Abstract
Smart phones are now being used to store users’ identities and sensitive information/data. Therefore, it is important to authenticate legitimate users of a smart phone and to block imposters. In this paper, we demonstrate that keystroke dynamics of a smart phone user can be translated into a viable features’ set for accurate user identification. To this end, we collect and analyze keystroke data of 25 diverse smart phone users. Based on this analysis, we select six distinguishing keystroke features that can be used for user identification. We show that these keystroke features for different users are diffused and therefore a fuzzy classifier is well-suited to cluster and classify them. We then optimize the front-end fuzzy classifier using Particle Swarm Optimization (PSO) and Genetic Algorithm (GA) as back-end dynamic optimizers to adapt to variations in usage patterns. Finally, we provide a novel keystroke dynamics based PIN (Personal Identification Number) verification mode to ensure information security on smart phones. The results of our experiments show that the proposed user identification system has an average error rate of 2% after the detection mode and the error rate of rejecting legitimate users drops to zero in the PIN verification mode. We also compare error rates (in terms of detecting both legitimate users and imposters) of our proposed classifier with 5 existing state-of-the-art techniques for user identification on desktop computers. Our results show that the proposed technique consistently and considerably outperforms existing schemes.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
- Particle Swarm Optimization
- Mobile Phone
- Smart Phone
- Radial Basis Function Network
- Back Propagation Neural Network
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Red herring mobiles scream for help: Uk-based mobile security company adds security to mobile phones (October 2006)
Babin, S., Pranata, A.: Developing Software for Symbian OS: A Beginner’s Guide to Creating Symbian OS V9 Smartphone Applications in C++. John Wiley & Sons, Chichester (2007)
Bleha, S., Slivinsky, C., Hussien, B.: Computer-access security systems using keystroke dynamics. IEEE Transactions on Pattern Analysis and Machine Intelligence 12(12), 1217–1222 (1990)
Branke, J.: Evolutionary Optimization in Dynamic Environments. Kluwer Academic Publishers, Dordrecht (2002)
Card, S.K., Moran, T.P., Newell, A.: Computer text-editing: An information-processing analysis of a routine cognitive skill (1987)
Clarke, N.L., Furnell, S.M.: Authentication of users on mobile telephones–A survey of attitudes and practices. Computers & Security 24(7), 519–527 (2005)
Clarke, N.L., Furnell, S.M.: Authenticating mobile phone users using keystroke analysis. International Journal of Information Security 6(1), 1–14 (2007)
Cleary, J.G., Trigg, L.E.: K*: An Instance-based Learner Using an Entropic Distance Measure. In: Machine Learning-International Workshop then Conference, pp. 108–114. Morgan Kaufman Publishers, Inc., San Francisco (1995)
Corner, M.D., Noble, B.D.: Zero-interaction authentication. In: Proceedings of the 8th annual international conference on Mobile computing and networking, pp. 1–11. ACM, New York (2002)
Engelbrecht, A.P.: Fundamentals of computational swarm intelligence. John Wiley & Sons, Chichester (2006)
Goldberg, D.E.: Genetic Algorithms in Search, Optimization and Machine Learning. Addison-Wesley Longman Publishing Co., Inc., Boston (1989)
BioPassword Inc., http://www.biopassword.com
Hwang, Y.S., Bang, S.Y.: An Efficient Method to Construct a Radial Basis Function Neural Network Classifier. Neural Networks 10(8), 1495–1503 (1997)
Joyce, R., Gupta, G.: Identity authentication based on keystroke latencies. Communications of the ACM 33(2), 168–176 (1990)
Karatzouni, S., Clarke, N.: Keystroke Analysis for Thumb-based Keyboards on Mobile Devices. In: International Federation for Information Processing-Publications-IFIP, vol. 232, pp. 253–263 (2007)
Kennedy, J., Eberhart, R.: Particle swarm optimization. In: Proceedings of IEEE International Conference on Neural Networks, 1995, vol. 4 (1995)
Leggett, J., Williams, G.: Verifying identity via keystroke characteristics. International Journal of Man-Machine Studies 28(1), 67–76 (1988)
Leggett, J., Williams, G., Usnick, M., Longnecker, M.: Dynamic identity verification via keystroke characteristics. International Journal of Man-Machine Studies 35(6), 859–870 (1991)
Lilley, P.: Hacked, Attacked & Abused: Digital Crime Exposed. Kogan Page Ltd. (2002)
Mahar, D., Napier, R., Wagner, M., Laverty, W., Henderson, R.D., Hiron, M.: Optimizing digraph-latency based biometric typist verification systems: inter and intra typist differences in digraph latency distributions. International Journal of Human-Computer Studies 43(4), 579–592 (1995)
Obaidat, M.S., Sadoun, B.: Keystroke Dynamics based Authentication Biometrics. Systems, Man and Cybernatics 27(2), 261–269 (1997)
Paola, J.D., Schowengerdt, R.: A detailed comparison of backpropagation neural network and maximum-likelihood classifiers for urban land use classification. IEEE Transactions on Geoscience and Remote Sensing 33(4), 981–996 (1995)
Quinlan, J.R.: Bagging, Boosting, and C4. 5. In: Proceedings of the NCAI, pp. 725–730 (1996)
Rish, I.: An empirical study of the naive Bayes classifier. In: Proceedings of IJCAI 2001 Workshop on Empirical Methods in Artificial Intelligence, vol. 335 (2001)
Shahzad, M., Zahid, S., Farooq, M.: A Hybrid GA-PSO Fuzzy System for User Identification on Smart Phones. In: Proceedings of the 11th annual conference on Genetic and evolutionary computation, Montreal, Canada. ACM, New York (in press, 2009)
Sims, D.: Biometric recognition: our hands, eyes, and faces give us away. IEEE Computer Graphics and Applications 14(5), 14–15 (1994)
Umphress, D., Williams, G.: Identity Verification Through Keyboard Characteristics. International Journal of Man-Machine Studies 23(3), 263–273 (1985)
Wang, X., Heydari, M.H., Lin, H.: An intrusion-tolerant password authentication system. In: Computer Security Applications Conference, 2003. Proceedings. 19th Annual, pp. 110–118 (2003)
Witten, I.H.: University of Waikato, and Dept. of Computer Science. WEKA Practical Machine Learning Tools and Techniques with Java Implementations. Dept. of Computer Science, University of Waikato (1999)
Zadeh, L.A.: Fuzzy sets. Fuzzy Sets, Fuzzy Logic, and Fuzzy Systems: Selected Papers (1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zahid, S., Shahzad, M., Khayam, S.A., Farooq, M. (2009). Keystroke-Based User Identification on Smart Phones. In: Kirda, E., Jha, S., Balzarotti, D. (eds) Recent Advances in Intrusion Detection. RAID 2009. Lecture Notes in Computer Science, vol 5758. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04342-0_12
Download citation
DOI: https://doi.org/10.1007/978-3-642-04342-0_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04341-3
Online ISBN: 978-3-642-04342-0
eBook Packages: Computer ScienceComputer Science (R0)