Active Authentication of Keyboard Users: Performance Evaluation on 736 Subjects

TL;DR

This paper evaluates a keystroke-based active authentication system on a large dataset of 736 subjects, demonstrating its high accuracy and scalability for practical, continuous user verification.

Contribution

It provides the first large-scale, empirical performance evaluation of keystroke-based active authentication for practical deployment.

Findings

High accuracy achieved in large-scale testing

System is scalable for continuous authentication

Empirical methodologies for system parameter characterization

Abstract

Keystroke timing based active authentication systems are conceptually attractive because: (i) they use the keyboard as the sensor and are not hardware-cost prohibitive, and (ii) they use the keystrokes generated from normal usage of computers as input and are not interruptive. Several experiments have been reported on the performance of keystroke based authentication using small datasets. None of them, however, study a practical active authentication system, and the feasibility of keystroke based active authentication system for large scale and continuous deployment is still not demonstrated in the literature. We investigate this issue and establish that keystroke based active authentication systems can be highly accurate and scalable. We use a real active authentication system that we developed and analyze a dataset large enough to produce statistically significant results. We also present empirical methodologies used for characterizing various design parameters of the developed system.