A decision-making framework for user authentication using keystroke dynamics

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS Computers & Security Pub Date : 2025-08-01 Epub Date: 2025-04-21 DOI:10.1016/j.cose.2025.104494

Viktor Medvedev, Arnoldas Budžys, Olga Kurasova

{"title":"A decision-making framework for user authentication using keystroke dynamics","authors":"Viktor Medvedev, Arnoldas Budžys, Olga Kurasova","doi":"10.1016/j.cose.2025.104494","DOIUrl":null,"url":null,"abstract":"<div><div>Increasingly sophisticated cyber attacks threaten critical infrastructures, requiring more trusted user authentication mechanisms. In this work, we propose a deep learning-based user authentication framework that combines keystroke dynamics with Siamese neural networks to differentiate legitimate users from impostors. A key challenge in this area is the variability in password lengths, which leads to different feature sizes and complicates model training. Our approach uses interpolation-based data fusion strategies to standardize the number of keystroke features, ensuring consistency across different datasets and password lengths. Through experiments on the fused CMU and KeyRecs datasets, we have evaluated the effectiveness of the proposed decision-making framework with adaptive threshold strategies. The threshold strategy determines how the final decision boundary is set with respect to the user’s baseline typing behavior. We empirically evaluated the framework on fused data, achieving an equal error rate as low as 0.11–0.12, indicating strong efficacy in detecting insider threats. We show how the obtained Siamese neural network with triplet loss function can be used to distinguish genuine users from impostors even under different input conditions, contributing to more robust and scalable intrusion detection systems.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"155 ","pages":"Article 104494"},"PeriodicalIF":5.4000,"publicationDate":"2025-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825001828","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"2025/4/21 0:00:00","PubModel":"Epub","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Increasingly sophisticated cyber attacks threaten critical infrastructures, requiring more trusted user authentication mechanisms. In this work, we propose a deep learning-based user authentication framework that combines keystroke dynamics with Siamese neural networks to differentiate legitimate users from impostors. A key challenge in this area is the variability in password lengths, which leads to different feature sizes and complicates model training. Our approach uses interpolation-based data fusion strategies to standardize the number of keystroke features, ensuring consistency across different datasets and password lengths. Through experiments on the fused CMU and KeyRecs datasets, we have evaluated the effectiveness of the proposed decision-making framework with adaptive threshold strategies. The threshold strategy determines how the final decision boundary is set with respect to the user’s baseline typing behavior. We empirically evaluated the framework on fused data, achieving an equal error rate as low as 0.11–0.12, indicating strong efficacy in detecting insider threats. We show how the obtained Siamese neural network with triplet loss function can be used to distinguish genuine users from impostors even under different input conditions, contributing to more robust and scalable intrusion detection systems.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

使用击键动力学的用户身份验证决策框架

日益复杂的网络攻击威胁着关键基础设施，需要更多可信的用户身份验证机制。在这项工作中，我们提出了一个基于深度学习的用户身份验证框架，该框架将击键动力学与暹罗神经网络相结合，以区分合法用户和冒名顶替者。该领域的一个关键挑战是密码长度的可变性，这会导致不同的特征大小和复杂的模型训练。我们的方法使用基于插值的数据融合策略来标准化击键特征的数量，确保不同数据集和密码长度的一致性。通过融合CMU和KeyRecs数据集的实验，我们评估了采用自适应阈值策略的决策框架的有效性。阈值策略决定如何根据用户的基线键入行为设置最终决策边界。我们对融合数据的框架进行了实证评估，错误率低至0.11-0.12，表明该框架在检测内部威胁方面具有很强的有效性。我们展示了如何使用获得的具有三重损失函数的Siamese神经网络来区分真实用户和冒名顶替者，即使在不同的输入条件下，也有助于更鲁棒和可扩展的入侵检测系统。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.