in history like Szilard and Oppenheimer and Teller. If they are seeing the future even close to correctly, we are in for a wild ride.
Let me tell you what we see.
Beyond the Basics of A/B Tests: Highly Innovative Experimentation Tactics You...Aggregage
This webinar will explore cutting-edge, less familiar but powerful experimentation methodologies which address well-known limitations of standard A/B Testing. Designed for data and product leaders, this session aims to inspire the embrace of innovative approaches and provide insights into the frontiers of experimentation!
The Building Blocks of QuestDB, a Time Series Databasejavier ramirez
Talk Delivered at Valencia Codes Meetup 2024-06.
Traditionally, databases have treated timestamps just as another data type. However, when performing real-time analytics, timestamps should be first class citizens and we need rich time semantics to get the most out of our data. We also need to deal with ever growing datasets while keeping performant, which is as fun as it sounds.
It is no wonder time-series databases are now more popular than ever before. Join me in this session to learn about the internal architecture and building blocks of QuestDB, an open source time-series database designed for speed. We will also review a history of some of the changes we have gone over the past two years to deal with late and unordered data, non-blocking writes, read-replicas, or faster batch ingestion.
4th Modern Marketing Reckoner by MMA Global India & Group M: 60+ experts on W...Social Samosa
The Modern Marketing Reckoner (MMR) is a comprehensive resource packed with POVs from 60+ industry leaders on how AI is transforming the 4 key pillars of marketing – product, place, price and promotions.
Predictably Improve Your B2B Tech Company's Performance by Leveraging DataKiwi Creative
Harness the power of AI-backed reports, benchmarking and data analysis to predict trends and detect anomalies in your marketing efforts.
Peter Caputa, CEO at Databox, reveals how you can discover the strategies and tools to increase your growth rate (and margins!).
From metrics to track to data habits to pick up, enhance your reporting for powerful insights to improve your B2B tech company's marketing.
- - -
This is the webinar recording from the June 2024 HubSpot User Group (HUG) for B2B Technology USA.
Watch the video recording at https://youtu.be/5vjwGfPN9lw
Sign up for future HUG events at https://events.hubspot.com/b2b-technology-usa/
Analysis insight about a Flyball dog competition team's performanceroli9797
Insight of my analysis about a Flyball dog competition team's last year performance. Find more: https://github.com/rolandnagy-ds/flyball_race_analysis/tree/main
1. User Identity Verification via Mouse
Dynamics
Clint Feher1
, Yuval Elovici1, 2
, Robert Moskovitch1
, Lior Rokach1, 2
, Alon Schclar1
1
Deutsche Telekom Laboratories at Ben-Gurion University,
Ben-Gurion University of the Negev, Beer-Sheva, 84105, Israel;
{clint, elovici, robertmo, liorrk, schclar} @ bgu.ac.il
2
Department of Information Systems Engineering,
Ben-Gurion University of the Negev,
Beer-Sheva, 84105, Israel;
ABSTRACT
Computers and services such as eBanks and WebMails that identify users
only at login via credentials are vulnerable to Identity Theft. Hackers
perpetrate fraudulent activity under stolen identities by using credentials,
such as passwords and smartcards, unlawfully obtained from legitimate users
or by using logged-on computers that are left unattended. User verification
methods provide an additional security layer by continuously confirming the
identity of logged-on users based on their physiological and behavioral
characteristics.
We introduce a novel method that continuously verifies users according to
characteristics of their interaction with the pointing device of the computer
e.g. mouse, touch pad and stylus.
The contribution of this work is three-fold: first, user verification is derived
by combining the classification results of each individual mouse action, in
contrast to the histogram approach in [2] in which verification is based on
aggregations of mouse actions. Second, we propose a hierarchy of mouse
actions from which the features are extracted. Third, we introduce new
features to characterize the mouse activity which are used in conjunction
with features proposed in previous work.
The proposed algorithm outperforms current state-of-the-art methods by
achieving higher verification accuracy while reducing the response time of
the system.
1. INTRODUCTION
Currently, most computer systems and on-line websites identify users solely by means of
credentials such as passwords and PINs (personal identification numbers). These systems
expose their users to Identity Thefts – a crime in which hackers impersonate legitimate
users in order to commit fraudulent activity. Hackers exploit other identities by stealing
credentials or by using logged-on computers that are left unattended.
2. According to the non-profit Identity Theft Resource Center (ITRC), identity theft from a
consumer perspective is divided into four categories: (a) Financial identity theft in which
stolen identity is used to obtain goods and services, for example a bank fraud; (b)
Criminal identity theft in which a criminal impersonate a legitimate user when
apprehended for a crime; (c) Identity cloning - using the information of another person to
assume his or hers identity in daily life; and (d) Business/commercial identity theft - using
a stolen business name to obtain credit.
A major threat to organizations is identity thefts that are committed by internal users who
belong to the organization. Usually, the hacker gains access to sensitive information which
can be exploited for industrial espionage, extortion, etc.
The drawbacks of identification methods that only rely on credentials lead to the
introduction of user verification techniques which are used in conjunction with credential-
based user identification. Verification methods confirm the identity of the users according
to behavioral and physiological biometrics which are assumed to be relatively constant to
each user, and harder to steal. The verification may be performed once during login or
continuously throughout the session. In the latter case, biometric measurements of the user
are taken at regular intervals while the user is logged-on and are compared with
measurements that were collected in advance. Common behavioral biometrics include
characteristics of the interaction between the user and input devices such as the mouse and
keyboard. Physiological biometrics, on the other hand, use fingerprints, iris patterns and
other physiological features that are unique to each individual. Thus, systems utilizing
biometric user verification require a hacker who wants to infiltrate the system not only to
steal the credentials of the user but also to mimic the user's behavioral and physiological
biometrics making identity thefts much harder.
A major drawback of user verification methods that are based on physiological biometrics
is that they require dedicated hardware devices such as fingerprint sensors and retina
scanners which are expensive and are not always available. Although fingerprint
verification is becoming widespread in laptops, it is still not popular enough and it cannot
be used in web applications. Furthermore, fingerprints can be copied. Behavioral
biometrics [26[28], on the other hand, do not require special designated devices since they
use common hardware such as the mouse and keyboard.
3. Another major difference between physiological and behavioral biometrics is the temporal
aspect - behavioral biometrics may differ depending on the time of day in which they are
captured. This makes them harder to intercept and imitate but also harder to utilize.
Furthermore, several challenges [26], which will be elaborated in Sections 2 and 6, still
need to be overcome in order to make this approach fully operational. Consequently,
behavioral biometrics was largely ignored for user verification in the past. In this paper
we propose a novel user continuous verification technique based on behavioral biometrics
of mouse activity.
The rest of the paper is organized as follows: in Section 2 we describe various aspects of
behavioral biometrics verification systems such as general architecture and challenges
inherent in their construction. We also survey currently available state-of-the-art
techniques and give an in-depth description of mouse behavioral biometrics. The proposed
algorithm is described in Section 3. Experimental results are presented in Section 4.
Finally, we conclude in Section 5 and describe the various challenges and open problems
that need further investigation in order to make this approach fully operational.
2 BEHAVIORAL BIOMETRICS SYSTEMS FOR USER
VERIFICATION
A biometric-based user verification system Error! Reference source not found. is
essentially a pattern recognition system that acquires biometric data from an individual,
extracts a feature set to form a unique user signature and constructs a verification model
by training it on the set of signatures. User verification is achieved by application of the
model to on-line acquired signatures of the inspected user that are constructed using a
process identical to the one used during the model construction.
2.1 General architecture
Figure 1 depicts the typical architecture of a behavioral biometrics user verification
system. Such systems include the following components:
• Feature acquisition – captures the events generated by the various input devices
used for the interaction (e.g. keyboard, mouse)
4. • Feature extraction – constructs a signature which characterizes the behavioral
biometrics of the user.
• Classifier – Consists of an inducer (e.g. Support Vector Machines, Artificial
Neural Networks, etc) that is used to build the user verification model by training
on past behavior, often given by samples. During verification, the induced model
is used to classify new samples acquired from the user.
• Signature database – A database of behavioral signatures that were used to train
the model. Upon entry of a username, the signature of the user is retrieved for the
verification process.
Figure 1: A typical framework of a behavioral biometric identification system.
2.2 Related work
According to [6], most common behavioral biometrics verification techniques are based
on: (a) mouse dynamics, which are derived from the user-mouse interaction and are the
focus of this paper; (b) keystroke dynamics, which are derived from the keyboard activity;
and (c) software interaction, which include, for example, how features of a specific
software tool are utilized.
Behavioral methods can also be characterized according to the learning approach that they
employ. Explicit learning methods monitor user activity while performing a predefined
task such as playing a memory game [20]. Implicit learning techniques, on the other hand,
monitor the user during his usual activity rather than while performing a specific task.
Implicit learning is more challenging due to high inconsistency owed to the variety of the
performed tasks, mood changes and other influencing factors. Nevertheless, it is the best
way to learn unique user behavior characteristics such as frequently performed actions.
In the following, we list current available user verification systems along with their
performance evaluations. Biometric systems are usually evaluated according to False
5. Acceptance Rate (FAR), False Rejection Rate (FRR) and Equal Error Rate (ERR) which
are described in Section 4.2.
Mouse-based user verification methods
Gamboa et al [20] proposed to verify a user based on his interaction with a memory game.
The user was required to identify matching tiles and was verified based on characteristics
of the mouse-strokes performed in order to reveal the tiles. A mouse-stroke was defined to
be the set of traversed points from one click to the next and a set of one or more strokes
was used in order to verify a user. Features such as curvature and velocity, were used to
characterize each mouse-stroke. The learning procedure employed maximum likelihood
with various distributions such as the Weibull [27] and Parzan distribution[27]s.
Evaluation was performed using 50 users with a varying number of mouse-strokes having
an average duration of 1 second. Equal error rates (ERRs) of 0.007 and 0.002 were
achieved for 100 and 200 mouse-strokes, respectively.
Ahmed et al[1] monitored the mouse activity of users while they performed their daily
tasks within their own chosen operating conditions and applications. Features were
extracted and aggregated into histograms that were used to characterize each user. Four
action types were defined:
• Mouse-Move (MM) – General movement between two points.
• Drag-and-drop (DD) – An action composed of the following sequence: a mouse-
button down event, a movement and then a mouse-button up.
• Point and Click (PC) – Mouse-movement between two points followed by a click.
• Silence – No movement.
Every action is described by properties such as the duration, traveled distance and the
direction of the movement (the travelling properties are excluded for silence actions). The
general movement angle is fitted into 8 equal size sectors of the circle - each covering 45
degrees of the angle space as illustrated in Error! Reference source not found..
6. Figure 2: Angle space of movement direction: 8 equal-sized sectors of the circle. Direction 2 represents
angles between 45˚ and 90˚. Direction 5 represents angles between 180˚ and 225˚.
Examples of collected actions are illustrated in Table 1.
Type of action Distance(pixels) Time(Seconds) Direction
MM 50 1 3
PC 237 3 4
PC 80 2 2
Silence - 2 -
Table 1 – Raw mouse activity data. The first action was Mouse-move which took 1 second, travelled in
direction 3 to a distance of 50 pixels. The second action was a Point and Click which took 3 seconds
and was to a distance of 237 pixels.
A session is defined as a sequence of mouse activities performed by a user. The sequence
is limited to a predefined number of actions and a period of time. The user is characterized
by a set of 7 histograms that are constructed from the raw user session data. In order to
form the histograms, the data are averaged across the session and discretisized in a manner
similar to the fitting of movement angle into 8 directions.
1. Traveled Distance Histogram (TDH) – The distribution of the travelled distance for
every action type which is illustrated in Error! Reference source not found.(a). Only
the first two features (distances 0-100 and 100-200 pixels) are used to represent the
user.
2. Action Type Histogram (ATH) – The relative frequency of the MM, DD and PC
actions within a session - illustrated in Figure 3(b).
3. Movement Direction Histogram (MDH) – The ratio of actions performed in each
one of the eight directions. This feature is represented by 8 values and illustrated in
Error! Reference source not found.(c).
4. Average Movement speed per movement Direction (MDA) – The average speed
over all the actions performed in each one of the eight directions. This feature is
represented by 8 values and is illustrated in Error! Reference source not found.(d).
7. 5. Average movement speed per Types of Actions (ATA) – The average speed of
performing the MM, DD and PC actions. This feature is represented by 3 features and
illustrated in Error! Reference source not found.(e).
6. Movement Speed compared to traveled Distance (MSD) – Approximation of the
average traveling speed for a given traveling distance (derived via a Neural Network).
This feature is represented by 12 values sampled from the curve. This is illustrated in
Error! Reference source not found.(f).
7. Movement elapsed Time Histogram (MTH) – The time distribution for performing
an action. Represented by 2 features and illustrated in Error! Reference source not
found.(g).
The histograms are used to construct a feature vector composed of 39 features which
characterize each session of every user. Error! Reference source not found. summaries
the extracted features.
A binary neural network model was built for every user based on the feature vectors
drawn from the different histograms. The Neural Network was trained via the back
propagation algorithm. Training consisted of 5 sessions - each of which contained 2000
actions (~13.55 minutes). This experiment achieved FAR of 2.4614% and FRR of
2.4649%. Shorter times (about 4 minutes) produced results of less than 24% FRR and
4.6% FAR. Thus, in order to construct accurate histograms, it requires a significant
amount of mouse activities, monitored over a relatively long duration of time.
Factors MSD MDA MDH ATA ATH TDH MTH
Features 12 8 8 3 3 2 3
Table 2: 39 Features used in Ahmed et al [1] to characterize mouse behavior biometrics.
Pusara and Bordley [19] proposed a user verification scheme based on mouse movements
while participants browsed a predefined set of web pages using a web browser. Features
such as the mean, standard deviation, third moment of distance, angle and speed were
extracted from a sequence of N events. Three main evaluations were performed: the goal
of the first was to check the behavior difference between each pair of users. Results
showed that a relatively large number of users can be discriminated from one another. In
the second evaluation, the discrimination of each user x from the set of the remaining
8. users was tested. A binary model was created for each user x. An FAR of 27.5% and FRR
of 3.06% was achieved on the average. The third evaluation was similar to the second but
used only 11 (out of the 18 that participated) users and also applied a smoothing filter to
the data. An FAR 0.43% and an FRR of 1.75% were achieved.
Figure 3 – Constructed histograms from user activity session in [2]. (a) Traveled Distance Histogram
(TDH), (b) Action Type Histogram (ATH), (c) Movement Direction Histogram (MDH), (d) Average
Movement speed per movement Direction (MDA), (e) Average movement speed per Types of Actions
(ATA), (f) Movement Speed compared to traveled Distance (MSD), (g) Movement elapsed Time
Histogram (MTH).
Other user verification approaches
Alternative approaches to user verification utilize keyboard dynamics and software
interaction characteristics. Keyboard dynamics features include, for example, latency
between consecutive keystrokes, flight time, dwell time - all based on the key
down/press/up events. Keyboard-based methods are divided into methods that analyze the
user behavior during an initial login attempt and methods that continuously verify the user
throughout the session. The former typically construct classification model according to
feature vectors that are extracted while the users type a predefined text (usually short)
9. [3,21,22,29,30,31]. Bergadano et al [3], extracted the typing durations of two (di-graph)
and three (tri-graph) consecutive characters from a sample and used to associate it to a
user. The extracted graphs were ordered by their duration and their relative ordering was
compared to the relative order of the training samples of other users.
Keyboard-based methods for continuous verification of users extract feature vectors while
the user types free text. Gunetti et al. [24] extended the approach of [3] to also handle free
text. Furthermore, they proposed another distance measure based on absolute times. Curtin
et al [23] constructed a nearest neighbor classifier that was trained according to the
duration of common characters, transition times of common di-graphs and the occurrence
frequency of special keys
Although being effective, keyboard-based verification is less suitable for web browsers
since they are mostly interacted with via the mouse.
Several types of software are suggested in the literature to characterize behavioral
biometrics of users. These include board games [13][14], email clients [7][8][9],
programming development tools [10][11][12], command line shells [17][18] and drawing
applications [15][16]. These biometric features may be partially incorporated in user
verification systems.
3 THE PROPOSED METHOD
We propose a novel verification method which verifies a user based on each individual
mouse action. This is in contrast to the histogram-based method in [2] which requires the
aggregation of dozens of activities before accurate verification can be performed.
Verification of each individual mouse action increases the accuracy while reducing the
time that is needed to verify the identity of the user since fewer actions are required to
achieve a specific accuracy level, compared to the histogram-based approach. In order to
effectively characterize the mouse actions, we construct a hierarchy of features whose
lowest level consists of fundamental mouse events while features at higher levels are
composed of lower level ones. In general, high-level features characterize the mouse
activity better than low-level ones since they convey more information regarding the task
intended by the user. The verification algorithm constructs a classifier using vectors
10. composed of high level features, which will be described below. Some of the proposed
features are new while others bare some resemblance to the ones used in [2] and [20].
3.1 A hierarchy of mouse actions
All mouse activities are formed from five atomic mouse events which constitute the
lowest level (level 0) of the proposed hierarchy:
(i) Mouse-move Event (m) – occurs when the user moves the mouse from one
location to another. Many events of this type occur during the entire movement –
their quantity depends on the mouse resolution/sensitivity, mouse driver and
operating system settings.
(ii) Mouse Left Button Down Event (ld) - occurs when the left mouse button is
pressed,
(iii) Mouse Right Button Down Event (rd) - occurs when the right mouse button is
pressed,
(iv) Mouse Left Button Up Event (lu) - occurs after the left mouse button is released,
(v) Mouse Right Button Up Event (ru) - occurs after the right mouse button is released
Data describing each event is typically collected by a piece of hardware or software which
may dispatch it to an event handler for further processing. Mouse events are characterized
by (a) their type; (b) the location of the mouse (x and y coordinates); (c) the time t when
the event took place. Thus a mouse event is formally described by event-type<x,y,t>.
In general, higher-level actions are formed from sequences of lower-level ones. Two
consecutive mouse events are considered part of a sequence if the time duration between
their occurrences is below a given threshold. We refer to these thresholds as concatenation
time-thresholds (CTT).
Basic mouse actions (level 1)
This set of basic mouse actions is constructed based on a sequence of the atomic mouse
events – m, ld, rd, lu and ru. In order to concatenate two consecutive mouse events we
define the following CTTs:
• Moving CTT: Time threshold for concatenation of two consecutive mouse move
events which is denoted by τMM.
11. • Mouse move to left click CTT: The time between a mouse-move (m) event and a left
mouse-down (ld) event to be concatenated into an action. The Mouse-move to Left
Click concatenation time is denoted by τMLM.
• Mouse-move to right click CTT: The time between a mouse-move (m) event and a
right mouse-down (rd) event to be concatenated into an action. The Mouse-move to
Right Click concatenation Time is denoted by τMRM.
• Mouse-down to mouse-up CTT. The minimal time duration between a mouse-down
event (rd or ld) and a mouse-up event (ru or lu) event to be concatenated into an
action. Optional mouse-move events (m) may take place between the mouse-down and
mouse-up events. The mouse-down to mouse-up concatenation time is denoted by τDD.
Given the above thresholds, we define the following basic (level 1) mouse actions:
Silence interval – is defined as a time interval that separates between two consecutive
mouse events in which no action took place. Formally, the following silence interval are
defined: (a) two consecutive mouse-move events separated by a period of time that is
greater than τMM seconds; (b) a mouse-move followed by a left mouse-down event after
more than τMLM seconds; and (c) a mouse-move followed by a right mouse-down event
separated by more than τMRM seconds. We denote a silence interval by σ.
Left Click (LC) – refers to the action of clicking on the left mouse button. This action
consists of a left button down event followed by a left button up event taking place within
τLC seconds. Formally,
LCnttttt
t
t ttlummmldLC nn
n
τ≤−= − 1|],,...,,[, 13211
1t and nt denote the time points at which the left button down and left button up events
took place, respectively. The ],...,,[ 132 −nttt mmm refer to optional mouse move events taking
place between the mouse down and mouse up events.
Right Click (RC) – denoted the action of clicking on the right mouse button which is
composed of a right button up event taking place after a right button down event within
τRC seconds. Formally,
RCnttttt
t
t ttrummmrdRC nn
n
τ≤−= − 1|],,...,,[, 13211
12. Mouse-move Sequence (MMS) – refers to action of moving the mouse from one position
to another. This action is defined as a sequence of mouse-move events in which the time
gap between every consecutive pair of events is less than τMM. Formally,
)(:11|,...,, 1211 MMkkttt
t
t ttnkmmmMMS n
n
τ≤−−≤≤∀= +
Drag-and-Drop (DD) – denotes the action in which the user presses one of the mouse
buttons, moves the mouse while the button is being pressed and releases the button at the
end of the movement. Using atomic events, this action begins with a left or right mouse-
down event followed by a sequence of mouse-move events and terminates with a left or
right mouse-up event, respectively. The minimal time between the left down event and left
up event exceeds τDD. Formally:
DDnttttt ttummmdDD nn
τ>−= − 1|,,...,,, 1321
where the duration of the action has to be greater than the click time, i.e. LCDD ττ > and
RCDD ττ > , for left button and right button usage, respectively.
The level 1 mouse actions – LC, RC, MMS and DD – are illustrated in Figs. 4(a)-(d),
respectively.
Level 2 mouse actions
The next level of mouse actions is composed of level 1 actions and level 0 (atomic)
events:
Mouse-move Action (MM) – A sequence of mouse-move events followed by silence
time σ. Formally:
σ,MMSMM =
Double Click Action (DC) – is composed of a two consecutive left clicks in which the
mouse-up of the first click and the mouse-down of the second one occur within an interval
of τI. Formally:
Ict
ct
ct ctctLCLCDC τ≤−⋅= 23|3
2
1
The level 2 mouse actions – DC and MM – are illustrated in Figs. 4(e) and 4(f),
respectively.
13. Level 3 mouse actions
This is the highest level of mouse actions. The actions in this level are composed of level
1 and level 2 actions as follows:
Mouse-move and Left Click Action (MM_LC) – is composed of a sequence of mouse-
move events followed by a left click taking place at most τMLM seconds after the last
mouse-move event. Formally:
MLMnnt
t
t ttLCMMSLCMM n
n
τ≤−⋅= −
−
1|_ 1
1
Mouse-move and Right Click Action (MM_RC) – consists of a sequence of mouse-
move events and a right click taking place at most τMRM seconds after the last mouse move
event. Formally:
MRMnnt
t
t ttRCMMSRCMM n
n
τ≤−⋅= −
−
1|_ 1
1
Mouse-move and Double Click Action (MM_DC) – is defined as a sequence of mouse-
move events which are followed by a double left click. Formally:
IMLMnct
ct
ct
t
t ctcttctLCLCMMSDCMM n
ττ ≤−≤−⋅⋅= 231 ,|_ 3
2
11
Mouse-move and Drag-and-drop Action (MM_DD) – is composed of a sequence of
mouse-move events, a left/right mouse-down event, another sequence of mouse-move
events and a left/right mouse-up event, respectively. Formally,
CmkmMmttttt
t
t ttttummmdMMSDDMM kmkmmmm
n
ττ >−≤−⋅= ++++++++++ 11n1 ,|,,...,,,_ 13211
where 1+mtd denotes when the mouse down event took place, 1++kmtu is when the mouse-up
event occurred and
button)rightfor(,,
button)left(for,,
MRMMRCCtt
MLMMLCCtt
rdd
ldd
ττττ
ττττ
>>=
>>=
The level 3 mouse actions – MM_LC, MM_RC, MM_DC and MM_DD – are illustrated
in Figs. 4(g)-(j), respectively. An overall view of the feature hierarchy is depicted in Fig.
5.
14. Figure 4: Schematic description of the various mouse actions: (a) Left click. (b) Right click. (c) Mouse-
move sequence. (d) Drag-and-drop action. (e) Double click. (f) Mouse-move. (g) Mouse-move followed
by a left click. (h) Mouse-move followed by a right click. (i) Mouse-move followed by a double click. (j)
Mouse-move followed by a drag-and-drop.
Figure 5: The hierarchy of mouse actions that are used to characterize the mouse activity.3.2 Actions
features
All actions, except for LC, RC and DC, contain one or more sequences of mouse-move
events together with lower level actions. In the following we describe the features that we
use in order to characterize mouse movement. We then describe the features that we
associate with each mouse action.
3.2.1 Movement Features (MF)
We adopt a similar approach to the one proposed by Gamboa et al [20] in order to describe
a mouse movement action. Formally, each mouse movement is associated with the
following three vectors:
15. { } 1
n
i i
t =
=t - The sampling time
{ } 1
n
i i
x =
=x - The horizontal coordinate sampled at time it .
{ } 1
n
i i
y =
=y - The vertical coordinate sampled at time it .
The length of the path produced by the sequence of points until the i-th point is defined as:
∑=
+=
i
k
i kk
yxS
1
22
δδ
where 1 1andi i i i i ix x x y y yδ δ+ += − = − .
A set of basic features, which are described in Table 3, was extracted in [20] from the
vectors andx,y t .
Feature name Description Formal definition
1
Angle of movement Angle of the path tangent with the
x-axis ∑=
+
=
i
j
ji
x
y
11
1
arctan* δθ
δ
δ
θ
+
= π
δ
δ
δδθ k
x
y
i
i
i 2arctan*min
2
Curvature The relative angle change to the
traveled distance s
c
δ
δθ
=
3 Curvature change rate
s
c
c
δ
δ
=∆
4 Horizontal Velocity Velocity with respect to the x-axis
t
x
V x
δ
δ
=
5 Vertical Velocity Velocity with respect to the y-axis
t
y
V y
δ
δ
=
6 Velocity 22
xx yx VVV δδ +=
7 Acceleration
t
V
V
δ
δ
=&
8
Jerk
t
V
V
δ
δ &
&& =
9 Angular Velocity
t
w t
δ
δθ
=
Table 3: Basic mouse movement features which were proposed in [20] and are used by the proposed
approach in this paper.
Based on the features in Table 3, Gamboa et al [20] construct a set of higher-level
features. In order to calculate some of these features, the vectors x,y are first interpolated
and the interpolated results are denoted by ' 'x , y , respectively. The result is used to obtain
the interpolated traveled distance which is denoted by 's .
A subset of the higher-level features proposed in [20] which is utilized by the algorithm
proposed in this paper, is given in Table 4.
16. Feature name Description Number of
features
Formal definition
1
minimum, maximum, mean,
standard deviation and
(maximum-minimum)
The specified statistic
of
', ', , , , ,
, , , and w
x
y
x y c c V
V V V V
θ ∆
& &&
55
2 Duration of movement 1 tn
3 Traveled distance 1 Sn-1
4 Straightness(S) 1
1
2
1
2
1 )()(
−
−+−
n
nn
S
yyxx
5
Critical Points (CP) 1
2
i
i
1
10
for
otherwise0
^0cif1
z
wherePoints(CP)
pixel
radc
zCritical
i
n
i
i
π
α
α
>
>=∆
=
= ∑=
6 Jitter(J) 1
1
'
−nS
S
Table 4: Additional extracted features based on x',y',s' and the basic features.
We introduce a set of new features that are used in conjunction with the features in Table
4. These features include:
1. Trajectory Center of Mass (TCM) – a single feature that measures the average time
for performing the movement where the weights are defined by the traveled distance:
∑
−
=
+++
−
−+−=
1
1
2
1
2
11
1
)()(
1 n
i
iiiii
n
yyxxt
s
TCM
2. Scattering Coefficient (SC) – measures the extent to which the movement deviates
from the movement center of mass:
∑
−
=
+++
−
−−+−=
1
1
22
1
2
1
2
1
1
)()(
1 n
i
iiiii
n
TCMyyxxt
S
SC
3. Third and Fourth Moment (M3, M4) –
∑
−
=
+++
−
−+−=
1
1
2
1
2
11
1
)()(
1 n
i
iiii
k
i
n
k yyxxt
S
M where k=3,4.
4. Trajectory Curvature (TCrv) - The average of the following quantity is taken over
all the sampled points:
2
3
22
)( yx
xyyx
TCrv
&&
&&&&&&
+
−
=
17. 5. Velocity Curvature (VCrv). The average is taken as the feature.
2
3
2
)1( v
v
VCrv
&
&&
+
=
Table summarizes the features which are used by the proposed algorithm in order to
characterize mouse movement actions.
Factors x' y' θ c c∆ Vx Vy V V& V&& w tn Sn-1 S CP J TCM SC Mk TCrv VCrv
Features 5 5 5 5 5 5 5 5 5 5 5 1 1 1 1 1 1 1 2 1 1
Table 5: 66 features used to represent a movement sequence.
3.2.2 Mouse action features
In order to describe the LC, RC, DC, DD, MM_LC, MM_RC and MM_DD mouse
actions, additional features are extracted depending on the action type at hand. Table 6
provides a detailed description of the features that are used to characterize each of the
actions.
Action Features Number
of
features
Left Click (LC) • Click Time (CT) – The time between the mouse down event and the mouse up event, which
must be less than τLC.
• Traveled Distance during Click (TDC) – The distance traveled between the mouse down
event and the mouse up event.
2
Right Click
(RC)
• Click Time (CT) – The time between the mouse down event and the mouse up event which
is less than τRC.
• Traveled Distance during Click (TDC) – The distance traveled between the mouse down
event and the mouse up event.
2
Drag and Drop
(DD)
• The features of the movement between the mouse-down and mouse-up events which are
summarized in Table 6.
66
Double Click
(DC)
• First Click Time (FCT) – The time between the mouse- down and mouse-up events, which
is less than τLC.
• First Click Distance (FCD) – The distance traveled between the mouse-down and mouse-
up events of the first click.
• Interval Time (IT) – The time interval between the first click and the second one, which is
less than τI.
• Interval Distance (ID) – The distance traveled between the first click and the second one.
• Second Click Time (SCT) – The time between the mouse-down and mouse-up events,
which is less than τLC.
• Second Click Distance (SCD) – The distance traveled between the mouse-down and
mouse-up events of the second click.
6
Mouse Move
and Left or
Right Click
Action
(MM_LC)
• Mouse movement features from the beginning of the action until the mouse down event
(Table 6).
• Time to click (TC) – The time between the mouse-move event immediately preceding the
mouse-down event and the mouse-down event itself.
• Distance to click (DC) – The distance between the mouse-move event immediately
preceding the mouse-down event and the mouse-down event itself.
• Click Time (CT) – The time between the mouse-down and mouse-up events, which is less
than τLC.
• Traveled Distance during Click (TDC) – The distance traveled between the mouse-down
and the mouse-up events.
70
Mouse Move
and Double
Click Action
• Mouse movement features from the beginning of the action until the mouse down event
(Table 6).
• Time to click (TC) – The time between the mouse-move event immediately preceding the
74
18. (MM_DC) mouse-down event and the mouse-down event itself.
• Distance to click (DC) – The distance between the mouse-move event immediately
preceding the mouse-down event and the mouse-down event itself.
• First Click Time (FCT) – The time between the mouse-down and the mouse-up events,
which is less than τLC.
• First Click Distance (FCD) – The distance traveled between the mouse-down and the
mouse-up events of the first click.
• Interval Time (IT) – The time interval between the first click and the second, which is less
than τI.
• Second Click Time (SCT) – The time between the mouse- down and the mouse-up events,
which is less than τLC.
• Second Click Distance (SCD) – The distance traveled between the mouse-down and the
mouse-up events of the second click.
Mouse Move
and Drag and
Drop Action
(MM_DD)
• Mouse movement features from the beginning of the action until the mouse down event
(Table 6).
• Time to click (TC) – The time between the mouse-move event immediately preceding the
mouse-down event and the mouse-down event itself.
• Distance to click (DC) – The distance between the mouse-move event immediately
preceding the mouse-down event and the mouse-down event itself.
• Mouse movement features describing the movement between the mouse-down and
mouse-up events of the drag-and-drop action (Table 6).
134
Table 6: Features of the mouse actions that are used to describe the mouse activity.
3.3 The Proposed Verification Framework
The framework is divided into 3 parts: (a) Acquisition, (b) Learning, and (c) Verification.
A detailed description of these parts is given in the next sections.
3.3.1 Acquisition
The acquisition part captures the mouse events that constitute the users' mouse activity
and is illustrated in Figure 6. This part is composed of three modules and an Actions
database:
• A feature acquisition module - responsible for acquiring the events that are produced
by the mouse. Each event is described as a quartet <event type, x coordinate, y
coordinate, timestamp>. For example, the quartet <MM,220,320,63355951016724>
represents a mouse-move event, at location X=220, Y=320 at time 63355951016724
milliseconds after the year 1970.
• An action extractor module - transforms the acquired events into the mouse actions
defined in section 3.1. Each action is extracted and associated with its events in order
to facilitate the extraction of the different features proposed in Section 3.2.
• A feature extractor module - derives features from the given action. It is illustrated
by multiple instances in Fig. 7 since different feature extractors are required for
19. different types of actions. The extracted features are summarized in Table 7Error!
Reference source not found..
• An actions DB - stores the actions and their associated features of each user. This
information is used to construct the profiles of each user in the Learning process.
Figure 6: The acquisition process of mouse activity.
3.3.2 Learning
In this part, classifiers are constructed for each action type. Training sets in the form of
matrices are constructed using the actions of the users that are stored in the actions DB.
Each matrix holds the features that belong to a specific action type. Specifically, each
action instance forms a row whose columns contain the features that are associated with
the action and its label is given by the id of the user who performed the action.
A classifier is trained using the rows of one matrix and the produced model is stored in a
database (one model for each action type).
We use the Random Forest [25] classifier which is a multi-class classifier, constructed
from an ensemble of decision trees. Given a training set consisting of N instances,
bootstrap samples of size N are drawn from it. Each sample is used to construct a decision
tree. The classification of a pattern is obtained by a majority voting scheme applied to the
results of the constructed trees. Figure illustrates the training process.
20. Figure 7: The training process for each of the action types.
3.3.3 Verification
The verification process is composed of the following steps:
1. Features are extracted from the acquired actions via a process that is similar to the one
employed by the acquisition part.
2. The extracted features are stored in an Action Collector DB.
3. Once a sufficient number of (consecutive) actions are collected (according to a
predefined threshold m) they are sent to the appropriate classifier according to the
action type.
4. The Classifier (Layer 1) predicts for each of the trained users, the probability that each
of them performed each of the m actions.
5. A layer 2 decision module combines the probabilities to derive a final result.
The process and its components are illustrated in Fig. 8.
Figure 8: User verification process.
In the following, we give a formal description of the layer 1 classifier and the layer 2
decision module.
Classifier (Layer 1)
As previously mentioned, the classifier used to construct the model for each action type is
the Random Forest [25]. Each of the actions collected by the Action Collector is passed to
the appropriate classifier according to the type of action. Let ܷ = ሼݑଵ, … , ݑሽ be the set of
trained users and let ܣ = ሼܽଵ, … , ܽሽ be a set of performed actions.
21. Each classifier (associated with action ܽ) estimates for each trained user ݑ the
probability he performed action ܽ. This probability is denoted by ܲ൫ݑ|ܽ൯.
Let ܶ = ൛ݐ
ଵ
, ݐ
ଶ
, … , ݐ
ೖ
ൟ be the set of mik training instances of action type ܽ
performed by user i. In many cases mik may vary between the users for each type of action.
This may result in a biased decision by the classifier. In order to overcome this problem,
normalization is applied to the probabilities. Specifically, the probability ܲ௦௧
൫ݑ|ܽ൯ that
an action aj was performed by user ݑ is given by:
ܲ௦௧
൫ݑ|ܽ൯ =
ܲ
൫ݑ|ܽ൯
∑ ܲ൫ݑ௧|ܽ൯
௧ୀଵ
where
ܲ
൫ݑ|ܽ൯ =
ܲ൫ݑ|ܽ൯
݊ ⋅ ܲ൫ݑ|ܽ൯
∑
ܲ൫ݑ௧|ܽ൯
݊ ⋅ ܲ൫ݑ௧|ܽ൯
௧ୀଵ
=
ܲ൫ݑ|ܽ൯
ܲ൫ݑ|ܽ൯
ܲ
൫ݑ௧|ܽ൯
ܲ൫ݑ௧|ܽ൯
௧ୀଵ
and ܲ
൫ݑ|ܽ൯ denotes the a-priori probability derived by the training step.
Decision (Layer 2)
The decision module provides a final decision regarding the performed actions. It
combines the probabilities given by the layer-1 classifiers and produces a final probability
ܲ௦௧ሺݑ|ܽଵ, … , ܽ).
The probability that the set of actions ሼܽଵ, … , ܽሽ belongs to user ݑ is given by the
following formula1
:
ܲ௦௧ሺݑ|ܽଵ, … , ܽ) =
∑ ܲ௦௧
൫ݑ|ܽ൯
ୀଵ
∑ ∑ ܲ௦௧൫ݑ|ܽ൯
ୀଵ
ୀଵ
The set of actions ܽଵ, … , ܽ is associated to user ݑ if the resulting probability is above a
threshold λ i.e.
݊݅ݏ݅ܿ݁ܦ ݈ܽ݊݅ܨሺሼܽଵ, … , ܽሽ ∈ ݑ) = ൜ܻ݁ݏ ܲ௦௧ሺݑ|ܽଵ, … , ܽ) ≥ ߣ
ܰ ܱݐℎ݁݁ݏ݅ݓݎ
1
Probability multiplication equivalent to Naïve Bayes with Bayes formula was also tested, however due to poor results
the experiments were performed using probability summation.
22. 4 EXPERIMENTAL RESULTS
In order to evaluate the proposed approach, we first collected an extensive and diverse
data from a wide variety of users and computer configurations. Given the data, the
proposed approach was evaluated by performing the following experiments:
1. Comparison between the proposed action-based multi-class approach to the
histogram-based binary-class approach proposed by Ahmed et al [2].
2. Comparison between the proposed multi-class verification and a binary-class
model utilizing the proposed approach in order to examine the effectiveness of
using a multi-class model.
3. We tested the contribution of the new features introduced in Section 3.2 to the
verification accuracy.
4.1 Data Collection
The feature acquisition described in section Error! Reference source not found. was
performed in 25 computers which were used by 21 males and 4 females. The computers
were chosen from a wide variety of brands and hardware configurations. Specifically, the
computers included 13 desktops, 12 laptops. The CPU speeds ranged from 1.86Ghz to
3.2Ghz and the pointing devices included optical mice, touch pads and styli.
4.1.1 User groups definition
In general, different users may interact with one or more computer system. These users
may be associated with the institution or company to which the computer systems belong
or alternatively, they may be external. Accordingly, the following two groups of users
were defined:
(a) Internal Users – correspond to users that belong to the institution or company.
(b) External Users – users that are external to the institution or company.
One or more internal users may be authorized to interact with a particular computer
system while the rest of the users (internal and external) are not. We refer to the former
interaction type as an authorized interaction. It is assumed that the number of authorized
interactions performed by an internal user is higher than the number of unauthorized ones
since most of the time the legal users interact with their computer systems. Moreover, the
23. number of unauthorized interactions by external users is even smaller since they are not
supposed to have access to any of the computers within the company. This assumption is
manifested by the number of legal verification attempts, internal attacks and external
attacks that are chosen in the evaluation.
4.1.2 Experiment configuration
The thresholds τMM, τMLM, τMRM, τLC, τRC, τI that were used in order to construct the actions
defined in section Error! Reference source not found. were empirically set to 500
milliseconds. The action extraction incorporated filtration similarly to the one used in
[20]. Namely, calculation of the movement features associated with the different actions
such as speed, acceleration and jerk, was only done if a minimal amount of events was at
hand. Only movements that contained at least 4 different points were considered. Events
whose type and position were equal to those of the event which preceded them were
ignored.
Two-fold cross validation was used in the experiments i.e. the data collected for each of
the users was split into 2 equal partitions: training and testing. The profile of each user
was constructed from the training partition and the testing partition was used to generate
legal verifications and illegal attacks. On the average, the training set consisted of 15.494
hours of activity per user and the average action duration was approximately 1.4 seconds.
The set of all available users ܷ = ሼݑଵ, … , ݑሽ was randomly divided in each fold into a set
of k internal users ܷܫ = ൛݅ݑభ
, … , ݅ݑೖ
|݅ݑ
∈ ܷ, 1 ≤ ݆ ≤ ݊, ݈ = 1, … , ݇ൟ and a set of
external users ܷܧ = ܷ − .ܷܫ Profiles were constructed for each of the internal users in IU
according to the training activity that belonged to all users in IU. Each of the users in IU
was tested for authorized and unauthorized access based on a varying number of
consecutive actions. In each of the experiments the number of internal users was set to |IU|
=12 and the number of actions varied between 1 and 100 actions. All the experiments
were conducted using the same testing instances to allow credible comparisons.
Attacks by internal and external users were simulated and are referred to as internal and
external attacks, respectively. An internal attack was simulated by changing the user id of
an activity that belongs to an internal user to an id of another internal user. An external
attack was simulated by associating actions of an external user with an id of an internal
24. user. Specifically, 24 internal attacks were simulated for each user in each of the two
folds, producing 48 internal attacks per user and a total of 48 * 25 = 1200 internal attacks.
Six external attacks were simulated for each user in each of the two folds, producing 12
external attacks per user and a total of 12 * 25 = 300 external attacks.
In addition to the attacks, 72 authorized interactions were checked for each user in each of
the two folds, simulating a legitimate user working on a computer system. This produced
144 legal verification attempts per user and 144 * 25 = 3600 verification attempts in total.
The training and testing were performed on computer with 16GB RAM and an Intel(R)
Xeon(R) CPU running at 2.5Ghz which achieved all the execution times that are specified
below.
4.2 Evaluation measures
Since biometric-based verification systems are a special case of classifiers [1], their
performance is evaluated using similar measurements. Specifically, the following
measurements were used:
• False Acceptance Rate (FAR) – measures the ratio between the number of attacks that
were erroneously labeled as authentic interactions and the total number of attacks.
• False Rejection Rate (FRR) – measures the ratio between the number of legitimate
interactions that were erroneously labeled as attacks and the total number of legitimate
interactions.
• ROC Curve – An ROC curve is a graphical representation of the tradeoff between the
FAR and the FRR for every threshold [4][5]. The point (0,0) represents perfect
verification while the point (1, 1) represents wrong verification for every instance.
• Area Under Curve (AUC) – measures the area under the ROC curve. A lower AUC is
sought after since it corresponds to better performance.
• Equal Error Rate (EER) – The rate at which both acceptance and rejection error rates
are equal.
Based on the above measurements, additional measurements were defined.
• The INTERNAL_FAR was attained from the attacks performed by internal users.
• The EXTERNAL_FAR was derived from the attacks performed by external users.
25. 4.3 Comparison with a histogram-based approach
The approach introduced in [2] uses histograms in order to aggregate multiple actions and
utilizes a binary model in order to represent each user. The first experiment compares this
approach with the two layer approach proposed in this work. In order to construct
histograms from the features that are used to characterize the mouse actions (Section 3),
discretization is first employed to continuous features. Specifically, one of the following
methods was applied to each feature:
1. Distance discretization – In most cases, during click/double click no distance is
traveled. Thus, in this case discretization was performed via two binary features. The
first is set to 1 if no distance was traveled; otherwise the second feature is set to 1.
This discretization was applied to the DC, FCD, ID, SCD and TDC features.
2. Critical Points discretization – The values observed for the CP feature were 0, 1, 2
and 3. Therefore, the discretization produced five binary features. A critical point value
of 0 would set the first feature to 1 and the rest to 0, a critical point value of 1 would
set the second feature to 1 and the rest to zero and so on. The last feature would be set
to 1 if the number of critical points is greater than 3. This discretization was applied to
the CP feature.
3. Equal Frequency (EQF) – The values of each feature were separated into 5 equally-
spaced intervals. This discretization was applied to the remaining features.
The discretisized features were used by both the proposed approach and the histogram-
based one. By performing aggregation of the discretisized features of each action,
occurrence histograms as in [1] were created. The feature average histograms were created
by averaging the remaining features. The features that were used were described in Table
6.
A verification attempt based on N actions was performed in the following manner: Each of
the eight types of actions was extracted from the N actions and was individually
aggregated. The aggregated values were concatenated to form a feature vector that
characterizes the user's activity. In addition, the relative occurrence of each action was
added to the feature vector.
26. In order to train the model, the training set data was split into 5 equal partitions and each
training partition was used to produce a single aggregated vector. Thus, each user was
represented by 5 vectors.
Error! Reference source not found.(a)-(b) present the comparison results between the
aggregation and the action-based approaches. Error! Reference source not found.(a)
depicts the comparison between the two methods in terms of the AUC measure
incorporating the ANOVA test with 95% confidence intervals. It is evident that the action-
based method outperforms the histogram-based approach.
(a) (b)
Figure 9: Comparison between the action-based method and the histogram-based approach. (a) AUC
measure comparison: the action-based method clearly outperforms the histogram-based one. (b) EER
evaluation of the proposed method: the action-based method is superior for any number of actions
and produces EER of 8.53% and 7.5% for 30 and 100 actions, respectively, while the histogram-based
method produced EER of 29.78% and 23.77%. There is a sharp decrease in the EER in the action-
based method until 30 actions are performed which becomes more moderate for a number of actions
higher than 30.
Error! Reference source not found. shows the EER of the two methods for different
quantities of actions. The action-based method is superior for any quantity of actions.
Furthermore, a sharp decrease in the EER is observed in the action-based method when
the number of actions that is used for verification ranges from 1 (26.25% EER) to 30
actions (~8.53% EER). When the number of actions is between 30 and 100, the decrease
becomes more moderate and for 100 actions the EER is equal to 7.5%. The aggregation
approach produces 29.78% and 23.77% EER for 30 and 100 actions, respectively.
As mentioned above, the average duration of an action was less than 1.4 seconds. The
construction of the verification vector and testing time per action was approximately 3ms.
Thus, the required time for verification based on 30 and 100 actions is approximately
42 ݏ݀݊ܿ݁ݏ and 2.33 ݉݅݊,ݏ݁ݐݑ respectively. Consequently, the approach proposed in this
27. paper provides a method for verifying the user in less than 2 minutes with a maximal
equal error rate of 10%.
Error! Reference source not found. presents an ROC curve obtained from verification
based on 30 actions. The optimal point on the ROC curve in which the acceptance and
rejection errors are equal is obtained for an internal EER of 8.53% and a relatively high
external FAR of 17.66%. The choice of the optimal point may be altered according to
security level that is sought after. For instance, a point where the FAR is low and the FRR
is high suits users that have highly confidential information on their computer system
while a point with relatively low FRR and higher FAR may reduce the rate false alarms of
legitimate access.
It should be mentioned that while in [1] a set of actions performed within a session
produced a single instance in the training and test sets, in our proposed method, every
action produces an instance. Consequently, the number of instances is higher and thus
requires a larger amount of memory. Nevertheless, this requirement only affects the
training phase.
Figure 10: ROC curve for verification based on 30 actions. An internal EER of 8.53% corresponds to
an external FAR of approximately 17.66%.
4.4 Comparison between binary and multi-class models
The purpose of the second experiment was to determine whether modeling users by a
multi-class approach is superior to modeling the users by binary class models. In the latter,
a binary model was constructed for every action and user pair in the training set in order to
derive the probability ܲ൫ݑ|ܽ൯.
28. (b)
Figure 11: Comparison between the binary-class models and the multi-class model approaches. (a)
The binary-class approach outperforms the multi-class in terms of AUC with statistical significance.
(b) The binary-class approach is superior to the multi-class approach in terms of EER for almost any
number of actions between 1 and 100.
(a) presents a comparison between the two modeling approaches in terms of the AUC
using the ANOVA test with 95% significance intervals. Results show statistically
significant superiority of the binary modeling approach over the multi-class modeling
approach. Figure 11: Comparison between the binary-class models and the multi-class
model approaches. (a) The binary-class approach outperforms the multi-class in terms of
AUC with statistical significance. compares between the equal error rates of the multi-
class and binary-class approaches for a number of actions ranging from 1 to 100. The
binary approach outperforms the multi-class approach in terms of EER by 1.01% on the
average for almost every number of actions.
(a) (b)
Figure 11: Comparison between the binary-class models and the multi-class model approaches. (a)
The binary-class approach outperforms the multi-class in terms of AUC with statistical significance.
(b) The binary-class approach is superior to the multi-class approach in terms of EER for almost any
number of actions between 1 and 100.
29. A major drawback of the binary class modeling approach is its time and space
complexities which are approximately |ܷ| times greater than those of the multi-class
model approach where |ܷ| denotes the number of users which take part in the training.
Specifically, |ܷ| binary models are constructed for every action instead of a single multi-
class model. For example, training each multi class model required 8.1896 ݉݅݊ݏ݁ݐݑ on
the average while testing required 2.7746݉.ݏ However, since training in the binary-model
approach requires the construction of an individual binary model for every user, the
training time took 7.031 ݉݅݊ ݏ݁ݐݑ ∗ 12 ()ݏݎ݁ݏݑ = 84.372 minutes and the testing time
took 2.7135݉ ݏ ∗ 12 ()ݏݎ݁ݏݑ = 32.562݉.ݏ
Thus, although the binary-class approach exhibits statistically significant performance
superiority over the multi-class approach, considering the time and space complexities that
are required for training and testing may render it as unsuitable in time-critical settings.
Consequently, choosing one of the approaches depends on the verification time and
accuracy which is required. The multi-class approach is suitable when relatively fast
verification (at the expense of lower accuracy) is required while the binary class provides
a better choice in cases when higher accuracy is required at the expense of slower
verification.
4.5 Contribution of the new features
The proposed approach introduces new features to characterize mouse activity. These
features are used in conjunction with features that were adopted from [20]. In order to
determine the contribution of the newly introduced features two experiments were
conducted: the first verified users based only on the features that were adopted from [20]
and the second experiment used the new features together with the ones from [20]. Figure
(a) and 12(b) present a comparison between the results of the two experiments in terms of
the AUC. It is evident that the new features contribute to the accuracy of the model.
Figure 12(a) shows that using the additional new features achieves a better result for any
number of actions that are used for the verification and the ANOVA test using 95%
confidence intervals achieves similar findings which are illustrated in Figure 12(b).
30. Figure 12: Contribution of the new additional features that were introduced in Section 3.2. (a) The
additional features contribute to the verification accuracy for any number of actions ranging from 1
to 100. (b) Contribution in terms of the ANOVA test using 95% confidence intervals.
5 Conclusions and future work
A novel method for user verification based on mouse activity was introduced in this paper.
Common mouse events performed in a GUI environment by the user were collected and a
hierarchy of mouse actions was defined based on the raw events. In order to characterize
each action, features were extracted. New features were introduced in addition to features
that were adopted from [20]. A two-layer verification system was proposed. The system
employs a multi-class classifier in its first layer and a decision module in the second one
in order to verify the identity of a user.
The proposed method was evaluated using a dataset that was collected from a variety of
users and hardware configurations. Results showed superiority of the action-based method
proposed in this paper over the histogram-based method proposed in [1]. Furthermore,
evaluation showed a significant improvement in the verification accuracy when using the
newly introduced features.
In the following we describe several issues that need further investigation in mouse-based
verification methods.
The original actions intended by the user are logged neither by software nor by observing
the user while performing the actions. Accordingly, they are heuristically reconstructed
from the raw events which may produce some non-credible actions. Additionally, the
obtained actions may vary between different hardware configurations (e.g. optical mouse,
touch pad). In order to obtain a higher percentage of credible actions, the parameters that
define them should be determined by a more rigorous method.
31. Furthermore, the data collected from mouse devices may be partially unreliable due to
noise. Specifically, lint clogging the moving parts of mechanical mice may affect the
functionality of the mouse. However, this type of mice is becoming rare. Optical mice
may introduce noise due to their inability to track movement on glossy or transparent
surfaces. In some mice, fast movements may be poorly captured.
A significant drawback of mouse-based verification in comparison to keyboard-based
verification is the variety of mice, mouse pads and software configurations which may
influence the performance of the verification. For example, a person using a laptop in two
different places may use the touch pad in one place and an external mouse in the other -
thus affecting the events produced and, consequently, the performance of any mouse-
based verification method. This problem does not exist in keyboard-based verification
techniques since the keyboard is an integral part of the laptop.
In order to establish well structured research and evaluation of methods in the area of
behavioral biometric systems, benchmark data sets must be available. In their absence, it
is impossible to compare the existing methods (since each uses a different dataset, having
unique characteristics). Moreover, each study has to start by putting new efforts in the
construction of new datasets. Generally, there are two types of datasets: (a) General
activities of a user in an operating system of a local computer, in which all the events are
hooked at the operating system level; or (b) Activities generated from interaction with a
web application, in which all the events that are related to the web browser are monitored
at the client and sent to the server. The technological aspect of such collection tools is not
an issue, but rather the ways to collect large-scale authentic data, in which many users
perform their daily tasks. The problem here is mainly to convince users to expose their
biometric data and to put the time and the efforts for the data collection.
Creating a dataset for continuous verification is more challenging, since the dataset should
be diverse and reflect the daily tasks of the users. Furthermore, the dataset should reflect
the different physiological states of the user during the day which might influence their
behavioral biometrics and consequently the verification accuracy. For example, some
users are faster in the morning, while slower at night, or after lunch. Moreover, user
postures, such as sitting (common), standing or talking on the phone while interacting
with the computer, are expected to influence the verification accuracy as well.
32. References
[1]. P. Grother, and E. Tabassi, “Performance of Biometric Sample Quality Measures”,
National Institute of Standards and Technology, 2006.
[2]. A. A. E. Ahmed, and I. Traore, “A New Biometric Technology Based on Mouse
Dynamics”, IEEE Transactions on Dependable and Secure Computing, Vol. 4, No. 3,
pp. 165–179, July-September 2007.
[3]. F. Bergadano, D. Gunetti, and C. Picardi, “User Authentication through Keystroke
Dynamics”, ACM Transacions on Information and System Security, Vol. 5, no. 4, pp.
367–397, 2002.
[4]. M. H. Zweig, and G. Campbell, “Receiver-operating characteristic (roc) plots: A
fundamental evaluation tool in clinical medicine”. Clin. Chem., Vol. 39, no. 4, pp. 561–
577, 1993.
[5]. T. Fawcett, “An Introduction to ROC Analysis”, Pattern Recognition, Letters, ,
doi:10.1016/j.patrec.2005.10.010, 2006.
[6]. R. V. Yampolskiy, “Human Computer Interaction Based Intrusion Detection”, IEEE
Computer Society, In Proc. of the International Conference on Information Technology,
pp. 837–842, 2007.
[7]. S. J. Stolfo, S. Hershkop, K. Wang, O. Nimeskern, and C. W. Hu, “A behavior-based
approach to Securing Email Systems”, Mathematical Methods, Models and Architectures
for Computer Networks Security, Springer Verlag, 2003.
[8]. S. J.Stolfo, C. W. Hu, W. J. Li, S. Hershkop, K. Wang, and O. Nimeskern, “Combining
Behavior Models to Secure Email Systems”, Technical Report, Columbia University,
Available at: www1.cs.columbia.edu/ids/publications/EMT-weijen.pdf, 2003.
[9]. O. D. Vel, A. Anderson, M. Corney, and G. Mohay, “Mining Email Content for Author
Identification Forensics”, SIGMOD: Special Section on Data Mining for Intrusion
Detection and Threat Analysis, 2001.
[10]. G. Frantzeskou, S. Gritzalis, and S. MacDonell, “Source Code Authorship Analysis for
Supporting the Cybercrime Investigation Process”, 1st
International Conference on
eBusiness and Telecommunication Networks – Security and Reliability in Information
Systems and Networks Track, pp. 85–92, 2004.
33. [11]. A. Gray, P. Sallis, and S. Macdonell, “Software Forensics: Extending Authorship
Analysis Techniques to Computer Programs”, In Proc. 3rd
Biannual Conf. Int. Assoc. of
Forensic Linguists (IAFL'97), 1997.
[12]. E. H. Spafford, and S. A. Weeber, “Software Forensics: Can We Track Code to its
Authors?” 15th
National Computer Security Conference, pp. 641–650, 1992.
[13]. J. Ramon, and N. Jacobs, “Opponent modeling by analyzing play”, Proceedings of the
Computers and Games workshop on Agents in Computer Games, 2002.
[14]. A. R. Jansen, D. L. Dowe, and G.E. Farr, “Inductive Inference of Chess Player Strategy”,
Proceedings of the 6th
Pacific Rim International Conference on Artificial Intelligence
(PRICAI'2000), pp. 61–71, 2000.
[15]. A. Bromme, and S. Al-Zubi, “Multifactor Biometric Sketch Authentication”,
Proceedings of the BIOSIG 2003, pp. 81–90, 2003.
[16]. S. Al-Zubi, A. Bromme, and K. Tonnies, “Using an Active Shape Structural Model for
Biometric Sktech Recognition”, In Proceedings of DAGM, pp. 187–195, 2003.
[17]. M. Schonlau, W. DuMouchel, H. Ju, A. F. Karr, M. Theus, and Y. Vardi, “Computer
Intrusion: Detecting Masquerades”, Statistical Science, 16, pp 1–17, 2001.
[18]. R. A. Maxion and T. N. Townsend, “Masquerade detection using truncated command
lines”, In International Conference on Dependable Systems and Networks (DNS-02),
IEEE Computer Society Press, 2002.
[19]. M. Pusara, and C. E. Brodley, “User Re-Authentication via Mouse-movements”, Proc. of
ACM Workshop Visualization and Data Mining for Computer Security, 2004.
[20]. H. Gamboa, and A. Fred, “Behavioural Biometric System Based on Human Computer
Interaction”, Proc. of SPIE, vol. 5404, pp. 381–392, 2004.
[21]. S. Bleha, C. Slivinsky, and B. Hussein, “Computer-access security systems using
keystroke dynamics”, IEEE Transactions on Pattern Analysis and Machine Intelligence,
vol. 12, no. 12, pp. 1217–1222, 1999.
[22]. S. Cho, C. Han, D.H. Han, and H.I. Kim. “Web-Based Keystroke Dynamics Identity
Verification Using Neural Network”, Journal of Organizational Computing and
Electronic Commerce, 10(4):295–307, 2000.
[23]. M. Curtin, C. C. Tappert, M. Villani, G. Ngo, J. Simone, H. S. Fort, and S. Cha,
“Keystroke Biometric Recognition on Long Text Input: A Feasibility Study”, Proc. Int.
Workshop Sci Comp/Comp Stat, 2006.
[24]. D. Gunetti, and C. Picardi, “Keystroke analysis of free text”, ACM Trans. Inf. Syst.
Secur., 8(3):312–347, 2005.
34. [25]. L. Breiman, “Random Forests”, Machine Learning, 45(1), pp. 5–32, 2001.
[26]. A. K. Jain, S. Pankanti, S. Prabhakar, L. Hong and A. Ross, “Biometrics: A grand
challenge”, Proc. Int. Conf. on Pattern Recognition, vol. 2, pp. 935–942, 2004.
[27]. R. B. Abernethy, “The New Weibull Handbook”, 2001.
[28]. R. V. Yampolskiy, V. Govindaraju, “Behavioral Biometrics: a Survey and
Classification”, Int. J. Biometrics, Vol. 1, No. 1, 2008.
[29]. K. Revett, P. S. Magalhães, and H. D. Santos, “Developing a keystroke dynamics based
agent using rough sets”, In IEEE/WIC/ACM International Joint Conference on Web
Intelligence and Intelligent Agent Technology. University of Technology of Compiègne,
2005.
[30]. D.–T. Lin, “Computer-access authentication with neural network based keystroke
identity verification”, Neural Networks,1997.
[31]. E. Lau, X. Liu, C. Xiao, and X. Yu, “Enhanced User Authentication Through Keystroke
Biometrics”, Technical report, Massachusetts Institute of Technology, 2004.