Abstract
This paper examines the use of keystroke analysis as a means of improving authentication in modem information systems, based upon the biometric measurement of user typing characteristics. The discussion identifies that the concept may be implemented in two ways, providing the basis for both an enhanced authentication front-end as well as for continuous, transparent supervision throughout the session.
Two practical systems have been implemented, based upon static and dynamic verification techniques. The static verifier uses a neural network approach, whilst the dynamic verifier involves statistical analysis methods. The effectiveness of each module is examined using experimental test subject groups. The results observed allow the strategies to be contrasted, with a general assessment of the protection that the combination of techniques would afford.
The paper also discusses how the techniques could be integrated within a more comprehensive intrusion detection framework, capable of identifying various classes of abuse.
Chapter PDF
Similar content being viewed by others
References
Anderson, J.P. (1980) Computer Security Threat Monitoring and Surveillance. James P. Anderson Co., Fort Washington, PA.
Bleha S.; Slivinsky, C.; and Hussien, B. (1990) Computer-Access Security Systems Using Keystroke Dynamics. IEEE Transactions on Pattern Analysis and Machine Intelligence, 12, no. 12, 1217–1222.
Fumell, S.M. (1995) Data Security in European Healthcare Information Systems. PhD Thesis. University of Plymouth, UK.
Jobusch, D.L. and Oldehoeft, A.E. (1989) A Survey of Password Mechanisms: Part 1. Computers & Security, 8, no. 7, 587–604.
Joyce, R and Gupta, G. (1990) Identity Authentication Based on Keystroke Latencies. Communications of the ACM, 33, no. 2, 168–176.
Legget, J. and Williams, G. (1988) Verifying identity via keystroke characteristics. International Journal of Man Machine Studies 28: 67–76.
Lunt, T.F. (1990) IDES: An Intelligent System for Detecting Intruders. Proceedings of the Symposium: Computer Security, Threat and Countermeasures, Rome, Italy.
McClelland, J.L. and Rumelhart, D.E. (1986) Parallel Distributed Processing, Volume I. MIT Bradford Press.
Morrissey, J.P. (1995) The Extension and Hardware Implementation of the Comprehensive Integrated Security System Concept. PhD Thesis. University of Plymouth, UK.
Mukherjee, B.; Heberlein, L.T.; Levitt, K.N. (1994) Network Intrusion Detection. IEEE Networks, 8, no. 3, 26–41.
Wood, H.M. (1977) The use of passwords for controlled access to computer resources. National Bureau of Standards Special Publication 500–9, U.S Dept. of Commerce/NB S.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1996 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Furnell, S.M., Morrissey, J.P., Sanders, P.W., Stockel, C.T. (1996). Applications of keystroke analysis for improved login security and continuous user authentication. In: Katsikas, S.K., Gritzalis, D. (eds) Information Systems Security. SEC 1996. IFIP Advances in Information and Communication Technology. Springer, Boston, MA. https://doi.org/10.1007/978-1-5041-2919-0_25
Download citation
DOI: https://doi.org/10.1007/978-1-5041-2919-0_25
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-5041-2921-3
Online ISBN: 978-1-5041-2919-0
eBook Packages: Springer Book Archive