User authentication based on representative users

Alon Schclar, Lior Rokach, Adi Abramson, Yuval Elovici

Research output: Contribution to journalArticlepeer-review

13 Scopus citations


User authentication based on username and password is the most common means to enforce access control. This form of access restriction is prone to hacking since stolen usernames and passwords can be exploited to impersonate legitimate users in order to commit malicious activity. Biometric authentication incorporates additional user characteristics such as the manner by which the keyboard is used in order to identify users. We introduce a novel approach for user authentication based on the keystroke dynamics of the password entry. A classifier is tailored to each user and the novelty lies in the manner by which the training set is constructed. Specifically, only the keystroke dynamics of a small subset of users, which we refer to as representatives, is used along with the password entry keystroke dynamics of the examined user. The contribution of this approach is twofold: it reduces the possibility of overfitting, while allowing scalability to a high volume of users. We propose two strategies to construct the subset for each user. The first selects the users whose keystroke profiles govern the profiles of all the users, while the second strategy chooses the users whose profiles are the most similar to the profile of the user for whom the classifier is constructed. Results are promising reaching in some cases 90% area under the curve. In many cases, a higher number of representatives deteriorate the accuracy which may imply overfitting. An extensive evaluation was performed using a dataset containing over 780 users.

Original languageEnglish
Article number6392468
Pages (from-to)1669-1678
Number of pages10
JournalIEEE Transactions on Systems, Man and Cybernetics Part C: Applications and Reviews
Issue number6
StatePublished - 1 Dec 2012


  • Behavioral biometric
  • computer security
  • keystrokes biometric
  • user authentication

ASJC Scopus subject areas

  • Control and Systems Engineering
  • Software
  • Information Systems
  • Human-Computer Interaction
  • Computer Science Applications
  • Electrical and Electronic Engineering


Dive into the research topics of 'User authentication based on representative users'. Together they form a unique fingerprint.

Cite this