Importance of a Versatile Logging Tool for Behavioural Biometrics and Continuous Authentication Research

Importance of a Versatile Logging Tool for Behavioural Biometrics and Continuous Authentication Research

Soumik Mondal (Gjøvik University College, Norway), Patrick Bours (Gjøvik University College, Norway), Lasse Johansen (Gjøvik University College, Norway), Robin Stenvi (Gjøvik University College, Norway) and Magnus Øverbø (NTNU in Gjøvik, Norway)
DOI: 10.4018/978-1-5225-0703-1.ch013


We present the design and implementation of a Windows operating system based logging tool, which can capture the keystroke, mouse, software interaction and hardware usage simultaneously and continuously. Log data can be stored locally or transmitted in a secure manner to a server. Filter drivers are used to log with high precision. Privacy of the users and confidentiality of sensitive data have been taken into account throughout the development of the tool. Our behaviour logging software is mainly designed for behavioural biometrics research, but its scope could also be beneficial to proactive forensics and intrusion detection. We show the validity of the tool in a study of keyboard and mouse data uses for continuous authentication.
Chapter Preview


Facing an increasing number of computer users and cybercrime enabled by weak authentication mechanisms, a Continuous Authentication (CA) system that monitors a claimed user's identity throughout a session could be a stronger alternative. It is challenging enough to design a CA system, which is unobtrusive, user friendly (where the legitimate user is never or very infrequently locked out from the system) at the same time secure enough to detect any illegitimate user as soon as possible. There are many possible ways to implement a CA system, but behavioural biometrics are promising enough to achieve cost effectiveness (due to no special hardware required) and unobtrusiveness (Yampolskiy and Govindaraju, 2008). To create such a system, it is necessary to analyze a large amount of information about multiple users regarding how they interact with their computers. This information includes keystrokes, mouse handling, software interaction and hardware events. It is also necessary to focus on the input of the user via mouse and keyboard simultaneously to defend against an attacker avoiding detection by restricting to one input device because the system only checks the other input device (Acharya (2013), Bailey (2014), Jagadeesan (2009), Traore (2012)). Software Interaction and Hardware usage information could be used as a soft biometrics to improve the system performance (Jain et al., 2004).

Existing literature does not cover approaches well that combine both keyboard and mouse logging with arbitrary application interaction. The granularity of the measurements is sometimes too coarse for analysis with respect to behavioural biometrics. Surveying the literature, we found also that there is a lack of discussion about the capture software and the capture environment. Few of the articles provided information on the technology behind the capture software. Most of the datasets and tools used to capture are not publicly available. Hence, it is impossible to replicate their results and methodology. We address these issues and present a tool that combines different methods of interaction of a user with a computer, and we disclose implementation details so that the technologies used to capture keyboard, mouse, and application interaction can be employed in alternative implementations.

Most of the logging tools available at present can capture only mouse and keystroke information (Gamboa (2003), Garg (2006), Kukreja (2006)). According to our knowledge only AppMonitor (Alexander et al., 2008) can store software interaction, limited to two specific applications. Therefore, there is a strong demand within the behavioural biometrics based CA research community to design a logging tool which can capture the relevant users behaviour information and share the captured data with the research community for analysis. Based on our survey of related work, our tool Behaviour Logging Tool (BeLT) is the first tool which can capture extensive amounts of information, i.e. keyboard, mouse, arbitrary application interaction as well as certain hardware events, simultaneously and unobtrusively. Also, it gives users the choice to store the information either on the local computer or have it sent to a secure server.

Complete Chapter List

Search this Book: