Article Preview
TopAuthentication using behavioural patterns like keystroke dynamics and computer mouse usage dynamics has been studied by number of researchers. The purpose of such methods is to improve security of password protected accounts. In general, scheme of authentication system includes gathering data of an authorizing user and comparing it with the user’s template model stored in a database in order to prove or reject his/her identity. We can recognize two types of authentication – static and dynamic. Static authentication is performed only at login time when he/she enters the code to unlock the account. For example, rhythm of typing the password is checked. Dynamic or continuous authentication is performed while the user works with the system, such as free text typing or various actions doing with the mouse.
Studied behavioural patterns generated by keyboard show decent performance in the terms of verification based on credentials typing (Joyce & Gupta, 1990; Chudá & Ďurfina, 2009; Shanmugapriya & Padmavathi, 2010) and even free text typing (Gunetti & Picardi, 2005).
Web-based applications (and e-learning systems with no exception) are controlled by computer mouse most of the time, so we put emphasis on this area of research. Research works in this field are aimed at continuous verification mostly. A basic method proposed in (Pusara & Brodley, 2004) embraces gathering of mouse events and calculating characteristics such as distance, duration and angle for a window of N points. In other works mouse events are organized into various high-level actions – strokes for bordered movement data (Gamboa & Fred, 2004), four common actions point & click, drag & drop, movement and silence (Ahmed & Traore, 2007) or more complex hierarchy of actions (Feher, 2012). Calculated characteristics for movement actions are based on distance, duration and angle between two consecutive points. Usually, the template model is represented by a feature vector, which holds values of the characteristics of aggregated actions. Classification whether the test model belongs to the user who claims his/her identity (or matches the trained template model) is mostly performed using decision trees (Pusara & Brodley, 2004; Feher, 2012), neural networks (Ahmed & Traore, 2007), SVM classifier (Mondal, 2012, Lin, 2012) or using statistical approach such as distribution comparison (Gamboa & Fred, 2004).