The original dream of Keystroke Analysis was the same as that of other biometric techniques: replacing traditional authentication methods with techniques based on the analysis of the typing dynamics of users. Unfortunately, until now a sufficient level of accuracy and user friendliness for practical applications has not been achieved. However, typing rhythms are available throughout an entire login session and, if we can perform Keystroke Analysis of free text, we can implement one of the best applications of continuous authentication: Intrusion Detection. In this case, an accuracy that is still not acceptable for access control can be more than sufficient as part of an Intrusion Detection policy, where (1) alarms that have been raised must in any case be validated by a human (e.g., a system administrator); (2) intrusions are normally detected joining together different techniques, in order to improve the resulting accuracy. In this chapter we discuss the potentialities of Keystroke Analysis as a tool for Intrusion Detection and other security applications, and investigate experimentally how the accuracy of the analysis scales with the increase of the number of individuals involved, a fundamental issue if we want to add Keystroke Analysis to the set of tools that can be used to improve the security of our computers and networks.
Keystroke Analysis as a Tool for Intrusion Detection
GUNETTI, Daniele;PICARDI, Claudia
2012-01-01
Abstract
The original dream of Keystroke Analysis was the same as that of other biometric techniques: replacing traditional authentication methods with techniques based on the analysis of the typing dynamics of users. Unfortunately, until now a sufficient level of accuracy and user friendliness for practical applications has not been achieved. However, typing rhythms are available throughout an entire login session and, if we can perform Keystroke Analysis of free text, we can implement one of the best applications of continuous authentication: Intrusion Detection. In this case, an accuracy that is still not acceptable for access control can be more than sufficient as part of an Intrusion Detection policy, where (1) alarms that have been raised must in any case be validated by a human (e.g., a system administrator); (2) intrusions are normally detected joining together different techniques, in order to improve the resulting accuracy. In this chapter we discuss the potentialities of Keystroke Analysis as a tool for Intrusion Detection and other security applications, and investigate experimentally how the accuracy of the analysis scales with the increase of the number of individuals involved, a fundamental issue if we want to add Keystroke Analysis to the set of tools that can be used to improve the security of our computers and networks.
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
