Behavioral Biometrics for Continuous Authentication on Mobile Devices: Anomaly Detection through Keystroke Dynamics with Machine Learning
Resumo
The popularity of mobile devices generates the need for security solutions to ensure user identity. One approach to deal with this scenario is behavioral biometric for continuous authentication (BBCA), which has become increasingly known with advances in hardware and data science technologies. However, this approach still lacks greater robustness in how to model the user’s behavioral biometrics as well as maximize the effectiveness of this authentication. It is particularly important to note in this context that this paper presents an approach to BBCA using machine learning (ML) techniques integrated with sliding windows. Accordingly, biometric data collected from keystroke dynamics typing activities on mobile devices were used to identify genuine users, random (unskilled) imposters and skilled imposters. The ML models for impostor identification followed an anomaly detection (AD) approach, where only genuine data is available at training time. In addition, the use of sliding windows allowed the inclusion of the temporal dimension of the task. The results obtained indicate that the proposed solution has a practical feasibility in terms of its suitability to perform user identification, specifically, the KNN model stood out by achieving a superior performance in the value window 4. In this configuration, it achieved a score of 94% for the F1-score metric in the random imposter scenario, and 93% in the skilled imposter scenario.
Referências
Darabseh, A. and Pal, D. (2020). Performance analysis of keystroke dynamics using classification algorithms.
GSMA Intelligence (2022). The mobile economy 2022. Disponível em [link]. Acessado em 14 de maio de 2023.
Kokal, S., Pryor, L., and Dave, R. (2022). Exploration of machine learning classification models used for behavioral biometrics authentication. ACM Other conferences, page 176–182.
Mekruksavanich, S. and Jitpattanakul, A. (2021). Deep learning approaches for continuous authentication based on activity patterns using mobile sensing. Sensors, 21(22):7519.
Scikit-learn developers (2023). Scikit-learn: Machine learning in python. Disponível em: [link]. Acessado em 14 de maio de 2023.
Shah, A. P. (2021). Towards engineering reliable keystroke biometrics systems. [link].
Stragapede, G., Vera-Rodriguez, R., Tolosana, R., and Morales, A. (2022). Behavepassdb: Public database for mobile behavioral biometrics and benchmark evaluation. Pattern Recogn., 134(C).
Tahoun, E. (2021). Harnessing the power of generative models for mobile continuous and implicit authentication. Master’s thesis, University of Waterloo.
Thapliyal, A., Verma, O., and Kumar, A. (2022). Multimodal behavioral biometric authentication in smartphones for covid-19 pandemic. International Journal of Electrical and Computer Engineering Systems.
Wagata, K. and Teoh, A. B. J. (2022). Few-shot continuous authentication for mobile-based biometrics. Applied Sciences, 12(20).
Yu, Y., Zhu, Y., Li, S., and Wan, D. (2014). Time series outlier detection based on sliding window prediction. Mathematical Problems in Engineering, 2014:879736.
Zhao, Y., Nasrullah, Z., and Li, Z. (2019). Pyod: A python toolbox for scalable outlier detection. Journal of Machine Learning Research, 20(96):1–7.
Zimperium (2022). 2022 Global Mobile Threat Report. Disponível em: [link]. Acessado em 14 de maio de 2023.
