Employee Surveillance Based on Free Text Detection of Keystroke Dynamics

Introduction

In recent years, many studies have highlighted the unprecedented growth in security threats from multiple and varied sources (Denning, 1987). Traditional protection mechanisms such as firewall and intrusion detection systems primarily focus on hacking threats originating from outside the organization network perimeter, whereas people inside the organization with ready access to confidential or proprietary data can easily violate the organization security policy, maliciously or inadvertently, without being caught (Ahmed, 2003; Ahmed, 2005). Hence, insiders pose the greatest challenge to data protection. It has been reported that insiders represent the sources of over half of the security and privacy breaches faced by most organizations. Malicious activity by an insider may expose his organization to credibility lost, or significant financial lost related to lost business or lawsuits.

In order to protect their reputation and valuable assets, many organizations take the dramatic but necessary step of deploying and operating employee surveillance and monitoring tools within their network perimeters (Zimmerman, 2002). The rationale behind such approach is that secure management of organization information assets largely depend on the behavior of the employees. Employees are typically involved in all aspects of information flows within an organization. They are producers or end-users of the organization information asset, and have easier access to it compared with outsiders. So mismanagement or misuse of such information by an employee can have devastating impact on the company.

One class of tools that have gained in popularity in the realm of employee surveillance technologies is keystroke monitor. Keystroke monitors can be used to generate and analyze two different kinds of information: the keystrokes data and the keystroke dynamics. The keystrokes data can be used to reconstruct the actual information typed by the user such as the commands or programs run, or the messages typed etc. Keystroke dynamics have so far been used, in existing surveillance technologies, only for employee work performance monitoring purpose by determining and logging, for instance, the employee typing speed. Prior research has shown that keystroke dynamics can also be used for protection. However, the focus of these research works has mostly been on using keystroke dynamics for authentication (Bleha et al., 1990; Brown, 1993; Bergadano, 2002).

We argue that keystroke dynamics could be used to fight effectively against insider threat, and as such it could play an important role in employee surveillance. To achieve this goal we need to go beyond the traditional approach of using keystroke dynamics for authentication or employee performance evaluation, and consider using such information for dynamic user profiling. The generated profiles can be used to identify reliably perpetrators in the event of security breach. Such form of user profiling provides a very effective way of combating insider threat that is less intrusive to individual privacy.