“User Identity verification via mouse dynamics”
Under the Guidance of –
Prof. D.V. Kodavade
Head & Associate Professor, Department of CSE,
D.K.T.E Ichalkaranji, Kolhapur.
Sumitted By –
Mr. Gorad Balwant Jaywant
M.Tech –II(CST),
Department of Technology, Shivaji University, Kolhapur.
Index Introduction
Choice of the topic
Literature Review.
System Architecture
System Requirement and Design
Implementation
Experiments and Results
Conclusion and Future Enhancements
Bibliography
List of Journals and Publications
2
Obviously, Everyone knows about the Hacking, and it is a crime,
Because no one wants to share all his private data with public.
And todays systems are not guarrenting the full security, Hackers
can easily steal the credentials of computer by using various
techniques such as phishing attack, key loggers and many more
different attacks.
This method gives one more security layer with addition to the
existing credentials of the system, so it provides better security to
the computers.
1. Introduction-
3
.
The drawback of normal identification methods that are
based only on credentials, leads to the introduction of user
authentication and verification techniques, that are based on
behavioral and physiological biometrics which are assumed to
be unique to each other and hard to steal.
So for good security we should perform authentication as well
as verification.
In this system, authentication is performed once during the
login to the computer while verification is performed
continuously throughout the session by drawing his/ her
private mouse dynamics.
Following table shows some of biometric techniques and their
accuracies.
4
Biometric
TechnologyAccuracy Cost
Device
RequiredAcceptability
Iris Recognition High High Camera Medium-low
Retinal Scan High High Camera Low
Face RecognitionMedium-
lowMedium Camera High
Voice Recognition Medium Medium Microphone High
Finger Print High Medium Scanner Medium
Signature
RecognitionLow Medium
Mouse, Optic
Pen, Touch
Panel.
High
Hand Geometry Medium-low Low Scanner High
Table No. 1 Overview of Biometric Technologies5
.
Currently most of the computer Systems and online websites
identifies the users by means of usernames and passwords/
PINS. But normally hackers can easily steal the password.
There are so many techniques which are used to hack the
username and passwords of the systems. Some of the techniques
are phishing, key loggers and many more.
So there is need to improve security level of existing computers.
This proposed approach gives one more additional security layer
to the existing security layer which uses mouse dynamics
verification.
2. Choice of the topic-
6
.
User verification can be of two types – either it physiological or
behavioral.
The drawback of physiological verification methods is that they
require dedicated hardware devices such as fingerprint sensors
and retina scanners which are expensive and are not always
available.
But Behavioral biometrics, on the other hand, do not require
special designated hardware since they use common devices such
as the mouse and keyboard.
Mouse verification can be used effectively than keyboard
dynamics, so user identity verification using mouse dynamics is
selected for proposed work.
7
.
Most common behavioral biometrics verification techniques are
based on:
(a) mouse dynamics [1] [2] [8], which are derived from the
user-mouse interaction and the focus of this implementation is
based on mouse dynamics of the user;
(b) keystroke dynamics [7] [10], which derive from the
keyboard activity; such frequency of key pressing, typing
speed, etc and
(c) software interaction, which rely on features extracted
from the interaction of a user with a specific software tool.
3. Literature Review-
8
.
3.1 Mouse Based Approaches
This type of Authentication methods, identifies users at login
based on a predetermined sequence of mouse operations that
the user needs to follow.
During training, the features of mouse operation for the
particular user is stored. These features are used to
characterize the user during the verification. During
verification, the user is required to follow the same sequence.
Two types of mouse based approaches we have-
9
.
3.1.1. Explicit learning methods- Author Hashia [13]
used a sequence composed of pairs of points. Each user
was required to move the mouse between the first and
second point in each pair where features were extracted
from each movement.
The method proposed by Gamboa [12] required the users
to enter a username and a pin number using only the
mouse via an on-screen virtual keyboard. Authentication
combined the credentials and the mouse dynamics of
their entry.
3.1.2. Implicit learning methods- Pusara and Bordley [15]
explained a method to detect anomalous behavior
using the current user's mouse movements.
10
.
3.2 Keyboard and Software Approaches-
Alternative approaches to user verification utilize keyboard
dynamics and software interaction characteristics.
Ling, Luiz[7] and Chan and Han[10] implemented methods based
on keyboard dynamics, for example, features considered are
latency between consecutive keystrokes, typing speed, flight
time, dwell time - all based on the key down/press/up events.
Keyboard-based methods are divided into methods that analyze
the user behavior during an initial login attempt and methods that
continuously verify the user throughout the session.
11
Before the discussion of proposed system and its architecture, let
us discuss something about general behavioral biometrics system.
A biometric- system is essentially a pattern recognition system
that acquires biometric data from an individual, extracts a feature
set to establish a unique user signature and constructs a
verification model which classifies authenticated user and non
authenticated user.
Fig.1 shows the general behavioral biometric system
4. System Architecture-
12
Such systems include the following components:
Feature acquisition – captures the events generated by the
various input devices used for the interaction (e.g. Keyboard,
mouse) via their drivers.
Feature extraction – constructs a signature which characterizes
the behavioral biometrics of the user.
Similarity Match / Decision Taker – This is used to build the
user verification model, which will take a decision about either
computer system will shut down or it will continue the work.
During verification, this model is used to classify new samples
acquired from the user.
Signature database – A database of behavioral signatures that
were used to train the model. Upon entry of a username, the
signature of the user is retrieved for the verification process.
13
4.1 The Proposed System Architecture
Figure.2 Architecture of Proposed System14
The system is classified mainly into four components, which are
as follows.
4.1.1 Feature acquisition – System captures the events
generated by the various input devices used for the interaction
(e.g. Keyboard, mouse) via their drivers. This Approach totally
prefers mouse interaction with computer systems as shown in
fig. 2.
(i) Mouse-move Event(m) (ii) Left Button down(ld)
(iii) Right Button down Event(rd) (iv) Left Button up(lu)
(v) Right Button up Event(ru) (vi) Silence(s)
15
.
4.1.2. Feature Extraction – constructs a signature which
characterizes the behavioral biometrics of the user. Please
refer fig. 2 to get overall idea of feature extraction from users
mouse dynamics.
Higher level features incorporate dependencies between
lower-level ones which help to characterize more accurately
every user.
For Example, a mouse left click contains two low level
events such as left down and left up.
Second example we would like to give that, MMS (Mouse
Move Sequence) is composed of multiple mouse move
events in between silence interval is present.
16
.
In the proposed hierarchy, Following are the features are
considered for extraction.
Left Clicks (LC)
Right Clicks (RC)
Double Clicks (DC)
Mouse Move (MM)
Area under Curve (AUC)
Eccentricity (ECC)
Total Time (TT)
17
I. Left Clicks (LC) – refers to the action of clicking on the left
mouse button. This action consists of a left button down event
followed by a left button up event taking place within specified
τLC seconds from the button down event.
Formally,
Where ld = left down, lu = left up, m1, m2 ...mn = mouse
move events and τLC = specified time interval
Fig. 3 Left Click feature
18
II. Right Clicks (RC) – refers to the action of clicking on the
right mouse button. This action consists of a right button down
event followed by a right button up event taking place within
specified τRC seconds from the button down event.
Formally,
Where rd = right down, ru = right up, m1, m2 ... mn = mouse
move events and τRC = specified time interval
Fig. 4 Right Click feature
19
III. Double Clicks (DC) - is composed of a two consecutive
left clicks or right clicks in which the mouse-up of the first click
and the mouse-down of the second one occur within an
interval of τI seconds.
Formally:
Fig. 5 Left Click feature
20
IV. Mouse Move (MM) - A sequence of mouse-move events
followed by silence time σ.
Formally,
MM = MMS.σ
Fig. 6 Left Click feature
21
V. Area Under Curve (AUC) – Actual number of pixels in the
region.
The initial value of pixel is 0; That is currently Area = 0;
Formally,
Current Area = Current Area + 100/(Image Height * Image Width)
Pixels = Image.getPixel(x1,y1)
Where x1 < Width of image and y1 < Height of Image
22
VI. Eccentricity (ECC) –
The ratio of the distance between the foci of the ellipse
and its major axis length.
Eccentricity of an ellipse is a measure of how nearly
circular the ellipse. It is found by following formula,
Eccentricity (ECC) = C/A
Where C is the distance from the center to focus of the
ellipse and A is the distance from center to vertex.
Fig. 7
Eccentricity
23
VII. Total Time (TT) – This feature calculates the approximate
time required to draw a mouse dynamics to the trusted third
user. Standard timer is used in the C# language to calculate the
time required to draw a mouse signature. For Example timer
starts when the respective form loads and it stops when we
press the Extract button which is present on standard GUI.
So total time required to draw a signature can be
Calculated is as follows
Total Time (TT) = T2-T1
Where
T2 = Time When we finish the Signature And
T1=Time when we start the drawing
Signature (When form loads).
24
4.1.3. Similarity Match / Decision Taker –
This is used to build the user verification model by using a
considerable threshold. During verification, this model is used to
classify new samples acquired from the user.
As we know we can‟t draw the same signature every time with a
pen also, so it‟s very difficult to draw the same signature by mouse
into the canvas, So threshold plays an important role in this approach.
A Classifier /similarity match takes the decision either system
has to continue the login or logout based on a similarity match
between the user dynamics drawn during the registration and during
the verification.
This component takes the value of the percentage of Matching
(POM) from the previous step and decides either computer will shut
down or it will continue the login as shown in fig. 2
25
So, Percentage of Match (POM) is calculated with the help
of following formula.
Final Percentage of Matching (POM) =
POM (in LC) + POM (in RC) + POM (in DC) + POM
(in MM) + POM (in AUC) + POM (in ECC) + POM (in TT) .
Another Factor used in Classifier is PVM (Predefined Value Set for
Matching), This can be decided by administrator of the system
PVM is the criteria to set the security level.
IF POM≥ PVM… User Access to computer is Granted
Else User Access is Denied
26
This whole process should perform multiple times, so that trusted
third parties will get more chances to prove his/her authentication
and illegal users will have more difficulties to prove he/ she is an
authorized multiple times.
The final decision taken by the decision taker (either it is
authenticated or not authenticated) will get the decision on his/her
registered mobile. Also what action took by the system it will also
be conveyed, Action may be computer system remains login or it is
going to shut down.
Following two Conditions may be there.
Condition Message on Mobile Action Taken by Decision Taker
Table2. Decision Table27
Software Requirements
Operating System:
Windows 2000/XP/2003/Vista/7/8
Microsoft Visual Studio 2008, 2010
(MS VS2010 Recommended)
Microsoft SQL Server 2005/ 2008
(2008 Recommended)
Microsoft Visio 2010 suite.
Hardware Requirements
Minimum Requirements:
Intel Pentium 4 & above
1 GHz processor
512 MB RAM
Recommended system:
Intel Core i3 or Above processor,
4 GB RAM or Above
Hard Disk Drive 320 GB
Optical Mouse (Recommended)
Intel processor is recommended for better performance.
5. SYSTEM REQUIREMENTS AND DESIGN
28
5.1 Design using Dataflow diagrams
Fig. 8 Data flow diagram for
registration
Fig. 9 Data flow diagram for
verification29
5.2 Activity Diagram
Fig. 10 Activity diagram of registration process
Fig. 11 Activity diagram of verification process30
5.3 Project Flow Diagram
Fig. 12 Project flow diagram 31
6. IMPLEMENTATION
The implementation of the proposed system is carried out using
C# programming language and by using Microsoft Visual Studio 2010
editor.
6.1. Implementation of Mouse Database
The database usually contains unlimited tables and in one table
usually can store unlimited users. Along with users their mouse
signature features are also maintained.
During the verification phase the stored features of particular
users can be retrieved for verification with the help of the username.
So it‟s mandatory to give unique username during the registration
phase.
The database can be created with Microsoft SQL Server 2008
which is inbuilt in visual studio 2010.
32
Table NoName of
databaseTable names Name of the columns Purpose of creation
1 MouseDB AddUserTable
Id, username, password,
Mobile, Signature,
question, ans
To Add New User into
System.
2 MouseDB feature
User_name, Area,
Double_clk, Eccentricity,
mouse_mvc,
Total_time,Left_clk,
Right_clk
To Store the features
those are extracted from
user drawn mouse
dynamics / mouse
signature.
3 MouseDB chk chk, matchTo check valid matching
or invalid matching.
4 MouseDB count1 count, validity
To check number times
valid verification and the
number of times invalid
verification.
5 MouseDB MainLogin UserNm,UserPassTo access the system, its
main login to system.
6 MouseDB temp username, pathTo store the mouse
signature image path.
Table3. Database tables
33
6.2 Graphical User Interface Implementation
The project entitled “User Identity Verification via mouse
Dynamics” is divided into several modules as we consider for
implementation such as Registration of user, Drawing Signature,
Extracting the Features and Storing signature in Mouse Database,
User Verification, Decision Taking, etc.
Following video will shows us the GUI of this system and how
this system will work.
34
35
7. EXPERIMENTS AND RESULTS
Experiment 1-
This first experiment is conducted to test the authentication
and non authentication for the respective users.
Obviously if the user is able to draw the same dynamics then
and then only user will be authenticated else it is not
authenticated.
Same Username, Password, Mobile Number and Favorite
Number are used to conduct the experiment.
Fig. 13 Sign during registration Fig. 14 Sign during verification
36
Sr.
NoFeatures Extracted
Value During
Registration
Value During
VerificationFinal Decision
1. Left Clicks (LC) 14 03
16% Match
Not
Authenticated
User
2. Right Clicks (RC) 6 0
3. Double Clicks (DC) 4 0
4.Mouse Move (MM)
pixels1147 1013
5.Area Under Curve
(AUC) pixels31562 22801
6. Eccentricity (ECC) 0.4778 -0.0957
7.Total Time (TT)
Seconds19 17
Table.4 Result of experiment 1
37
Experiment 2-
This second experiment is conducted to test the authentication
and non authentication for the respective users if they are drawing
same signature.
Obviously if the user is able to draw the same dynamics then
and then only user will be authenticated else it is not
authenticated. Also same username, password, mobile number
and favorite number are used to conduct the experiment.
Fig. 15 Sign during registration Fig. 16 sign during verification38
Table.5 Result of experiment 2
Sr. No Features ExtractedValue During
Registration
Value During
VerificationFinal Decision
1. Left Clicks (LC) 14 14
88% Matched
Authenticated
user
2. Right Clicks (RC) 6 6
3. Double Clicks (DC) 4 4
4.Mouse Move (MM)
pixels1147 1085
5.Area Under Curve
(AUC) pixels31562 31320
6. Eccentricity (ECC) 0.4778 0.5172
7.Total Time (TT)
Seconds19 18
39
Experiment 3
This is a general experiment, in this experiment different
possibilities of signature drawing are considered. A set of
signatures has been taken to test it with stored signature in a
database. In such cases the matching gives a similarity value
depends on how the signature is drawn by the user.
Fig.17 Registered user signature for experiment 3
40
Sr.
NoUser Signatures
% of
Match
Sr.
NoUser Signatures
% of
Match
1 28% 4 88%
2 88% 5 43%
3 85% 6 82%
Fig.18 General Experiment with results41
8. CONCLUSION AND FUTURE ENHANCEMENTS
8.1 Conclusion
A novel method for user verification based on mouse activity
is implemented in this work. Common mouse events performed in
a GUI environment by the user is collected and a hierarchy of
mouse actions is defined based on the raw events.
In order to characterize each action, features are extracted.
A two-layer verification system is implemented. The system
employs a feature extraction in its first layer and a decision
module in the second one in order to verify the identity of a user.
The implemented method is evaluated using a dataset that is
collected from a variety of users and hardware configurations.
42
As per experiments conducted, better accuracy is achieved than
histogram technique. The observation in experiment 3.2, 3.3, 3.4
and 3.6, shows that better accuracy is observed when the
respective user is trying to behave as the same what he behaved
during the registration.
In experiment 3.2, the achieved accuracy is 88%, Experiment
3.3 it is 85%, Experiment 3.4 it is 88% and Experiment 3.6 it is
82%. As per experiments conducted experiment 1, 3.1 and 3.5,
accuracy is collapsing if user tries to misbehave, which is shown in
results of experiment 1, the achieved accuracy is 16%,
Experiment 3.1 accuracy is 28% and Experiment 3.5 accuracy is
43%, which is less than the predefined threshold, hence it is a sign
to the computer system that it will no longer continue.
43
8.2 Future Enhancements
In the following we describe several issues that need further
investigation in mouse-based verification methods.
The original actions intended by the user are logged neither by
software nor by observing the user while performing the actions.
Accordingly, they are heuristically reconstructed from the raw events
which may produce some non-credible actions.
Additionally, the obtained actions may vary between different
hardware configurations (e.g. Optical mouse, touch pad). In order to
obtain a higher percentage of credible actions, the parameters that
define them should be determined by a more rigorous method.
44
8.3 Applications
Due to the advances in technology, it is quite easy to crack the
security systems available today. Biometrics is the only mechanism
which is comparatively more secure than other traditional methods.
Also it provides one more additional security layer to the
existing security layer. This system aimed at improving the security of
the biometric system that uses mouse dynamics/ mouse signature
features. The applications of this system are not limited to a specific
area.
Some of the applications are as follows.
Banking sector, Any kind of electronic devices- From desktop
computers to PDAs, Mobile to palmtops, Research laboratories,
Electronic voting machines, ATM counters, Emails and many more..
45
9. BIBLIOGRAPHY
9.1 Document References
1. Clint Feher, Yuval Elovici, Robert Moskovitch, Lior Rokach, Alon Schclar, “User
identity verification via mouse dynamics”, Information Sciences 201 (2012)
19–36.
2. Chao Shen, Zhongmin Cai, Xiaohong Guan, Youtian Du, and Roy A. Maxion,
User Authentication Through Mouse Dynamics. IEEE TRANSACTIONS ON
INFORMATION FORENSICS AND SECURITYVOL. 8, NO. 1, Jan 2013
3. Zach Jorgensen and Ting Yu, On Mouse Dynamics as a Behavioral Biometric for
Authentication. ACM 978-1-4503-0564-8/March 2011.
4. Z. Jorgensen, T. Yu, “On mouse dynamics as a behavioral biometric for
authentication, in: Proceedings of the Sixth ACM Symposium on Information,
Computer, and Communications Security” (AsiaCCS), March 2011
5. M. De Marsico, M. Nappi, D. Riccio, G. Tortora, NABS: “novel approaches for
biometric systems, IEEE Transactions on Systems, Man, and Cybernetics”, Part
C: Applications and Reviews 41 (4) (2011) 481–493.
46
6. Saurabh Singh, Dr K V Arya, “Mouse Interaction based Authentication System by Classifying the Distance
Traveled by the Mouse” International Journal of Computer Applications (0975 – 8887) Volume 17– No.1,
March 2011
7. Lívia C. F. Araújo, Luiz H. R. Sucupira Jr., Miguel G. Lizárraga, Lee L. Ling, andJoão B. T. Yabu-Uti, “User
Authentication through Typing Biometrics Features, IEEE Transactions on Signal Processing”, Vol. 53, No.
2, February 2005
8. P. Bours, C.J. Fullu, “A login system using mouse dynamics, in: Fifth International Conference on Intelligent
Information Hiding and Multimedia Signal Processing”, 2009, pp. 1072–1077.
9. S. Bleha, C. Slivinsky, B. Hussein, “Computer-access security systems using keystroke dynamics, IEEE
Transactions on Pattern Analysis and Machine Intelligence” 12 (12) (1999) 1217–1222.
10. S. Cho, C. Han, D.H. Han, H.I. Kim, “Web-based keystroke dynamics identity verification using neural
network, Journal of Organizational Computing and Electronic Commerce” 10 (4) (2000) 295–307.
11. L. Ballard, D. Lopresti, F. Monrose, “Evaluating the security of handwriting biometrics, in: The 10th
International Workshop on Frontiers in Handwriting Recognition” (IWFHR „06), La Baule, France, 2006.
12. H. Gamboa, A. Fred, “An identity authentication system based on human computer interaction behavior, in:
3rd International Workshop on Pattern Recognition on Information Systems”, 2003, pp. 46–55.
13. S. Hashia, C. Pollett, M. Stamp, “On using mouse movements as a biometric, in: Proceeding in the
International Conference on Computer Science and its Applications”, vol. 1, 2005.
14. A.A.E. Ahmed, I. Traore, “A new biometric technology based on mouse dynamics, IEEE Transactions on
Dependable and Secure Computing” 4 (3) (2007) 165–179.
15. Maja Pusara, Carla E. Brodley, “User Re-Authentication via Mouse Movements”, SEC/DMSEC'04, October
29, 2004, Washington, DC, USA. Copyright 2004 ACM 1-58113-974-8/04/0010
47
9.2 Web References
[W1]. http://www.google.co.in/
[W2]. http://www.csharpcorner.com/
[W3]. http://www.stackoverflow.com/
[W4]. http://www.wikipedia.com/
[W5].http://www.codeproject.com/
48
10. LIST OF JOURNALS AND PUBLICATIONS
1. “User Identity Verification Using Mouse Signature” in the
International Organization of Scientific Research (IOSR) e-ISSN:
2278-0661, p- ISSN: 2278-8727Volume 12, Issue 4 (Jul. - Aug.
2013).
49
Thank You Very Much
50