Research On Continuous Authentication System Based On A Combination Of Keystroke And Mouse Behavior

In recent years,with the rapid development of Internet technology,the popularity of the Internet is unimaginable.Technologies such as instant messaging,e-commerce,and Internet of Things have been integrated into many aspects of human life,which makes humans increasingly rely on the Internet.However,the cybersecurity issues that come with it cannot be ignored.Statistically,there were hundreds of millions of users' data leaks from FaceBook,Acfun,and China Lodging in 2018,and various network viruses and worms are eroding every corners of the Internet.In order to prevent these kinds of security problems,the research of cybersecurity is of great significance.As the first gate of cybersecurity,authentication of users' identity is a powerful tool to protect users' personal information because it only allows authorized users to access.But there are many defects in the traditional identity authentication methods.So biometric methods are gradually becoming hot issues in recent research.Biometric,such as fingerprint recognition or face recognition,has an ideal performance needing no extra equipment,which has been widely used in our life.But it's a pity that these methods cannot continuously monitor the logged-in users,so it cannot ensure the security of the system continuously and effectively.However,biometric based on key-mouse behavior can easily achieve the continuously monitoring,and it is universal,low-cost,non-intrusive and easy to integrate.Therefore,this paper explores the continuous authentication on the features of the combination of keystroke and mouse behavior.In previous studies,most of the continuous authentication experiments were carried out within a single application under controlled environment,which would make the participants feel like they were on a mission,thus the data may not reflect the real input behavoirs of the users.And the continuous authentication based on single application also has some inherent limitations.Therefore,we used HOOK to collect a large amount of keystroke and mouse operation data produced by 42 people using their own personal computers in a period of 2 months under a totally uncontrolled environment.Then we carried out the data preprocessing work.For the given sample data,we extracted the features from three aspects: keystroke,mouse and key-mouse combination.For keystroke features,in addition to traditional monograph and digraph features,we also extracted the statistical features describing users' behavior to analyze the potential behavior of users.As to mouse features,we extracted features from single-click,double-click and drag for the lack of mouse data.And in the aspect of key-mouse combination,we extracted the features of mouse to keyboard interaction ratio,which can be used to describe the features of different applications.In this way,the classifiers can be used to distinguish different applications,thus completing the task of continuous authentication from single-application to multi-application.As for the extracted features,we innovatively used different feature selection methods for different models to eliminate invalid features for multiple models,ensure the robustness,and improve computational efficiency.In order to improve the authentication performance effectively for different users,we created multiple machine learning authentication models for each user,and use stacked generalization algorithm to fuse these models to get better authentication performance.And we constructed a model pool with these models,and set the evaluation indicators to select the best authentication model for each user automatically.The experimental results show that 10 of the 17 users have achieved perfect authentication performance,and the EER of 5 users is less than 1%,so the best models for users have reached state-of-the-art performance.In order to further enhance the robustness and performance of the best authentication model,we improved the current trust model algorithm,making the trust function be a continuous function of the authentication probability.It corrects the output probability for positive side and negative side based on the threshold,so that the trust changes in a relative balance state for both sides.Then,combining the authentication model with the improved trust model,we proposed the architecture of continuous authentication system.The results show that the continuous authentication system in this paper can identify all illegal users in the experiment only within an average of 269 operations.Meanwhile,the system lockout the legitimate users only after more than 2552 operations,which can be more friendly for legitimate users when they are using the system.In addition,we also innovatively explored the application of deep learning in the field of keystroke-based continuous authentication,by applying CNN and RNN to keystroke authentication.The CNN model took the keystroke matrix of monograph and digraph as input and adopted the multi-objective classification for identity recognition,and finally obtained the authentication accuracy rate of 98.1%.It indicates that CNN has significant advantages in the automatic extraction of adjacent keystroke features.The RNN model took the digraph of the legitimate user as input,used the Bi-LSTM cell to mine the implicit information of the keystroke sequence,and used the four transition times of the digraph as the target value,in order to fit the user's keystroke rhythm accurately.The results show that RNN requires more training data with high quality to fit a better model.However,by keeping length of the keystroke sequence unchanged,the RNN authentication model can still achieve nearly 0.18% EER,which indicates that RNN can still capture some implicit sequence information.Therefore,the ability of automatic feature extraction and sequence information mining of deep learning is still worthy studying and could be used in the field of keystroke authentication.