Commenced in January 2007
Frequency: Monthly
Edition: International
Paper Count: 31834
Learning User Keystroke Patterns for Authentication

Authors: Ying Zhao


Keystroke authentication is a new access control system to identify legitimate users via their typing behavior. In this paper, machine learning techniques are adapted for keystroke authentication. Seven learning methods are used to build models to differentiate user keystroke patterns. The selected classification methods are Decision Tree, Naive Bayesian, Instance Based Learning, Decision Table, One Rule, Random Tree and K-star. Among these methods, three of them are studied in more details. The results show that machine learning is a feasible alternative for keystroke authentication. Compared to the conventional Nearest Neighbour method in the recent research, learning methods especially Decision Tree can be more accurate. In addition, the experiment results reveal that 3-Grams is more accurate than 2-Grams and 4-Grams for feature extraction. Also, combination of attributes tend to result higher accuracy.

Keywords: Keystroke Authentication, Pattern recognition, MachineLearning, Instance-based Learning, Bayesian, Decision Tree.

Digital Object Identifier (DOI):

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2651


[1] C. C. Aggarwal. Re-designing distance functions and distance-based applications for high dimensional data. SIGMOD Rec., 30(1):13-18, 2001.
[2] S. Aha and D. Kibler. Instance based learning algorithms. Machine Learning, 6:37-66, 1991.
[3] L. C. Arajo, L. H. S. Jr., M. G. Lizrraga, L. L. Ling, and J. B. Yabuuti. User authentication through typing biometrics features. In First International Conference on Biometric Authentication, volume 3072, pages 694-700. Springer, 2004.
[4] Ashbourn and D. M. Julian. Biometrics: Advanced Identity Verification: The Complete Guide. Springer-Verlag UK, 2000.
[5] F. Bergadano, D. Gunetti, and C. Picardi. User authentication through keystroke dynamics. ACM Trans. Inf. Syst. Secur., 5(4):367-397, 2002.
[6] S. Bleha, C. Slivinsky, and B. Hussien. Computer-access security systems using keystroke dynamics. In IEEE Transactions on Pattern Analysis and Machine Intelligence, volume 12, pages 1217-1222, 1990.
[7] S. Haider, A. Abbas, and A. Zaidi. A multi-technique approach for user identification through keystroke dynamics. In IEEE International Conference on Systems, Man and Cybernetics, volume 2, pages 1336- 1341, 2000.
[8] R. C. Holte. Very simple classification rules perform well on most commonly used datasets. Machine Learning, 11:63-91, 1993.
[9] D. P. Huttenlocher and K. Kedem. Computing the minimum hausdorff distance for point sets under translation. In Proceedings of the sixth annual symposium on Computational geometry, pages 340-349. ACM Press, 1990.
[10] C. G. John and T. E. Leonard. K*: An instance-based learner using an entropic distance measure. In Proceedings of the 12th International Conference on Machine Learning, pages 108-114. Morgan Kaufmann, 1995.
[11] G. H. John and P. Langley. Estimating continuous distributions in bayesian classifiers. In Eleventh Conference on Uncertainty in Artificial Intelligence, pages 338-345. Morgan Kaufmann Publisher, 1995.
[12] R. Kohavi. The power of decision tables. In Proceedings of the 8th European Conference on Machine Learning, volume 912 of LNAI, pages 174-189. Springer, 1995.
[13] P. Langley and S. Sage. Tractable average-case analysis of naive bayesian classifiers. In Eleventh Conference on Uncertainty in Artificial Intelligence, pages 220-228. Morgan Kaufmann Publisher, 1999.
[14] D.-T. Lin. Computer-access authentication with neural network based keystroke identity verification. In IEEE Transaction on Neural Networks, volume 1, pages 174-178, 1997.
[15] U. V. Luxburg and O. Bousquet. Distance-based classification with lipschitz functions. J. Mach. Learn. Res., 5:669-695, 2004.
[16] T. M. Mitchell. Machine Learning. McGraw-Hill, New York, 1997.
[17] F. Monrose, M. K. Reiter, and S. Wetzel. Password hardening based on keystroke dynamics. In Proceedings of the 6th ACM conference on Computer and communications security, volume 6, pages 73-82. ACM Press, 1999.
[18] F. Monrose and A. Rubin. Authentication via keystroke dynamics. In Proceedings of the 4th ACM conference on Computer and communications security, volume 2, pages 48-56. ACM Press, 1997.
[19] M. S. Obaidat. A verification methodology for computer systems users. In Proceedings of the 1995 ACM symposium on Applied computing, pages 258-262. ACM Press, 1995.
[20] M. S. Obaidat and B. Sadoun. Verification of computer users using keystroke dynamics. In IEEE Transaction on Systems, Man and Cybernetics, part B, volume 27, pages 261-269, 1997.
[21] R. Quinlan. C4.5: Programs for Machine Learning. San Mateo, CA: Morgan Kaufmann, 1993.
[22] J. Robinson, V. Liang, J. Chambers, and C. MacKenzie. Computer user verification using login string keystroke dynamics. In IEEE Transaction on Systems, Man and Cybernetics, Part A, volume 28, pages 236-241, 1998.
[23] D. R. W.G and E. J.H.P. Enhanced password authentication through fuzzy logic. In IEEE Expert, volume 12, pages 38-45, 1997.