Abstract
Methods aimed at recognition of users are able to identify browsers or machines, but cannot distinguish physical persons. Multiple identities of single users are common on the Internet and this phenomenon decreases trustfulness of presented content as well as quality of provided services. This paper proposes a novel method for recognition of persons on the Web using input device usage patterns (keyboard, computer mouse, touchscreen), behavioral biometrics. The essential part of this method is a biometric component attached to the user model of an information system serving as a biometric identifier. The recognition of users relies in matching these components, specifically comparing values distribution shapes, which are characterizing users. The paper presents results of the method performance, which were obtained in a series of experiments focused on different aspects of evaluation (recognition rate, scalability, etc.). More specifically, a conducted case study shows application of the method to solve an issue in website visits analysis caused by erasing cookies.
Similar content being viewed by others
References
Ahmed, A.A.E., & Traore, I. (2007). A new biometric technology based on mouse dynamics. IEEE Transactions on Dependable and Secure Computing, 4(3), 165–179. https://doi.org/10.1109/TDSC.2007.70207.
Aksari, Y., & Artuner, H. (2009). Active authentication by mouse movements. In 2009 24th International Symposium on Computer and Information Sciences, pp. 571–574. https://doi.org/10.1109/ISCIS.2009.5291887.
Bours, P., & Fullu, C.J. (2009). A login system using mouse dynamics. In 2009 5th International Conference on Intelligent Information Hiding and Multimedia Signal Processing, pp. 1072–1077. https://doi.org/10.1109/IIH-MSP.2009.77.
Brown, M., & Rogers, S.J. (1993). User identification via keystroke characteristics of typed names using neural networks. International Journal of Man-Machine Studies, 39(6), 999–1014. https://doi.org/10.1006/imms.1993.1092.
Brusilovsky, P. (2001). Adaptive hypermedia. User Modeling and User-Adapted Interaction, 11(1), 87–110. https://doi.org/10.1023/A:1011143116306.
Brusilovsky, P., & Millán, E. (2007). The adaptive web. chap. User Models for Adaptive Hypermedia and Adaptive Educational Systems, pp. 3–53. Berlin: Springer-Verlag.
Burda, K., & Chuda, D. (2018). Influence of body postures on touch-based biometric user authentication. In Tjoa, A.M., Bellatreche, L., Biffl, S., van Leeuwen, J., & Wiedermann, J. (Eds.) SOFSEM 2018: Theory and Practice of Computer Science, pp. 459–468. Springer International Publishing.
Cha, S.H. (2007). Comprehensive Survey on Distance/Similarity Measures between Probability Density Functions. International Journal of Mathematical Models and Methods in Applied Sciences, 1(4), 300–307.
Chen, M.C., Anderson, J.R., & Sohn, M.H. (2001). What can a mouse cursor tell us more?: Correlation of eye/mouse movements on web browsing. In CHI ’01 Extended Abstracts on Human Factors in Computing Systems, CHI EA ’01, pp. 281–282. ACM, New York, NY, USA. https://doi.org/10.1145/634067.634234.
Chudȧ, D., & Krȧtky, P. (2014). Usage of computer mouse characteristics for identification in web browsing. In Proceedings of the 15th International Conference on Computer Systems and Technologies - CompSysTech ’14, pp. 218–225. ACM Press, New York, New York. USA. https://doi.org/10.1145/2659532.2659645.
Chudȧ, D., & Krȧtky, P. (2015). Grouping Instances in kNN for Classification Based on Computer Mouse Features. In Proceedings of the 16th International Conference on Computer Systems and Technologies, pp. 214–220. ACM.
Chudȧ, D., Krȧtky, P., & TvaroŻek, J. (2015). Mouse clicks can recognize web page visitors!. In Proceedings of the 24th International Conference on World Wide Web, WWW ’15 Companion, pp. 21–22. ACM, New York, NY. USA. https://doi.org/10.1145/2740908.2742749.
Clarke, N.L., & Furnell, S.M. (2006). Authenticating mobile phone users using keystroke analysis. International Journal of Information Security, 6(1), 1–14. https://doi.org/10.1007/s10207-006-0006-6.
Claypool, M., Le, P., Wased, M., & Brown, D. (2001). Implicit interest indicators. In Proceedings of the 6th International Conference on Intelligent User Interfaces, IUI ’01, pp. 33–40. ACM, New York, NY. USA. https://doi.org/10.1145/359784.359836.
De Luca, A., Hang, A., Brudy, F., Lindner, C., & Hussmann, H. (2012). Touch me once and i know it’s you!: Implicit authentication based on touch screen patterns. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI ’12, pp. 987–996. ACM, New York, NY. USA. https://doi.org/10.1145/2207676.2208544.
Eckersley, P. (2010). How unique is your web browser?, (pp. 1–18). Berlin: Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-642-14527-8_1.
Everitt, R.A.J., & McOwan, P.W. (2003). Java-based internet biometric authentication system. IEEE Transactions on Pattern Analysis and Machine Intelligence, 25(9), 1166–1172. https://doi.org/10.1109/TPAMI.2003.1227991.
Fairhurst, M., & Costa-Abreu, M.D. (2011). Using keystroke dynamics for gender identification in social network environment. In 4th International Conference on Imaging for Crime Detection and Prevention 2011 (ICDP 2011), pp. 1–6. https://doi.org/10.1049/ic.2011.0124.
Feher, C., Elovici, Y., Moskovitch, R., Rokach, L., & Schclar, A. (2012). User identity verification via mouse dynamics. Information Sciences, 201, 19–36. https://doi.org/10.1016/j.ins.2012.02.066.
Fettman, E. (2015). A sweet treat, but users delete: cookies and cookie deletion in google analytics. https://www.e-nor.com/blog/google-analytics/cookies-and-cookie-deletion-in-google-analytics. Accessed: 2016-12-16.
Frank, M., Biedert, R., Ma, E., Martinovic, I., & Song, D. (2013). Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication. IEEE Transactions on Information Forensics and Security, 8(1), 136–148. https://doi.org/10.1109/TIFS.2012.2225048.
Fulgoni, G. (2012). When the cookie crumbles. http://www.comscore.com/Insights/Blog/When-the-Cookie-Crumbles.
Gaines, R., Lisowski, W., Press, S., & Shapiro, N. (1980). Authentication by keystroke timing: some preliminary results. Tech. rep.: RAND Corporation.
Gamboa, H., & Fred, A. (2004). A behavioral biometric system based on human-computer interaction. Proceedings of SPIE 5404 Biometric Technology for Human Identification, 5404, 381–392. https://doi.org/10.1117/12.542625.
Gamboa, H., Fred, A.L.N., & Jain, A.K. (2007). Webbiometrics: User verification via web interaction. In 2007 Biometrics Symposium, pp. 1–6. IEEE. https://doi.org/10.1109/BCC.2007.4430552.
Gunetti, D., & Picardi, C. (2005). Keystroke analysis of free text. ACM Trans. Inf. Syst. Secur., 8(3), 312–347. https://doi.org/10.1145/1085126.1085129.
Hashiaa, S., Pollettb, C., Stampc, M., Hall, M.Q., Hashia, S., Pollett, C., Stamp, M., & Jose, S. (2005). On Using Mouse Movements As a Biometric. In Proceedings of the International Conference on Computer Science and its Applications, vol. 1.
Hogben, G. (2010). ENISA Briefing : Behavioural Biometrics. ENISA: Tech. rep.
Idrus, S.Z.S., Cherrier, E., Rosenberger, C., & Bours, P. (2014). Soft biometrics for keystroke dynamics: Profiling individuals while typing passwords. Computers & Security, 45, 147–155. https://doi.org/10.1016/j.cose.2014.05.008.
Jain, A.K., Ross, A., & Prabhakar, S. (2004). An introduction to biometric recognition. IEEE Trans. Cir. and Sys. for Video Technol., 14(1), 4–20. https://doi.org/10.1109/TCSVT.2003.818349.
Joyce, R., & Gupta, G. (1990). Identity authentication based on keystroke latencies. Communications of the ACM, 33(2), 168–176. https://doi.org/10.1145/75577.75582.
Kelly, D., & Belkin, N.J. (2004). Display time as implicit feedback: Understanding task effects. In Proceedings of the 27th Annual International ACM SIGIR Conference on Research and Development in Information Retrieval, SIGIR ’04, pp. 377–384. ACM, New York, NY. USA. https://doi.org/10.1145/1008992.1009057.
Krȧtky, P., & Chudȧ, D. (2016). Estimating Gender and Age of Web Page Visitors from the Way They Use Their Mouse. In WWW 2016 Companion, pp. 61–62. ACM.
Krȧtky, P., & Chudȧ, D. (2016). Fine-tuning web traffic statistics by deduplication and splitting of visitors records using mouse biometrics. In Proceedings of the 17th International Conference on Computer Systems and Technologies 2016, CompSysTech ’16, pp. 300–306. ACM, New York, NY. USA. https://doi.org/10.1145/2983468.2983500.
Krátky, P., Repiský, T., & Chudá, D. (2017). Is the visitor reading or navigating?. In Proceedings of the 18th International Conference on Computer Systems and Technologies, CompSysTech’17, pp. 80–87. ACM, New York, NY. USA. https://doi.org/10.1145/3134302.3134330.
Krishnamurthy, B., & Wills, C.E. (2006). Generating a privacy footprint on the internet. In Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement, IMC ’06, pp. 65–70. ACM, New York, NY, USA. https://doi.org/10.1145/1177080.1177088.
Lee, H.J., & Cho, S. (2007). Retraining a keystroke dynamics-based authenticator with impostor patterns. Computers & Security, 26(4), 300–310. https://doi.org/10.1016/j.cose.2006.11.006.
Lin, C.C., Chang, C.C., & Liang, D. (2012). A new non-intrusive authentication approach for data protection based on mouse dynamics. In 2012 International Symposium on Biometrics and Security Technologies, pp. 9–14. https://doi.org/10.1109/ISBAST.2012.11.
Mondal, S., & Bours, P. (2013). Continuous authentication using mouse dynamics. In 2013 International Conference of the BIOSIG Special Interest Group (BIOSIG), pp. 1–12.
Monrose, F., & Rubin, A. (1997). Authentication via keystroke dynamics. In Proceedings of the 4th ACM Conference on Computer and Communications Security, CCS ’97, pp. 48–56. ACM, New York, NY. USA. https://doi.org/10.1145/266420.266434.
Nakkabi, Y., Traore, I., & Ahmed, A.A.E. (2010). Improving mouse dynamics biometric performance using variance reduction via extractors with separate features. IEEE Transactions on Systems Man, and Cybernetics - Part A: Systems and Humans, 40(6), 1345–1353. https://doi.org/10.1109/TSMCA.2010.2052602
Nikiforakis, N., Joosen, W., & Livshits, B. (2015). Privaricator: deceiving fingerprinters with little white lies. In Proceedings of the 24th International Conference on World Wide Web, WWW ’15, pp. 820–830. International World Wide Web Conferences Steering Committee, Republic and Canton of Geneva, Switzerland. https://doi.org/10.1145/2736277.2741090.
Ord, T., & Furnell, S.M. (2000). User authentication for keypad-based devices using keystroke analysis. In Proceedings of the second international network conference (INC-2000), pp. 263–272.
Porter, F. (2008). Goodness-of-fit - pitfalls and power example: Testing Consistency of Two Histograms.
Pusara, M., & Brodley, C.E. (2004). User re-authentication via mouse movements. In Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, VizSEC/DMSEC ’04, pp. 1–8. ACM, New York, NY. USA. https://doi.org/10.1145/1029208.1029210.
Ratha, N.K., Connell, J.H., & Bolle, R.M. (2001). Enhancing security and privacy in biometrics-based authentication systems. IBM Systems Journal, 40(3), 614–634. https://doi.org/10.1147/sj.403.0614.
Revett, K., Jahankhani, H, de Magalhães, S.T., & Santos, H.M.D. (2008). A survey of user authentication based on mouse dynamics. https://doi.org/10.1007/978-3-540-69403-8_25.
Ruxton, G.D. (2006). The unequal variance t-test is an underused alternative to student’s t-test and the mann-whitney U test. Behavioral Ecology, 17(4), 688–690. https://doi.org/10.1093/beheco/ark016.
Sae-Bae, N., Ahmed, K., Isbister, K., & Memon, N. (2012). Biometric-rich gestures: a novel approach to authentication on multi-touch devices. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 977–986. ACM, New York, NY, USA. https://doi.org/10.1145/2207676.2208543.
Saevanee, H., & Bhatarakosol, P. (2008). User Authentication Using Combination of Behavioral Biometrics over the Touchpad Acting Like Touch Screen of Mobile Device. In 2008 International Conference on Computer and Electrical Engineering, pp. 82–86. https://doi.org/10.1109/ICCEE.2008.157.
Schulz, D.A. (2006). Mouse curve biometrics. In 2006 Biometrics Symposium: Special Session on Research at the Biometric Consortium Conference, pp. 1–6. https://doi.org/10.1109/BCC.2006.4341626.
Seo, S. (2006). A review and comparison of methods for detecting outliers in univariate data sets. Ph.D. thesis, Songwon Seo, M.S. University of Pittsburgh.
Shelton, J., Adams, J., Leflore, D., & Dozier, G. (2013). Mouse tracking, behavioral biometrics, and gefe. In 2013 Proceedings of IEEE Southeastcon, pp. 1–6. https://doi.org/10.1109/SECON.2013.6567457.
Shen, C., Cai, Z., Guan, X., & Maxion, R. (2014). Performance evaluation of anomaly-detection algorithms for mouse dynamics. Computers & Security, 45, 156–171. https://doi.org/10.1016/j.cose.2014.05.002.
White, R.W., Ruthven, I., & Jose, J.M. (2002). Finding relevant documents using top ranking sentences: An evaluation of two alternative schemes. In Proceedings of the 25th Annual International ACM SIGIR Conference on Research and Development in Information Retrieval, SIGIR ’02, pp. 57–64. ACM, New York, NY, USA. https://doi.org/10.1145/564376.564389.
Witten, I.H., Frank, E., & Hall, M.A. (2005). Data mining: practical machine learning tools and techniques. https://doi.org/10.1002/1521-3773(20010316)40:6<9823::AID-ANIE9823>3.3.CO;2-C.
Yu, E., & Cho, S. (2004). Keystroke dynamics identity verification—its problems and practical solutions. Computers & Security, 23(5), 428–440. https://doi.org/10.1016/j.cose.2004.02.004.
Zhang, Q., & Sun, S. (2010). A Centroid k -Nearest Neighbor Method. In Advanced Data Mining and Applications: 6th International Conference, ADMA 2010, pp. 278–285. Springer Berlin Heidelberg.
Zheng, N., Paloski, A., & Wang, H. (2011). An efficient user verification system via mouse movements. In Proceedings of the 18th ACM conference on Computer and communications security - CCS ’11, pp. 139–150. ACM Press. https://doi.org/10.1145/2046707.2046725.
Zheng, N., Paloski, A., & Wang, H. (2016). An Efficient User Verification System Using Angle-Based Mouse Movement Biometrics. ACM Transactions on Information and System Security, 18(3), 1–27. https://doi.org/10.1145/2893185.
Acknowledgements
This work was partially supported by the Slovak Research and Development Agency under the contract No. APVV-15-0508 and the grant No. VG 1/0646/15 and the grant No. VG 1/0667/18.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Krátky, P., Chudá, D. Recognition of web users with the aid of biometric user model. J Intell Inf Syst 51, 621–646 (2018). https://doi.org/10.1007/s10844-018-0500-0
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10844-018-0500-0