Behavioral Biometrics for Continuous Authentication on Mobile Devices: Anomaly Detection through Keystroke Dynamics with Machine Learning

  • Kelvin S. Lopes Universidade Federal do Ceará (UFC)
  • Davi O. Lopes Universidade Federal do Ceará (UFC)
  • Wesley G. P. Pavanello Universidade Federal do Ceará (UFC)
  • César L. C. Mattos Universidade Federal do Ceará (UFC)
  • Jarelio G. da S. Filho SiDi
  • José D. C. Neto SiDi
  • Rafael L. Gomes Universidade Estadual do Ceará (UECE)
  • Nicksson C. A. de Freitas SiDi
  • Emanuel B. Rodrigues Universidade Federal do Ceará (UFC)

Resumo


The popularity of mobile devices generates the need for security solutions to ensure user identity. One approach to deal with this scenario is behavioral biometric for continuous authentication (BBCA), which has become increasingly known with advances in hardware and data science technologies. However, this approach still lacks greater robustness in how to model the user’s behavioral biometrics as well as maximize the effectiveness of this authentication. It is particularly important to note in this context that this paper presents an approach to BBCA using machine learning (ML) techniques integrated with sliding windows. Accordingly, biometric data collected from keystroke dynamics typing activities on mobile devices were used to identify genuine users, random (unskilled) imposters and skilled imposters. The ML models for impostor identification followed an anomaly detection (AD) approach, where only genuine data is available at training time. In addition, the use of sliding windows allowed the inclusion of the temporal dimension of the task. The results obtained indicate that the proposed solution has a practical feasibility in terms of its suitability to perform user identification, specifically, the KNN model stood out by achieving a superior performance in the value window 4. In this configuration, it achieved a score of 94% for the F1-score metric in the random imposter scenario, and 93% in the skilled imposter scenario.

Palavras-chave: biometria comportamental, autenticação contínua, detecção de anomalia, aprendizado de máquina, segurança da informação

Referências

Almohamade, S., Clark, J., and Law, J. (2021). Continuous user authentication for human-robot collaboration. ACM Other conferences.

Darabseh, A. and Pal, D. (2020). Performance analysis of keystroke dynamics using classification algorithms.

GSMA Intelligence (2022). The mobile economy 2022. Disponível em [link]. Acessado em 14 de maio de 2023.

Kokal, S., Pryor, L., and Dave, R. (2022). Exploration of machine learning classification models used for behavioral biometrics authentication. ACM Other conferences, page 176–182.

Mekruksavanich, S. and Jitpattanakul, A. (2021). Deep learning approaches for continuous authentication based on activity patterns using mobile sensing. Sensors, 21(22):7519.

Scikit-learn developers (2023). Scikit-learn: Machine learning in python. Disponível em: [link]. Acessado em 14 de maio de 2023.

Shah, A. P. (2021). Towards engineering reliable keystroke biometrics systems. [link].

Stragapede, G., Vera-Rodriguez, R., Tolosana, R., and Morales, A. (2022). Behavepassdb: Public database for mobile behavioral biometrics and benchmark evaluation. Pattern Recogn., 134(C).

Tahoun, E. (2021). Harnessing the power of generative models for mobile continuous and implicit authentication. Master’s thesis, University of Waterloo.

Thapliyal, A., Verma, O., and Kumar, A. (2022). Multimodal behavioral biometric authentication in smartphones for covid-19 pandemic. International Journal of Electrical and Computer Engineering Systems.

Wagata, K. and Teoh, A. B. J. (2022). Few-shot continuous authentication for mobile-based biometrics. Applied Sciences, 12(20).

Yu, Y., Zhu, Y., Li, S., and Wan, D. (2014). Time series outlier detection based on sliding window prediction. Mathematical Problems in Engineering, 2014:879736.

Zhao, Y., Nasrullah, Z., and Li, Z. (2019). Pyod: A python toolbox for scalable outlier detection. Journal of Machine Learning Research, 20(96):1–7.

Zimperium (2022). 2022 Global Mobile Threat Report. Disponível em: [link]. Acessado em 14 de maio de 2023.
Publicado
25/09/2023
LOPES, Kelvin S. et al. Behavioral Biometrics for Continuous Authentication on Mobile Devices: Anomaly Detection through Keystroke Dynamics with Machine Learning. In: ENCONTRO NACIONAL DE INTELIGÊNCIA ARTIFICIAL E COMPUTACIONAL (ENIAC), 20. , 2023, Belo Horizonte/MG. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2023 . p. 1129-1141. ISSN 2763-9061. DOI: https://doi.org/10.5753/eniac.2023.234623.

Artigos mais lidos do(s) mesmo(s) autor(es)