Security: DArPA

I dentity verification for access control presents a trade-off between maximizing the probability of intruder detection and minimizing the cost for the legitimate user in terms of distractions and hardware requirements. In recent years, researchers have extensively explored behavioral biometric systems to address this challenge. 1 These systems rely on input devices, such as the keyboard and mouse, that are already commonly available with most computers. However, their performance in terms of detecting intruders and maintaining a low-distraction human-computer interaction (HCI) experience has been mixed. 2 We consider the real-time application of this technology for active authentication. As a user begins interacting with the machine, the classification system collects behavioral biometrics from the interaction and continuously verifies that the current user has access permission on the machine. This approach adds an extra layer of distraction-less access control in environments where a computer is at a risk of being intermittently accessed by unauthorized users. We employ four classes of biometrics: key-stroke dynamics, mouse movement, stylometry, and Web browsing. Depending on the task in which the user is engaged, some of the biomet-ric sensors might provide more data than others. For example, as the user browses the Web, the mouse and Web browsing sensors will be Securit y: DArPA actively flooded with data, while the keystroke dynamics and stylometry sensors might only get a few infrequent updates. This observation motivates the recent work on multimodal au-thentication systems, which fuses together decisions from multiple classifiers. 3 Our approach is to apply the Chair-Varshney decision-fusion rule 4 to combine available multimodal decisions. Furthermore, we are motivated by Kamal Ali and Michael Pazzani's work, 5 which shows that using distinctly different classifiers (that is, different behavioral biometrics) helps reduce error rates. The sensors we consider here span different levels and directions for profiling: linguistic style (stylometry), mouse movement patterns, keystroke dynamics, and Web browsing behavior. Each type of sensory input has a different requirement in terms of the volume of input data, nature of the collected data (mouse events, keystrokes, and different usage statistics), and performance. Following the commonly used classification of biometrics, we refer here to the mouse and keystroke dynamics sensors as " low-level " and to the website domain frequency and stylometry sensors as " high-level. " The low-level sensors we used were • M1: the mouse curvature angle, • M2: the mouse curvature distance, • M3: the mouse direction, • K1: …