CHAPTER 1 INTRODUCTION

Authentication is a process of recognizing and confirming that the user is allowed to access some restricted service. User authentication is the process of verifying the identity of a person based on password which is a secret word or string of characters, to gain access to the system resources [1]. The main objective of any authentication system is to protect the resources, which range from computer systems that contain confidential data to the networks that connect the computer systems themselves [2]. User Authentication is categorized as following: Password Authentication- It is most commonly used but it has significant problems. Difficult to memorize whether short or long if it contains random combination of various characters and can be stolen easily if written down by the user. Another problem with passwords is that it can be guessed easily and cracked using dictionary attack and brute force attack. Token Authentication- Each individual is provided with unique , secure and personal token that is used to confirm owners identity. PIN code is the example of token authentication. Biometric Authentication- Biometrics is a third approach for identifying and authenticating people based upon detailed measurements of his or her unique physiological traits or behavioural characterstics. Biometric recognition systems are widely used in various security applications, and are considered among the most accurate and efficient security systems in the market. [3] 1.1 Biometrics The word biometrics is defined as the measurement and recording of the physical or behavioral characteristics of an individual for use in subsequent personal identification. In the field of information technology, biometrics is defined as the technologies that measure and analyze human body or behavioral characteristics such as fingerprints, eye retinas and irises, voice patterns, facial patterns and keystroke dynamics for authentication purposes [4].

Despite the wide usage of biometric technology for physical security, the adoption of biometrics in day-to-day use of computer systems has been slow. The main reason of this limited usage of biometrics is the reliance on special hardware devices for biometric data collection [5]. Biometrics can be divided into two categories, physiological and behavioral. 1.1.1 Physiological Biometrics Physiological biometrics are biological traits that are naturally grown. It uses algorithms and other methods to define identity in terms of data gathered from direct measurement of the human body. Finger print and finger scan, hand geometry, iris and retina scanning and facial geometry are all examples of physiological biometrics [6]. It identifies the user based on physiological characteristics and features that are physically related to a person, for instance, iris, fingerprints and retina. Implementation of physiological biometrics requires additional tools which lead to an increase in costs.

Figure 1. Classification of Physiological Biometrics

1.1.2 Behavioral Biometrics Behavioral biometrics are mannerisms or traits that are learned or acquired. Behavioral biometrics are defined by analyzing a specific action of a person. How a person talks, signs their name or types on a keyboard is a method of determining his identity when analyzed correctly [6]. It depends on detecting the behavioural features of the user, such as signature, voice, walking (gait) and keystroke dynamics. Keystroke Dynamics is inexpensive to implement because typing pattern of an individual can be obtained using existing systems keyboard.

Figure 2. Classification of Behavioural Biometrics

Both physiological and behavioral systems can be logically divided into two, namely, enrollment phase and authentication/verification phase. During the enrollment phase as shown in Fig. 1 user biometric data is acquired, processed and stored as reference file in a database. This is treated as a template for future use by the system in subsequent authentication operations. During the authentication/verification phase user biometric data is acquired, and processed. The authentication decision shall be based on the outcome of a matching process of the newly presented biometric to the pre-stored reference templates. [7]

Figure 3. Biometric System [7]

Biometrics can furthermore be defined as either passive or active. Passive biometrics does not require a users active participation and can be successful without a person even knowing that they have been analyzed. Active biometrics does require a persons cooperation and will not work if they deny their participation in the process. Mouse dynamics is one type of biometric that can be used in both active as well as passive monitoring [8].

1.2 Need of Biometrics The method of identification based on biometric characteristics is preferred over traditional passwords and PIN based methods for various reasons such as: The person to be identified is required to be physically present at the time-of-identification. Identification based on biometric techniques obviates the need to remember a password or carry a token. A biometric system is essentially a pattern recognition system which makes a personal identification by determining the authenticity of a specific physiological or behavioral characteristic possessed by the user. Biometric technologies are thus defined as the "automated methods of identifying or authenticating the identity of a living person based on a physiological or behavioral characteristic". A biometric system can be either an 'identification' system or a 'verification' (authentication) system, which are defined below. Identification - One to Many: Biometrics can be used to determine a person's identity even without his knowledge or consent. For example, scanning a crowd with a camera and using face recognition technology, one can determine matches against a known database. Verification - One to One: Biometrics can also be used to verify a person's identity. For example, one can grant physical access to a secure area in a building by using finger scans or can grant access to a bank account at an ATM by using retinal scan. Biometric authentication requires to compare a registered or enrolled biometric sample (biometric template or identifier) against a newly captured biometric sample (for example, the one captured during a login). This is a three-step process (Capture, Process, Enroll) followed by a Verification or Identification process. During Capture process, raw biometric is captured by a sensing device such as a fingerprint scanner or video camera. The second phase of processing is to extract the distinguishing characteristics from the raw biometric sample and convert into a processed biometric identifier record (sometimes called biometric sample or biometric template). Next phase does the process of enrollment. Here the processed sample (a mathematical representation of the biometric - not the original biometric sample) is stored / registered in a storage medium for future comparison during an authentication. In many commercial applications, there is a need to store the processed biometric sample only. The original biometric sample cannot be reconstructed from this identifier.
4

1.3 Characteristics of Biometrics 1. Universal: Every person must possess the characteristic/attribute. The attribute must be one that is universal and seldom lost to accident or disease. 2. Invariance of properties: They should be constant over a long period of time. The attribute should not be subject to significant differences based on age either episodic or chronic disease. 3. Measurability: The properties should be suitable for capture without waiting time and must be easy to gather the attribute data passively. 4. Singularity: Each expression of the attribute must be unique to the individual. The characteristics should have sufficient unique properties to distinguish one person from any other. Height, weight, hair and eye color are all attributes that are unique assuming a particularly precise measure, but do not offer enough points of differentiation to be useful for more than categorizing. 5. Acceptance: The capturing should be possible in a way acceptable to a large percentage of the population. Excluded are particularly invasive technologies, i.e. technologies which require a part of the human body to be taken or which (apparently) impair the human body. 6. Reducibility: The captured data should be capable of being reduced to a file which is easy to handle. 7. Reliability and tamper-resistance: The attribute should be impractical to mask or manipulate. The process should ensure high reliability and reproducibility. 8. Privacy: The process should not violate the privacy of the person. 9. Comparable: Should be able to reduce the attribute to a state that makes it digitally comparable to others. The less probabilistic the matching involved, the more authoritative the identification. 10. Inimitable: The attribute must be irreproducible by other means. The less reproducible the attribute, the more likely it will be authoritative.

Among the various biometric technologies being considered, the attributes which satisfy the above requirements are fingerprint, facial features, hand geometry, voice, iris, retina, vein patterns, palm print, DNA, keystroke dynamics, ear shape, odor, signature etc. A biometric system can be classified into two modules- (i) Database Preparation Module and (ii) Verification Module. The Database Preparation Module consists of two sub modules, and they are (a) Enrollment Module and (b) Training Module while the other module, Verification module can be divided into two modules (a) Matching Module and (b) Decision Module. 1.3 Multimodal Biometric Systems Multimodal biometric systems are those that utilize more than one physiological or behavioural characteristic for enrollment, verification, or identification. In applications such as border entry/exit, access control, civil identification, and network security, multi-modal biometric systems are looked to as a means of 1. Reducing false non-match and false match rates, 2. Providing a secondary means of enrollment, verification, and identification if sufficient data cannot be acquired from a given biometric sample, and 3. Combating attempts to fool biometric systems through fraudulent data sources such as fake fingers. A multimodal biometric verification system can be considered as a classical information fusion problem i.e. can be thought to combine evidence provided by different biometrics to improve the overall decision accuracy. Generally, multiple evidences can be integrated at one of the following three levels. Abstract level: The output from each module is only a set of possible labels without any confidence value associated with the labels; in this case a simple majority rule may be used to reach a more reliable decision. Rank level: The output from each module is a set of possible labels ranked by decreasing confidence values, but the confidence values themselves are not specified. Measurement level: the output from each module is a set of possible labels with associated confidence values; in this case, more accurate decisions can be made by integrating different confidence values.

1.4 Keystroke Dynamics Keystroke Dynamics is the process of analysing the typing behaviour of persons how they types on the keyboard. This can be characterized by timing when keys are pressed down or released. Other characteristics pressure, angle of pressing the key and more, in which case we need special hardware, e.g. a special keyboard or a camera.There are two types of keystroke dynamics. 1.4.1 Static Keystroke Dynamics Static keystroke dynamics is the dynamics in which typed data is fixed and the time at which this information typed in is also fixed (during login time or after a pre-determined period of time). 1.4.2 Continuous keystroke dynamics Continuous keystroke dynamics is the dynamics in which case the typing characteristics are analyzed during a complete session [3]. Keystroke dynamics is a behavioral measurement and it aims to identify users based on the typing of the individuals or attributes such as duration of a keystroke or key hold time, latency of keystrokes (inter-keystroke times), typing error, force of keystrokes etc. The advantages of keystroke dynamics are obvious in computer environment as it provides a simple natural method for increased computer security. Static keystroke analysis is performed on typing samples produced using predetermined text for all the individuals under observation. Dynamic analysis implies a continuous or periodic monitoring of issued keystrokes. It is performed during the log-in session and continues after the session. [7] There are two basic types of recognition errors: the False Alarm Rate (FAR) and the Imposter Pass Rate (IPR). FAR is the percentage of genuine users incorrectly categorized as imposters and IPR is the percentage of imposters incorrectly matched to a genuine users reference template. Equal Error Rate (EER) is the rate of setting at which both false alarm and imposter pass errors are equal. EER is also known as the cross over error rate (CER). The lower the ERR (or CER), more accurate is the system. The overall performance of a biometric system is assessed in terms of its accuracy, speed, storage, cost and ease-of-use.[7] 1.5 Metrics for Keystroke Dynamics

1. Static at login Static keystroke analysis authenticates a typing pattern based on a known keyword, phrase or some other predetermined text. The typing pattern captured is compared against a previously recorded typing patterns stored during system enrollment. 2. Periodic dynamic Dynamic keystroke analysis authenticates a user on the basis of their typing during a logged session. The data, which is captured in the logged session, is then compared to an archived typing pattern to determine the deviations. In a periodic configuration, the authentication can be constant; either as part of a timed supervision. 3. Continuous dynamic Continuous keystroke analysis extends the data capturing to the entire duration of the logged session. The continuous nature of the user monitoring offers significantly more data upon which the authentication judgment is based. Furthermore, an impostor may be detected earlier in the session than under a periodically monitored implementation. 4. Keyword-specific Keyword-specific keystroke analysis extends the continuous or periodic monitoring to consider the metrics related to specific keywords. Extra monitoring is done to detect potential misuse of sensitive commands. Static analysis could be applied to specific keywords to obtain a higher confidence judgment. 5. Application-specific Application-specific keystroke analysis further extends the continuous or periodic monitoring. It may be possible to develop separate keystroke patterns for different applications. [9]

CHAPTER 2 LITERATURE SURVEY

N. Harun et al. (2010) [10] addresses the issue of enhancing systems security using keystroke biometrics as a translucent level of user authentication. The paper focuses on using the time interval between keystrokes as a feature of individuals typing patterns to recognize authentic users and reject imposters. A Multilayer Perceptron neural network with a BP learning algorithm is used to train and validate the features. The results are compared with a Radial Basis Function neural network and several distance classifier method used in literature based on EER. Mohammad S. Obaidat et al. (1993) [11] presents a new method of identifying computer users based on the individual typing technique of the users. The identification system is a pattern classification system based on a simulation of an artificial neural network. The user types a known sequence of characters, and the inter character times represent a pattern vector to be classified. This vector is presented to the classification system, and the pattern is assigned to a predefined class, thus identifying the user. The system correctly identified 97.8% users at a time. This intelligent system can be used to improve computer security, in addition to the traditional system in a cost effective manner. A. Sulong et al. (2009) [12] the design and development of keystroke pressure based typing biometrics for individual user's verification which based on the analysis of habitual typing of individuals is discussed. RBFN which is one of the artificial neural networks is used as a pattern matching method. The effectiveness of the proposed system is evaluated based upon False Reject Rate and False Accept Rate. A series of experiment shows that the proposed system is effective for biometric-based security system. Tomer Shimshon et al. (2010) [13] proposed a new method that compactly represents the keystroke patterns by joining similar pairs of consecutive keystrokes. This automatically created representation reduces the session size required for inducing the user's verification model. The proposed method was evaluated on 21 legitimate users and 165 attackers. The results were encouraging and suggest that the detection performance of the proposed method

is better than that of existing methods. Specifically they attained a false acceptance rate (FAR) of 3.47% and false rejection rate (FRR) of 0% using only 250 keystrokes. Agata Kolakowska (2010) [14] presents a solution used to collect training data and extract features for a user authentication system based on the keystroke dynamics. Then a few approaches which might be applied to authenticate users basing on the keystroke rhythm are presented. These approaches are going to be tested in order to choose an efficient method to be applied as a part of a biometric security system for mobile workstations, which is being created within the framework of the SART -2 project. H. Saevanee et al. (2008) [15] proposed behavioural manners of users over the touchpad acting like touch screen that is able to detect the finger pressure. These behaviours are keystroke dynamics and the finger pressure. The finding has shown that, the finger pressure gives the discriminative information more than keystroke dynamics with the k-NN analytical method. Moreover, using only the finger pressure produces high accuracy rate of 99%. Chun-wei Tseng et al. (2010) [16] proposed an integrated technique approach to enhance user identification. They adopt keystroke dynamics as a biometric to strength conventional password mechanism and keep these characteristic values into RFID cards as pattern template for user identification. Shallen Giroux et al. (2009) [17] presents a new approach to keystroke analysis that uses key press interval ratios to authenticate users. Participants in this study registered their passwords into a specially-designed analysis program. Key press ratios were calculated, and neural network techniques were employed to obtain a mapping between patterns and the correct user. Results indicate that authentication through key press ratios achieves high true acceptance rates, while also maintaining low false acceptance rates, which are particularly important in high-security applications. The approach presented here is suitable for incorporation into agent-based networked security systems. GREYC Keystroke: a Benchmark for Keystroke Dynamics Biometric Systems [9] Even if the market penetration rate of biometric technologies is still far below its potential, many biometric systems are used in our daily real-life. One of the main reasons to its low proliferation is the lack of a generic and complete approach that quantifies the performance of biometric systems taking into account individuals perception among the process. Among all the existing biometric modalities, authentication systems based on keystroke dynamics are particularly interesting. Many researchers proposed in the last decades some algorithms to
10

increase the efficiency of this approach. Nevertheless, none significant benchmark is available and commonly used in the state of the art to compare them by using a similar and rigorous protocol. We propose in this paper: a benchmark testing suite composed of a database and a software that are available for the scientific community for the evaluation of keystroke dynamics based systems. Performance evaluation of various keystroke dynamics methods tested on the database is available in. Effects of user habituation in keystroke dynamics on password security policy [8] Access control systems rely on a variety of methods for authenticating legitimate users and preventing malicious ones from accessing the system. The most commonly used system is a simple username and password approach. This technology has been the de-facto standard for remote authentication applications. A username-password based system assumes that only the genuine users know their own credentials. However, breaching this type of system has become a common occurrence in todays age of social networks and modern computational devices. Once broken, the system will accept every authentication trial using compromised credentials until the breach is detected. In this paper, we explore certain aspects of utilizing keystroke dynamics in username-password based systems. We show that as users get habituated to typing their credentials, there is a significant reduction in the variance of the keystroke patterns. This trend is more pronounced for long and complex passwords as opposed to short dictionary based passwords. We also study the time window necessary to perceive habituation in user typing patterns. Furthermore, we show that habituation plays a key role in classification of genuine login attempts by reducing the equal error rate (EER) over time. Finally, we explore an authentication scheme that employs the security of complex passwords and keystroke dynamics. Continuous and Non-intrusive Identity Verification in Real-time Environments based on Free-Text Keystroke Dynamics [10] In this paper, we provide a non-intrusive identity verification scheme based on behavior biometrics where keystroke dynamics based-on free-text is used continuously for verifying the identity of a user in real-time. We improved existing keystroke dynamics based verification schemes in four aspects. First, we improve the scalability where we use a constant number of users instead of whole user space to verify the identity of target user. Second, we provide an adaptive user model which enables our solution to take the change of user behavior into consideration in verification decision. Next, we identify a new distance

11

measure which enables us to verify identity of a user with shorter text. Fourth, we decrease the number of false results. Our solution is evaluated on a data set which we have collected from users while they were interacting with their mail-boxes during their daily activities. Keystroke Dynamics Verification Using a Spontaneously Generated Password [11] Current keystroke dynamics applications have tackled the problem of traditional knowledgebased static password verification, but the problem of spontaneous password verification persists. The intent of this study was to examine the predictive strength of typing patterns for spontaneous passwords. The typing patterns of an individual typing at a DELL keyboard on a DELL OptiPlex GX260 machine were recorded. Variables collected included keystroke press time and keystroke latency. Computed performance measures included false match rates (FMR) and false non match rates (FNMR) at various threshold levels. Keystroke Dynamics for User Authentication [12] In this paper we investigate the problem of user authentication using keystroke biometrics. A new distance metric that is effective in dealing with the challenges intrinsic to keystroke dynamics data, i.e., scale variations, feature interactions and redundancies, and outliers is proposed. Our keystroke biometrics algorithms based on this new distance metric are evaluated on the CMU keystroke dynamics benchmark dataset and are shown to be superior to algorithms using traditional distance metrics. Comparing Anomaly-Detection Algorithms for Keystroke Dynamics [14] Keystroke dynamicsthe analysis of typing rhythms to discriminate among usershas been proposed for detecting impostors (i.e., both insiders and external attackers). Since many anomaly-detection algorithms have been proposed for this task, it is natural to ask which are the top performers (e.g., to identify promising research directions). Unfortunately, we cannot conduct a sound comparison of detectors using the results in the literature because evaluation conditions are inconsistent across studies. Our objective is to collect a keystroke-dynamics data set, to develop a repeatable evaluation procedure, and to measure the performance of a range of detectors so that the results can be compared soundly. We collected data from 51 subjects typing 400 passwords each, and we implemented and evaluated 14 detectors from the keystroke dynamics and pattern-recognition literature. The three top-performing detectors achieve equal-error rates between 9.6% and 10.2%. The resultsalong with the shared data and evaluation methodologyconstitute a benchmark for comparing detectors and measuring progress.
12

User-Representative Feature Selection for Keystroke [17] Dynamics Continuous user authentication with keystroke dynamics uses characters sequences as features. Since users can type characters in any order, it is imperative to find character sequences (n-graphs) that are representative of user typing behavior. The contemporary feature selection approaches do not guarantee selecting frequently-typed features which may cause less accurate statistical user-representation. Furthermore, the selected features do not inherently reflect user typing behavior. We propose four statistical-based feature selection techniques that mitigate limitations of existing approaches. The first technique selects the most frequently occurring features. The other three consider different user typing behaviors by selecting: n-graphs that are typed quickly; n-graphs that are typed with consistent time; and n-graphs that have large time variance among users. We use Gunettis keystroke dataset and k-means clustering algorithm for our experiments. The results show that among the proposed techniques, the most-frequent feature selection technique can effectively find userrepresentative features. We further substantiate our results by comparing the most-frequent feature selection technique with three existing approaches (popular Italian words, common ngraphs, and least frequent n graphs). We find that it performs better than the existing approaches after selecting a certain number of most-frequent n-graphs. paper uses a static keystroke dynamics in user authentication. User Authentication Through Typing Biometrics Features [20] The inputs are the key down and up times and the key ASCII codes captured while the user is typing a string. Four features (key code, two keystroke latencies, and key duration) were analyzed and seven experiments were performed combining these features. The results of the experiments were evaluated with three types of user: the legitimate, the impostor and the observer impostor users. The best results were achieved utilizing all features, obtaining a false rejection rate of 1.45% and a false acceptance rate of 1.89%. This approach can be used to improve the usual login-password authentication when the password is no more a secret. This paper innovates using four features to authenticate users. Time Signatures An Implementation of Keystroke and Click Patterns for Practical and Secure Authentication [22] The analysis of Keystroke Dynamics (KD) is a developing biometric technique for user authentication. In computer security, its use is limited to some constraints such as longer typing and practice sessions. In this paper, a practical user authentication system is proposed
13

that combines a conventional login/password method and a said biometric technique. The conventional password authentication method is enhanced through analysis of Keystroke Dynamics (KD) and Click Patterns (CP). In this way increased security level is achieved without using long and complicated passwords. For this, an application is developed to demonstrate the technique and the results are analyzed. User Time Signatures (TS) are identified after analyzing user KD and CP. Based on ability to follow their specific TS, users are categorized into beginner, standard and expert. At the time of login, the user inputs are matched with respective database records for authentication. Evaluating the Reliability of Credential Hardening through Keystroke Dynamics [24] Most computer systems rely on usernames and passwords as a mechanism for authentication and access control. These credential sets offer weak protection to a broad scope of applications with differing levels of sensitivity. Traditional physiological biometric systems such as fingerprint, face, and iris recognition are not readily deployable in remote authentication schemes. Keystroke dynamics provide the ability to combine the ease of use of username / password schemes with the increased trust worthiness associated with biometrics. Our research extends previous work on keystroke dynamics by incorporating shift-key patterns. The system is capable of operating at various points on a traditional ROC curve depending on application specific security needs. A 1% False Accept Rate is attainable at a 14% False Reject Rate. An Equal Error Rate of 5% is suitable for systems requiring a relatively low security. As a username password authentication scheme, our approach decreases the system penetration rate associated with compromised passwords by 95%-99%. Said performance measures can be further improved through optimization of the classification algorithm on a user specific basis. A comparative study of secret code variants in terms of keystroke dynamics [26]
Mr N. Pavaday and Prof. K. M. S. Soyjaudah (2008) [26] The rise of the Internet and the push

for ubiquitous computing has brought a proliferation of numerous single method solutions, forcing users to remember numerous secret codes, a task that is becoming increasingly difficult. On the web, codes are used by publications, blogs, webmail, e-commerce sites, and financial institutions. Elsewhere, they serve as authentication mechanism for internet service providers (ISPs), email servers, local and remote host account, ATM, voicemails and so on. Existing textual passwords, token based systems, and other methods often do not offer the necessary security standard. Fortunately biometric systems that are based on the biological

14

features of the user when typing texts are very promising in enhancing the de facto textual password. The main objective of this paper is to assess and report on the suitability of keystroke dynamics in protecting access to resources when users are typing the different types of password that exist. Daw-Tung Lin (1997) [28] presents a novel application of neural net to user identity authentication on computer-access security system. Keystroke latency is measured for each user and forms the patterns of keyboard dynamics. A three-layered back propagation neural network with flexible number of input nodes was used to discriminate valid users and impostors according each individuals password keystroke pattern. System verification performance was improved by setting convergence criteria RMSE to a smaller threshold value during training procedure. The resulting system gave a 1.1% FAR (false alarm rate) in rejecting valid users and zero IPR (impostor pass rate) in accepting no impostors. The performance of the proposed identification method is superior to that of previous studies. A suitable network structure for this application was also discussed. Furthermore, the implementation of this approach requires no special hardware and is easy to be integrated with most computer systems. Roy A. Maxion et al. (2010) [29] Keystroke dynamics is the process of identifying individual users on the basis of their typing rhythms, which are in turn derived from the timestamps of key-press and key release events in the keyboard. Many researchers have explored this domain, with mixed results, but few have examined the relatively impoverished territory of digits only, particularly when restricted to using a single finger which might come into play on an automated teller machine, a mobile phone, a digital telephone dial, or a digital electronic security keypad at a building entrance. In this work, 28 users typed the same IOdigit number, using only the right-hand index finger. Employing statistical machine-learning techniques (random forest), they achieved an un-weighted correct-detection rate of 99. 97% with a corresponding false-alarm rate of 1.51%, using practiced 2- of-3 encore typing with outlier handling. This level of accuracy approaches sufficiency for two-factor authentication for passwords or PIN numbers.
Saurabh Singh, Dr. K.V.Arya (2011) [30] proposed a novel technique for free text keystroke

dynamics. In this method, keys are classified into two halves (left - right) and four lines (total eight groups) and then timing vectors (of flight time) are obtained between these key groups. Timing vectors are used to distinguish the legitimate user from imposters. The results

15

obtained are very encouraging and supporting the approach followed in this work. Biometric methods are individual characteristics that cannot be used by imposters to enter in a secured system.
A. Schclar, L. Rokach et al. (2012) [31] introduced a novel approach for user authentication

based on the keystroke dynamics of the password entry. A classifier is tailored to each user and the novelty lies in the manner by which the training set is constructed. Specifically, only the keystroke dynamics of a small subset of users, which referred to as representatives, is used along with the password entry keystroke dynamics of the examined user. The contribution of this approach is twofold: it reduces the possibility of over fitting, while allowing scalability to a high volume of users. They proposed two strategies to construct the subset for each user. The first selects the users whose keystroke profiles govern the profiles of all the users, while the second strategy chooses the users whose profiles are the most similar to the profile of the user for whom the classifier is constructed. Results are promising reaching in some cases 90% area under the curve. In many cases, a higher number of representatives deteriorate the accuracy which may imply over fitting. An extensive evaluation was performed using a dataset containing over 780 users. Manoj Kumar Singh (2009) [10vol4] proposed a method to exploit the artificial neural network to develop the more secure means of authentication, which is more efficient in providing the authentication, at the same time simple in design, has given. Apart from protection, a step toward perfect security has taken by adding the feature of intruder detection along with the protection system. This is possible by analysis of several logical parameters associated with the user activities. A new method of designing the security system centrally based on neural network with intrusion detection capability to handles the challenges available with present solutions, for any kind of resource has presented.

16

REFERENCES
[1] S.M. Matyas, J. Stapleton, A biometric standard for information management and security, Computers & Security, 19 (n. 2) (2000), pp. 428441 [2] Wiktionay.com, Biometrics, (http://en.wiktionary.org/wiki/biometrics), October 2008. [3] Gunetti, D. & Picardi, Keystroke analysis of free text, ACM Trans. Information System Security, 8(3), 312347, C. 2005 [4] Whatis.com, Biometrics, (http://searchsecurity.techtarget.com), October 2008. [5] A. A. E. Ahmed and I. Traore, A new biometric technology based on mouse dynamics, IEEE Transactions on Dependable and Secure Computing, vol. 4, pp. 165179, July/Sept. 2007. [6] Whatis.com, Biometric Terms: Glossary, http://whatis.techtarget.com/definition/0,,sid9_gci1189377,00.html, June 2006. [7] M. Karnan, M. Akila, N. Krishnaraj, Biometric personal authentication using keystroke dynamics: A review, Applied Soft Computing 11 (2011) 15651573. [8] Saito William, Biometrics: Installing and Integrating Biometric Systems into your Existing Systems, NISS (National Information Systems Security) Conference, October 1999. [9] Mrs. D. Shanmugapriya, Dr. G. Padmavathi, A Survey of Biometric keystroke Dynamics: Approaches, Security and Challenges, (IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009 [10] N. Harun, W. L. Woo and S.S. Dlay, Performance of Keystroke Biometrics Authentication System Using Artificial Neural Network (ANN) and Distance Classifier Method, International Conference on Computer and Communication Engineering, 11-13 May 2010, Kuala Lumpur, Malaysia, 2010 IEEE. [11] Mohammad S. Obaidat and David T. Macchiarolo, An On-Line Neural Network System for Computer Access Security, IEEE Transactions on Industrial Electronics, VOL. 40 NO 2, APRIL 1993 IEEE

17

[12] A. Sulong, Wahyudi and M.D. Siddiqi, Intelligent Keystroke Pressure-Based Typing Biometrics Authentication System Using Radial Basis Function Network, International Islamic University Malaysia (IIUM), Kuala Lumpur, Malaysia, 2009 IEEE [13] Tomer Shimshon, Robert Moskovitch, Lior Rokach, Yuval Elovici, Continuous Verification Using Keystroke Dynamics, International Conference on Computational Intelligence and Security, 2010 IEEE. [14] Agata Kolakowska, Generating Training Data for SART-2 Keystroke Analysis Module, Proceedings of the 2nd International Conference on Information Technology, June 2010, Gdansk, Poland. [15] H. Saevanee, P. Bhatarakosol, User Authentication using Combination of Behavioral Biometrics over the Touchpad acting like Touch screen of Mobile Device, International Conference on Computer and Electrical Engineering, 2008 IEEE. [16] Chun-wei Tseng, Ting-yi Lin, Feng-jung Liu, Design and Implementation of a RFIDbased Authentication System by Using Keystroke Dynamics, Department of Information Management, Cheng Shiu University, Taiwan, 2010 IEEE. [17] Shallen Giroux, R. Wachowiak-Smolikova, Keypress Interval Timing Ratios as Behavioral Biometrics for Authentication in Computer Security, Department of Computer Science and Mathematics, Nipissing University, North Bay, 2009 IEEE [28] Daw-Tung Lin, Computer-Access Authentication with Neural Network Based Keystroke Identity Verification, Computer Science Department, 1997 IEEE [29] Roy A. Maxion and Kevin S. Killourhy, Keystroke Biometrics with Number-Pad Input, International Conference on Dependable Systems & Networks (DSN), 2010 IEEE. [30] Saurabh Singh, Dr. K.V. Arya, Key Classification: A New Approach in Free Text Keystroke Authentication System, AVB Institute of Information Technology, Gwalior, India, 2011 IEEE. [31] Alon Schclar, Lior Rokach, Adi Abramson, and Yuval Elovici, User Authentication Based on Representative Users, IEEE Transactions on Systems, Man, and Cybernetics, VOL. 42, NO. 6, NOVEMBER 2012.

18

[ ] Manoj Kumar Singh, Password Based A Generalize Robust Security System Design Using Neural Network, IJCSI International Journal of Computer Science Issues, Vol. 4, No. 2, 2009 www.cse.iitk.ac.in/users/biometrics/pages/what_is_biom_more.htm

19