70 likes | 243 Views
Research Experiment Design Sprint: Keystroke Biometric Intrusion Detection. Ned Bakelman Advisor: Dr. Charles Tappert. Problem Statement. Using Keystroke Biometrics, how quickly and accurately can the unauthorized use of a computer be determined?
E N D
Research Experiment Design Sprint: Keystroke Biometric Intrusion Detection Ned Bakelman Advisor: Dr. Charles Tappert
Problem Statement Using Keystroke Biometrics, how quickly and accurately can the unauthorized use of a computer be determined? In other words, how quickly and accurately can the unauthorized use of a computer by an intruder be detected using Keystroke Biometrics?
Background • DARPA (Defense Advanced Research Projects Agency) through their Cyber Genome Program is funding research in computer intrusion detection • This includes the use of keystroke analysis • Pace University has developed a keystroke biometrics system for text input • Studies have shown that 300 keystrokes provides good accuracy • The Pace Keystroke Biometric System (PKBS) has been updated to handle completely free (application independent) keystroke samples DARPA, Cyber Genome Program, DARPA-BAA-10-36, 2010 Foxnews.com, Chiaramonte, Perry,http://www.foxnews.com/scitech/2011/10/07/us-military-drones-infected-with-mysterious-computer-virus, last updated: October 7, 2011 CNN.com, Lawrence, Chris, http://www.cnn.com/2011/10/10/us/military-drones-virus/index.html?eref=rss_politics&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+rss%2Fcnn_allpolitics+%28RSS%3A+Politics%29&utm_content=Google+Feedfetcher, last updated: October 10, 2011
Methodology • Monitor each computer and continuously authenticate the user from their keystroke input • Assume one authorized user per computer • An intruder is defined as someone other than the authorized user • Each authentication event is viewed as a window which can occur several times within a short period of time. We want to detect an intruder during each passing of a window.
Intruder Scenarios • User Bob leaves his office for lunch with his computer running and unlocked • Intruder Trudy sits down at Bob’s desk and uses the computer while Bob is at lunch • Trudy may perform less malicious activities such as using the computer to type documents, surf the web, check her Facebook account, etc. • Trudy may perform very malicious activities such as sending emails impersonating Bob, entering fake claims in an expense tracking system, attempting to steal passwords or account info that Bob may have saved on his computer to gain access to personal or company bank accounts, etc.
Research Experiment Design Sprint • Design experiments to investigate the problem statement regarding the intruder scenarios • Ideas • What unique keywords or commands might an intruder key in to detect passwords, accounts, etc? • What mouse behavior or web activity (searches, etc.) might an intruder perform? • These would be activities not typical of a true user • Also • Keystroke entry is a time series event • How would you simulate the time series keystroke data of an authentic user with intruder data?
Normal User versus Intruder User • What is normal or typical user activity • Email, word processing, spreadsheet entry, web surfing, etc. • What is intruder activity • Are there special characteristics? • Can they be distinguishable from normal activity? • Can special characteristics of intruder data be used to assist with intruder detection? If so, how?