Understanding users' keystroke patterns for computer access security

“…Even such simple things as using timestamps to demonstrate time ordering of events within a single file system, which is required for most notions of causality, has been experimentally found problematic [4], while more complex attributions over networks have been broken down into different levels in order to identify analytical approaches for doing level 1 (closest computer involved), 2 (computer sourcing the datagrams), 3 (individual causing the level 2 computer to act as it did), and 4 (the organization behind the individual) attribution. [3] Authentication technologies have been used to try to tie actions to actors, but even biometric technologies are often problematic in terms of normal operation, [5] many of them yielding in the range of 2% false acceptance rates for authentication of one individual out of a few hundred candidates when high fidelity information over a long time frame is available.…”

“…The identification of inconsistencies and consistencies generally involves internal trace consistency (type C) and consistency with external "events" (type D). [11] Type C inconsistencies in messages include things like (1) messages with identical identification numbers or similar tags that have different sourcing or content, (2) identical headers with different bodies, (3) multiple messages with identical "unique" identifiers, (4) supposedly identical sources that travel in excess of realistic travel rates for the transport technology, (5) overly or underly consistent delay times in the apparent processing of messages, (6) ordering errors and differences in header sequences, (7) commonalities in messages with different identified sources and travel paths, (8) self-indicating integrity flaws like digital signature mismatches, (9) large numbers of messages with highly correlated content and headers that are supposed to be independent, and (10) travel patterns inconsistent with normal processing.…”

Attribution of Messages to Sources in Digital Forensics Cases

“…Even such simple things as using timestamps to demonstrate time ordering of events within a single file system, which is required for most notions of causality, has been experimentally found problematic [4], while more complex attributions over networks have been broken down into different levels in order to identify analytical approaches for doing level 1 (closest computer involved), 2 (computer sourcing the datagrams), 3 (individual causing the level 2 computer to act as it did), and 4 (the organization behind the individual) attribution. [3] Authentication technologies have been used to try to tie actions to actors, but even biometric technologies are often problematic in terms of normal operation, [5] many of them yielding in the range of 2% false acceptance rates for authentication of one individual out of a few hundred candidates when high fidelity information over a long time frame is available.…”

“…The identification of inconsistencies and consistencies generally involves internal trace consistency (type C) and consistency with external "events" (type D). [11] Type C inconsistencies in messages include things like (1) messages with identical identification numbers or similar tags that have different sourcing or content, (2) identical headers with different bodies, (3) multiple messages with identical "unique" identifiers, (4) supposedly identical sources that travel in excess of realistic travel rates for the transport technology, (5) overly or underly consistent delay times in the apparent processing of messages, (6) ordering errors and differences in header sequences, (7) commonalities in messages with different identified sources and travel paths, (8) self-indicating integrity flaws like digital signature mismatches, (9) large numbers of messages with highly correlated content and headers that are supposed to be independent, and (10) travel patterns inconsistent with normal processing.…”

Attribution of Messages to Sources in Digital Forensics Cases

“…A heavily explored approach in literature, in the "physical behavior" category, consists of generating a signature from the individual dynamics of keyboard use [6,7,8]. Basically, this method does not use the information being typed, but the rhythm in which it is typed -time gap between two key strokes and duration of a key stroke.…”

Trust Evaluation for Web Applications based on Behavioral Analysis

“…The temptation to commit fraud in e-learning occurs when the user does not have anything to protect or hide and the intention to cheat in achievement tests and even during the classes could be beneficial for the student [1], [2], [3]. Therefore, identification and authentication play an important role as the main tools for the e-learning system security, with two main purposes: to ensure that only permitted users can access the system and that the person being assessed is actually the one who should be [3].…”

An Improved Deniable Authentication Protocol Based on Generalized ElGamal Signature Scheme for E-Learning