Biometric Analysis of Keystrokes | Minimizing Cyber Risks

Every person types uniquely: When the duration and speed of keystrokes are analyzed, individual profiles can be created. But how accurate and reliable is the realization of such keystroke analyses? Patricia Stoll, a Master's student in Computational Biology and Bioinformatics at ETH Zurich, examined various methods from the fields of Artificial Intelligence (AI) and Machine Learning (ML) during her one-year internship at CyOne Security to assess their suitability and to check whether access control systems can be implemented according to European standards.

The study aimed to investigate how well sequences of keystrokes can be uniquely assigned to a user – how characteristic keystrokes are for a user. For example, it addressed the question of whether corresponding access control systems can be developed using ML/AI algorithms. Alarm systems based on this are also conceivable, which could indicate the use of stolen passwords.

In the study, the developers from CyOne Security who supervised me during the internship and I therefore focused not on what we type, but on how we type. Individual typing patterns can be derived, for example, from the duration of a keystroke (holding time), the time between one key and the next (up-down-time), or between two keystrokes (down-down-time). One could also measure the average key pressure.

As part of the study, I analyzed a dataset of 51 users who typed the same password a total of 400 times over eight sessions. I applied, implemented, examined, and compared various algorithms: K-Nearest Neighbors, Adaptive Boosting (AdaBoost), Artificial Neural Network, and Generative Adversarial Networks.

Without going into technical details at this point, I can state that AdaBoost, a meta-algorithm for ML published by Freund and Schapire in 1997, achieved the best metrics: For example, in terms of user recognition accuracy – users were correctly identified in 94% of cases. Other metrics such as the False Acceptance Rate (FAR) and Miss Rate (MR) could be substantially improved – reduced to half – compared to the published research we know, which was quite remarkable. Nevertheless, we did not reach the values set by the European Committee for Electrotechnical Standardization (CENELEC) in the standard EN-50133-1 / EN-60839-11-1 – not yet. The standard specifies a maximum Miss Rate of 0.001% and a False Alarm Rate of less than 1% to allow a method to be used as the sole authentication method.

A strong password is still much safer today than the analysis techniques examined in the study. However, a background-running keystroke analysis can certainly contribute to improved monitoring of a system, considering the issue of stolen passwords. Suspicious keystrokes can be rejected and/or reported to a system administrator. Thus, the identity of a user can be confirmed in an additional way with the help of AI. It should not be forgotten that sensitive personal data is collected during keystroke analyses, and its protection against misuse must be ensured.

AI and ML are increasingly permeating our lives. They influence our communication, work, mobility, etc. Examples of such applications include personal assistant systems like Alexa and Siri, behavior-based advertising on the internet, or self-driving cars. In the field of Cyber Security, AI and ML also create new possibilities, such as in the categorization of threat levels or in the detection and automation of changing cyber attacks. The challenge is that cybercriminals are also constantly trying to improve their techniques. The criminal side also uses AI/ML algorithms for their purposes.

Combining different methods fundamentally increases security. AI and ML-based biometric authentication techniques such as fingerprint scanning, facial recognition, and iris recognition are becoming established and quickly adapt to the environment. For example, Apple's Face ID can already recognize partially obscured faces today. However, research and industry still face significant challenges regarding these developments to further increase the accuracy of user recognition and ultimately also in terms of adaptation for a practical product.

Patricia Stoll is dealing with complex biological questions in her Master's program in Computational Biology and Bioinformatics at ETH Zurich, which often involve large amounts of data and are investigated using informatics-based methods. Her research focuses on Machine Learning, Data Science, and Personalized Medicine.

Are you also interested in Cyber Security and IoT Security topics that engage our developers? We offer exciting jobs and attractive employment conditions. Sign up for our job newsletter so we can inform you about all vacancies.