Presentation is loading. Please wait.

Presentation is loading. Please wait.

Research Experiment Design Sprint: Keystroke Biometric Intrusion Detection Ned Bakelman Advisor: Dr. Charles Tappert.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Research Experiment Design Sprint: Keystroke Biometric Intrusion Detection Ned Bakelman Advisor: Dr. Charles Tappert."— Presentation transcript:

1 Research Experiment Design Sprint: Keystroke Biometric Intrusion Detection Ned Bakelman Advisor: Dr. Charles Tappert

2 Research Problem Statement Using the keystroke biometric, how quickly and how accurately can we detect an intruder’s unauthorized use of another person’s computer?

3 Background DARPA is funding work to monitor military and government computers to detect intrusions Pace University has developed a sophisticated keystroke biometrics system for text input 300 keystrokes good accuracy- time response tradeoff The Pace Keystroke Biometric System (PKBS) was updated to handle completely free (application independent) keystroke samples

4 Methodology Monitor each computer and continuously authenticate the user through via keystroke input Assume one authorized user per machine for simplicity During this continuing authentication process we want to detect an intruder as someone other than the authorized user

5 Intruder Scenario 1 User Bob leaves his office for lunch with his computer running and unlocked Intruder Trudy sits down at Bob’s desk and uses the computer while Bob is at lunch Trudy is not being malicious, but just taking advantage of an available computer – using it to type documents, surf the web, check her Facebook account, etc. However there is sensitive information that Trudy could come across, so detecting that an “innocent” intruder is working on Bob’s computer is important

6 Intruder Scenario 2 Bob goes on his lunch break and leaves his computer accessible (on and unlocked, or password available) Intruder Trudy starts using Bob’s computer to do various malicious activities: Send emails impersonating Bob Logon to Expense Tracking-Reimbursement to enter fake claims Logon on to CRM (Customer Relationship Management) system to obtain contact information on customers Modify financial statement spreadsheets on Bob’s hard drive This is a more serious intrusion than Scenario 1

7 Research Experiment Design Sprint Design experiments to investigate the problem statement re the two scenarios Ideas Keyboard-entered keystrokes are a time series Simulate the time series keystroke data of the authentic user with inserted intruder data Use the data to run experiments with PKBS to obtain performance results

8 Key Ideas Keyboard-entered keystrokes are a time series Use an authentication window on the time series to authenticate the user on each window Should the window duration be in time or number of keystrokes? Fixed #Keystroke window is better – give rationale If authentication fails, an intruder is detected! Simulate this process by inserting blocks of intruder data into authentic time series Use PKBS to obtain performance results

9 Authentication Window Design 1 Authenticate the user on windows of 300 keystrokes (possibly overlapping to better detect intruder) 1300600900120015001800 300 KS 300 KS 300 KS 300 KS 300 KS 300 KS 150 300 KS 450750105013501650 300 KS 300 KS 300 KS 300 KS Keystroke Count

10 Authenticate the user on windows of 300 keystrokes Insert a block of intruder’s keystrokes Start a new window after a significant pause Assumes a pause for intruder access Negates necessity for overlapping windows 13006009001300600 300 KS 300 KS 300 KS 300 KS 300 KS Pause Threshold Keystroke Count Authentication Window Design 2

11 PKBS Experiment Design Number of subjects for normal keystroke entry Number of subjects for intruder keystroke entry Number of training and test samples Etc.

12 Normal user data is typical user input Email, word processing, spreadsheet entry, web surfing, etc. Intruder likely has special characteristics What are these characteristics (commands, etc.)? Might be a fast typist Can the special characteristics of intruder data be used to assist intruder detection? Normal User versus Intruder Data

13 Scenario 1 Use normal typical-user keystroke input Email, word processing, spreadsheet entry, web surfing, etc. Scenario 2 Use simulated intruder keystroke input Special types of commands, etc., maybe fast typing Simulated Intruder Scenarios

14 Analysis of Experimental Results Review Receiver Operating Characteristic (ROC) Curves Explore tradeoff between FAR and FRR Etc.

15 Newly Discovered Possible Hypotheses Starting authentication windows after pauses is better than periodic overlapping or non- overlapping windows Longer authentication windows yield higher performance but slower detection times (graph trade-off, try to find best trade-off) Detecting malicious intruders is easier than detecting non-malicious ones

Download ppt "Research Experiment Design Sprint: Keystroke Biometric Intrusion Detection Ned Bakelman Advisor: Dr. Charles Tappert."

Similar presentations

Touch-Screen Mobile- Device Data Collection for Biometrics Studies W. Ciaurro, B. Major, D. Martinez, D. Panchal, G. Perez, M. Rana, R. Rana, R. Reyes,

Touch-Screen Mobile- Device Data Collection for Biometrics Studies W. Ciaurro, B. Major, D. Martinez, D. Panchal, G. Perez, M. Rana, R. Rana, R. Reyes,
Business Planning using Spreasheets-2 1 BP-2: Good Spreadsheet Practice  There is always the temptation to rush in and start entering data.  However.

Business Planning using Spreasheets-2 1 BP-2: Good Spreadsheet Practice  There is always the temptation to rush in and start entering data.  However.
Updated as of July 16, 2013 User Productivity Kit (UPK)

Updated as of July 16, 2013 User Productivity Kit (UPK)
Tutorial 8: Developing an Excel Application

Tutorial 8: Developing an Excel Application
CIT 1100. In this chapter you will learn how to:  Explain the threats to your computers and data  Describe key security concepts and technologies.

CIT In this chapter you will learn how to:  Explain the threats to your computers and data  Describe key security concepts and technologies.
Behavior-based Authentication Systems

Behavior-based Authentication Systems
Designing a Multi-Biometric System to Fuse Classification Output of Several Pace University Biometric Systems Leigh Anne Clevenger, Laura Davis, Paola.

Designing a Multi-Biometric System to Fuse Classification Output of Several Pace University Biometric Systems Leigh Anne Clevenger, Laura Davis, Paola.
Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.

Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.
Social Engineering Networks Reid Chapman Ciaran Hannigan.

Social Engineering Networks Reid Chapman Ciaran Hannigan.
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives  Give examples of common network.

Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives  Give examples of common network.
CSA 223 network and web security Chapter one

CSA 223 network and web security Chapter one
Research Experiment Design Sprint: Keystroke Biometric Intrusion Detection Ned Bakelman Advisor: Dr. Charles Tappert.

Research Experiment Design Sprint: Keystroke Biometric Intrusion Detection Ned Bakelman Advisor: Dr. Charles Tappert.
T EAMS 2 & 4 R ESEARCH D AY P RESENTATION P RESENTERS T EAMS 2 & 4 T HE M ICHAEL L. G ARGANO 9 TH A NNUAL R ESEARCH D AY P RESENTATION P RESENTERS E DYTA.

T EAMS 2 & 4 R ESEARCH D AY P RESENTATION P RESENTERS T EAMS 2 & 4 T HE M ICHAEL L. G ARGANO 9 TH A NNUAL R ESEARCH D AY P RESENTATION P RESENTERS E DYTA.
Your Interactive Guide to the Digital World Discovering Computers 2012 Chapter 10 Managing a Database.

Your Interactive Guide to the Digital World Discovering Computers 2012 Chapter 10 Managing a Database.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Keystroke Biometric Studies Security Research at Pace Keystroke Biometric Drs. Charles Tappert and Allen Stix Seidenberg School of CSIS.

Keystroke Biometric Studies Security Research at Pace Keystroke Biometric Drs. Charles Tappert and Allen Stix Seidenberg School of CSIS.
Keystroke Biometric Studies Assignment 2 – Review of the Literature Case Study – Keystroke Biometric Describe problem investigated (intro + abstract) Developed.

Keystroke Biometric Studies Assignment 2 – Review of the Literature Case Study – Keystroke Biometric Describe problem investigated (intro + abstract) Developed.
Keystroke Biometrics Test Taker Setup and Data Collection Fall 2009.

Keystroke Biometrics Test Taker Setup and Data Collection Fall 2009.
Keystroke Biometric Studies Keystroke Biometric Identification and Authentication on Long-Text Input Book chapter in Behavioral Biometrics for Human Identification.

Keystroke Biometric Studies Keystroke Biometric Identification and Authentication on Long-Text Input Book chapter in Behavioral Biometrics for Human Identification.
Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.

Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.

Similar presentations

Ads by Google