Behavioral Model of Text Input in the Authentication of Mobile Device Users

A. V. Galkov1, I. V. Mashechkin1, I. S. Popov1
1Department of Computational Mathematics and Cybernetics, Moscow State University, Moscow, Russia

Tóm tắt

An investigation is performed of individual behavioral characteristics of text input that are based on the keystroke dynamics using a virtual keyboard, and their application in the authentication of mobile device users. Key hold time, time between two consecutive keystrokes, and keystroke pressure are used as features to build a user model. A feature vector of a freely typed text is constructed by a user-adapting algorithm that divides digraphs into groups according to the pressing speed and the grouping of keys according to their functionality. Outliers are sought and corrected on the basis of quartiles with subsequent standardization of values. A fuzzy search for exceptions based on potential functions is used to solve the problem of classification when there are no examples of keystrokes by an attacker in a training sample. The resulting software, which consists of a custom Android system keyboard, is used for data collection and experimental assessment of the quality of the proposed approach to building a user behavioral model, proving its effectiveness. The software is also used to develop a prototype of a user authentication system that employs biometric characteristics of interaction with an onscreen keyboard to protect all applications on a mobile device that uses a standard system keyboard.

Tài liệu tham khảo

A. Dolzhenkov, ‘‘Dangerous smartphone,’’ Expert, No. 16 (1116) (2019) [in Rissian]. https://expert.ru/expert/2019/16/opasnyij-smartfon/. ‘‘Vulnerabilities and threats of mobile applications,’’ Positive Technologies (2019) [in Rissian]. https://www.ptsecurity.com/ru-ru/research/analytics/mobile-application-security-threats-and-vulnerabilities-2019/. O. Guven, S. Akyokus, M. Uysal, and A. Guven, ‘‘Enhanced password authentication through keystroke typing characteristics,’’ in Proc. 25th IASTED Int. Multi-Conference: Artificial Intelligence and Applications (AIAP’07) (Innsbruck, Austria, 2007) (ACTA Press, Anaheim, CA, 2007), pp. 317–322. N. Bartlow and B. Cukic, ‘‘Keystroke dynamics-based credential hardening systems,’’ in Handbook of Remote Biometrics, Ed. by M. Tistarelli, S. Z. Li, and R. Chellappa, Advances in Pattern Recognition (Springer, London, 2009), pp. 329–347. E. Flior and K. Kowalski, ‘‘Continuous biometric user authentication in online examinations,’’ in Proc. 7th Int. Conf. on Information Technology: New Generations (ITNG 2010), Las Vegas, NV, USA (IEEE, 2010), pp. 488–492. L. C. F. Araujo, L. H. R. Sucupira, M. G. Lizarraga, et al., ‘‘User authentication through typing biometrics features,’’ IEEE Trans. Signal Process. 53 (2), 851–855 (2005). P. Kang and S. Cho, ‘‘A hybrid novelty score and its use in keystroke dynamics-based user authentication,’’ Pattern Recogn. 42 (11), 3115–3127 (2009). E. Al Solami, C. Boyd, A. Clark, and I. Ahmed, ‘‘User-representative feature selection for keystroke dynamics,’’ in Proc. 2011 5th Int. Conf. on Network and System Security (NSS 2011), Milan, Italy (IEEE, 2011), pp. 229–233. A. Alsultan and K. Warwick, ‘‘Keystroke dynamics authentication: A survey of free-text methods,’’ Int. J. Comput. Sci. Issues 10 (4), No. 1, 1–10 (2013). P. Kang and S. Cho, ‘‘Keystroke dynamics-based user authentication using long and free text strings from various input devices,’’ Inf. Sci. 308, 72–93 (2015). A. Alzubaidi and J. Kalita, ‘‘Authentication of smartphone users using behavioral biometrics,’’ IEEE Commun. Surv. Tutorials 18 (3), 1998–2026 (2016). I. Lamiche, G. Bin, Y. Jing, Z. Yu, and A. Hadid, ‘‘A continuous smartphone authentication method based on gait patterns and keystroke dynamics,’’ J. Ambient Intell. Human. Comput. 10 (11), 4417–4430 (2019). T. Shimshon, R. Moskovitch, L. Rokach, and Y. Elovici,‘‘ Clustering di-graphs for continuously verifying users according to their typing patterns,’’ in Proc. 2010 IEEE 26th Convention of Electrical and Electronics Engineers in Israel (IEEEI 2010), Eilat, Israel (IEEE, 2010), pp. 445–449. J. P. Lopes, ’’Keystroke recognition using Android devices,’’ Master’s Thesis (Instituto Superior Tecnico, Lisboa, 2015), pp. 1–7. D. M. J. Tax, ‘‘One-class classification,’’ PhD Thesis (Delft University of Technology, Delft, 2001), pp. 13–19. M. I. Petrovskii, ‘‘Application of data mining methods in computer intrusion detection problems,’’ in Methods and Means of Information Processing: Proc. 2nd All-Russian Scientific Conf. (Izd. Otdel Fak. Vychisl. Mat. Kibern., Mosk. Gos. Univ., Moscow, 2005), pp. 158–166 [in Russian].