Abstract:
With the cybercrime rate at high levels, the need for a tightening of security in user accounts is
growing. Currently, users are only authenticated at the entry point to the system and users only use
single-factor authentication on most accounts which makes the accounts even more vulnerable.
Attackers are even capable of hijacking already authenticated accounts. In order to defend against
this, there should be a mechanism to continuously authenticate users without giving an overhead to
the user experience. The author proposes a continuous authentication mechanism for secondary
authentication based on keystroke dynamics. As it uses personalised data to authenticate a user it is
more tamper-proof that other methods and also this method will not add any unwanted overhead to
the user experience as it will be running on the background and will have a better user experience
that existing secondary authentication mechanism. The author introduces a new classification
algorithm based on the nearest neighbour algorithm and a new feature vector that can be used in a
multi-device type environment (i.e. desktop, mobile and etc). A false acceptance rate 0.12 and a false
rejection rate of 0.16 has been achieved by the systems’ classification algorithm. These results were
achieved by using only 200 keystrokes for initial training and 100 keystrokes for authentication. The
system also includes a way to continuous update of user behavioural data which helps to improve the
accuracy. The system uses a centralized service type deployment so multiple applications can make
use of the service.
