Research Experiment Design Sprint: Keystroke Biometric Intrusion Detection Ned Bakelman Advisor: Dr. Charles Tappert.

Slides:

Advertisements

Similar presentations

Touch-Screen Mobile- Device Data Collection for Biometrics Studies W. Ciaurro, B. Major, D. Martinez, D. Panchal, G. Perez, M. Rana, R. Rana, R. Reyes,

Advertisements

Business Planning using Spreasheets-2 1 BP-2: Good Spreadsheet Practice  There is always the temptation to rush in and start entering data.  However.

Updated as of July 16, 2013 User Productivity Kit (UPK)

Tutorial 8: Developing an Excel Application

CIT In this chapter you will learn how to:  Explain the threats to your computers and data  Describe key security concepts and technologies.

Behavior-based Authentication Systems

Designing a Multi-Biometric System to Fuse Classification Output of Several Pace University Biometric Systems Leigh Anne Clevenger, Laura Davis, Paola.

Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.

Social Engineering Networks Reid Chapman Ciaran Hannigan.

Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives  Give examples of common network.

CSA 223 network and web security Chapter one

Research Experiment Design Sprint: Keystroke Biometric Intrusion Detection Ned Bakelman Advisor: Dr. Charles Tappert.

T EAMS 2 & 4 R ESEARCH D AY P RESENTATION P RESENTERS T EAMS 2 & 4 T HE M ICHAEL L. G ARGANO 9 TH A NNUAL R ESEARCH D AY P RESENTATION P RESENTERS E DYTA.

Your Interactive Guide to the Digital World Discovering Computers 2012 Chapter 10 Managing a Database.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

Keystroke Biometric Studies Security Research at Pace Keystroke Biometric Drs. Charles Tappert and Allen Stix Seidenberg School of CSIS.

Keystroke Biometric Studies Assignment 2 – Review of the Literature Case Study – Keystroke Biometric Describe problem investigated (intro + abstract) Developed.

Keystroke Biometrics Test Taker Setup and Data Collection Fall 2009.

Keystroke Biometric Studies Keystroke Biometric Identification and Authentication on Long-Text Input Book chapter in Behavioral Biometrics for Human Identification.

Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.

Ned Bakelman Advisor: Dr. Charles Tappert Research Experiment Design Sprint: Keystroke Biometric Intrusion Detection.

Robert S. Zack, Charles C. Tappert, and Sung-Hyuk Cha Pace University, New York Performance of a Long-Text-Input Keystroke Biometric Authentication System.

Biometric ROC Curves Methods of Deriving Biometric Receiver Operating Characteristic Curves from the Nearest Neighbor Classifier Robert Zack dissertation.

Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”

Keystroke Biometric Studies Assignment 2 – Review of the Literature Case Study – Keystroke Biometric Describe the problem being investigated Build a case.

The University of California Strengthening Business Practices: The Language of Our Control Environment Dan Sampson Assistant Vice President Financial Services.

End User Computer Controls Marc Engel, CPA, CISA, CFE Risk Management Advisory Services LLC

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.

© 2007 ReadyTalk www.readytalk.com1598 Wynkoop, Denver, CO 80202www.readytalk.com Conferencing Service You shouldn’t need a degree in computer.

The Impact of Physical Security on Network Security

Bellringer Do you think students should study computers? Why or why not?

Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.

BIF713 Operating Systems & Project Management Instructor: Murray Saul

User Profiling for Intrusion Detection in Windows NT Tom Goldring R23.

DARPA-BAA Proposal 2012 Active Authentication Technical POC: Dr. Charles Tappert Principal Investigators: Drs. Tappert, Cha, Chen, Grossman.

BUSINESS B1 Information Security.

McGraw-Hill/Irwin The O’Leary Series © 2002 The McGraw-Hill Companies, Inc. All rights reserved. Microsoft Excel 2002 Lab 4 Using Solver, Linking Workbooks,

Dr. Sha Li Computer-Based Instructional Technology College of Education, Humanities, and Behavioral Sciences AAMU Introduction to FED 529 Course Online.

Keystroke Biometric System Client: Dr. Mary Villani Instructor: Dr. Charles Tappert Team 4 Members: Michael Wuench ; Mingfei Bi ; Evelin Urbaez ; Shaji.

Keystroke Biometrics Studies on a Variety of Short and Long Text and Numeric Input Ned Bakelman, DPS Candidate Charles C. Tappert, PhD, Advisor Seidenberg.

Obtaining Help for Pharmacy Issues. Sign up for the Pharmacy ListServ Send a message to DO NOT add.

Computing Fundamentals Module Lesson 3 — Changing Settings and Customizing the Desktop Computer Literacy BASICS.

Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.

Database What is a database? A database is a collection of information that is typically organized so that it can easily be storing, managing and retrieving.

Keystroke Biometrics Studies on a Variety of Short and Long Text and Numeric Input Ned Bakelman, DPS Candidate Charles C. Tappert, PhD, Advisor Seidenberg.

 Access Control 1 Access Control  Access Control 2 Access Control Two parts to access control Authentication: Are you who you say you are? – Determine.

Lecture 7 Page 1 CS 236, Spring 2008 Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know.

CHAPTER 16 COMPUTER APPLICATIONS. MANAGEMENT INFORMATION SYSTEMS MIS IS AN ORGANIZED SYSTEM OF PROCESSING AND REPORTING INFORMATION IN AN ORGANIZATION.

I can be You: Questioning the use of Keystroke Dynamics as Biometrics —Paper by Tey Chee Meng, Payas Gupta, Debin Gao Presented by: Kai Li Department of.

Topic 5: Basic Security.

INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.

Presenter: Le Quoc Thanh SPYWARE ANALYSIS AND DETECTION.

Biometric for Network Security. Finger Biometrics.

Typing Pattern Authentication Techniques 3 rd Quarter Luke Knepper.

Chapter 6 Discovering the Scope of the Incident Spring Incident Response & Computer Forensics.

SAP R/3 User Administration1. 2 User administration in a productive environment is an ongoing process of creating, deleting, changing, and monitoring.

Outline of this module By the end of this module, you will be able to: Understand the benefits that internet banking provides; Name the different dangers.

How to Make Yourself More Secure Using Public Computers and Free Public Wi-Fi.

Exploring Excel Chapter 8 The Expert User:

ICT Scheme of Work Thursday 26th January 2012.

Computer-User-Input Behavioral Biometrics Dr. Charles C

Keystroke Biometric Studies

Computer-User-Input Behavioral Biometrics The Biometrics we focus on at Pace University Dr. Charles C. Tappert Seidenberg School of CSIS, Pace University.

The Impact of Information Technology on the Audit Process

Robert Leonard Information Security Manager Hamilton

Keystroke Biometric System

Lecture 2 - SQL Injection

Dynamic Authentication of Typing Patterns

Neural Network Typing Authentication

Presentation transcript:

Research Experiment Design Sprint: Keystroke Biometric Intrusion Detection Ned Bakelman Advisor: Dr. Charles Tappert

Research Problem Statement Using the keystroke biometric, how quickly and how accurately can we detect an intruder’s unauthorized use of another person’s computer?

Background DARPA is funding work to monitor military and government computers to detect intrusions Pace University has developed a sophisticated keystroke biometrics system for text input 300 keystrokes good accuracy- time response tradeoff The Pace Keystroke Biometric System (PKBS) was updated to handle completely free (application independent) keystroke samples

Methodology Monitor each computer and continuously authenticate the user through via keystroke input Assume one authorized user per machine for simplicity During this continuing authentication process we want to detect an intruder as someone other than the authorized user

Intruder Scenario 1 User Bob leaves his office for lunch with his computer running and unlocked Intruder Trudy sits down at Bob’s desk and uses the computer while Bob is at lunch Trudy is not being malicious, but just taking advantage of an available computer – using it to type documents, surf the web, check her Facebook account, etc. However there is sensitive information that Trudy could come across, so detecting that an “innocent” intruder is working on Bob’s computer is important

Intruder Scenario 2 Bob goes on his lunch break and leaves his computer accessible (on and unlocked, or password available) Intruder Trudy starts using Bob’s computer to do various malicious activities: Send s impersonating Bob Logon to Expense Tracking-Reimbursement to enter fake claims Logon on to CRM (Customer Relationship Management) system to obtain contact information on customers Modify financial statement spreadsheets on Bob’s hard drive This is a more serious intrusion than Scenario 1

Research Experiment Design Sprint Design experiments to investigate the problem statement re the two scenarios Ideas Keyboard-entered keystrokes are a time series Simulate the time series keystroke data of the authentic user with inserted intruder data Use the data to run experiments with PKBS to obtain performance results

Key Ideas Keyboard-entered keystrokes are a time series Use an authentication window on the time series to authenticate the user on each window Should the window duration be in time or number of keystrokes? Fixed #Keystroke window is better – give rationale If authentication fails, an intruder is detected! Simulate this process by inserting blocks of intruder data into authentic time series Use PKBS to obtain performance results

Authentication Window Design 1 Authenticate the user on windows of 300 keystrokes (possibly overlapping to better detect intruder) KS 300 KS 300 KS 300 KS 300 KS 300 KS KS KS 300 KS 300 KS 300 KS Keystroke Count

Authenticate the user on windows of 300 keystrokes Insert a block of intruder’s keystrokes Start a new window after a significant pause Assumes a pause for intruder access Negates necessity for overlapping windows KS 300 KS 300 KS 300 KS 300 KS Pause Threshold Keystroke Count Authentication Window Design 2

PKBS Experiment Design Number of subjects for normal keystroke entry Number of subjects for intruder keystroke entry Number of training and test samples Etc.

Normal user data is typical user input , word processing, spreadsheet entry, web surfing, etc. Intruder likely has special characteristics What are these characteristics (commands, etc.)? Might be a fast typist Can the special characteristics of intruder data be used to assist intruder detection? Normal User versus Intruder Data

Scenario 1 Use normal typical-user keystroke input , word processing, spreadsheet entry, web surfing, etc. Scenario 2 Use simulated intruder keystroke input Special types of commands, etc., maybe fast typing Simulated Intruder Scenarios

Analysis of Experimental Results Review Receiver Operating Characteristic (ROC) Curves Explore tradeoff between FAR and FRR Etc.

Newly Discovered Possible Hypotheses Starting authentication windows after pauses is better than periodic overlapping or non- overlapping windows Longer authentication windows yield higher performance but slower detection times (graph trade-off, try to find best trade-off) Detecting malicious intruders is easier than detecting non-malicious ones