Biometric Analyses of Keystrokes | Minimizing Cyber Risks

About the job

Every person types uniquely: by analyzing the duration and speed of keystrokes, individual profiles can be created. But how precise and reliable is the implementation of such keystroke analyses? Patricia Stoll, a master's student in Computational Biology and Bioinformatics at ETH Zurich, examined various methods from the fields of Artificial Intelligence (AI) and Machine Learning (ML) during her one-year internship at CyOne Security to assess their suitability and to check whether access control systems according to European standards can be realized with them.

The study aimed to investigate how well sequences of keystrokes can be uniquely assigned to a user – in other words, how characteristic keystrokes are for a user. For example, it addressed the question of whether corresponding access control systems can be developed using ML/AI algorithms. Alarm systems based on this are also conceivable, which could, for example, indicate the use of stolen passwords.

In the study, the developers at CyOne Security who supervised me during the internship and I focused not on what we type, but on how we type. Individual typing patterns can be created, for example, from the duration of a keystroke (holding time), the time between releasing one key and pressing the next (up-down time), or between two keystrokes (down-down time). One could also measure the average key pressure.

As part of the study, I analyzed a dataset of 51 users who typed the same password a total of 400 times over eight sessions. I applied, implemented, examined, and compared various algorithms: K-Nearest Neighbors, Adaptive Boosting (AdaBoost), Artificial Neural Network, and Generative Adversarial Networks.

Without going into technical details here, I can state that AdaBoost, a meta-algorithm for ML published by Freund and Schapire in 1997, achieved the best metrics: for example, in user recognition accuracy – users were correctly identified in 94% of cases. Other metrics such as the False Acceptance Rate (FAR) and Miss Rate (MR) could be substantially improved compared to the published research known to us – reduced by half – which was quite remarkable. Nevertheless, even with AdaBoost, we did not yet reach the values set by the European Committee for Electrotechnical Standardization (CENELEC) in the standards EN-50133-1 / EN-60839-11-1. The standard requires a miss rate of a maximum of 0.001% and a false alarm rate of less than 1% to allow a method to be used as the sole authentication method.

A strong password is still much safer today than the analysis techniques examined in the study. However, as an addition, a background-running keyboard analysis can certainly contribute to improved system monitoring, for example, considering the problem of stolen passwords. Suspicious keystrokes can be rejected and/or reported to a system administrator. With the help of AI, a user's identity can thus be confirmed in an additional way. It must not be forgotten that sensitive personal data are collected during keyboard analyses, and their protection against misuse must be ensured.

AI and ML are increasingly permeating our lives. They influence our communication, work, mobility, etc. Examples of such applications are personal assistant systems like Alexa and Siri, behavior algorithm-based advertising on the internet, or self-driving cars. In the field of cyber security, AI and ML also create new possibilities, such as categorizing threat levels or detecting and automating changing cyber-attacks. The challenge is that cybercriminals are constantly trying to improve their techniques. The criminal side also uses AI/ML algorithms for their purposes.

Combining different methods generally increases security. Biometric authentication techniques based on AI and ML, such as fingerprint scanning, facial and iris recognition, are becoming established and quickly adapt to the environment. For example, Apple's Face ID can already recognize partially covered faces today. However, research and industry still face major challenges regarding these developments to further increase user recognition accuracy and ultimately adapt it for a practical product.

Patricia Stoll deals with complex biological questions as part of her master's studies in Computational Biology and Bioinformatics at ETH Zurich, which often involve large amounts of data and are investigated using computer-assisted methods. Her research focuses are in the areas of Machine Learning, Data Science, and Personalized Medicine.

Are you also interested in cyber security and IoT security topics that our developers work on? We offer exciting jobs and attractive employment conditions. Sign up for our job newsletter so we can inform you about all vacancies.