Importance of a Versatile Logging Tool for Behavioural Biometrics and Continuous Authentication Research

Introduction

Facing an increasing number of computer users and cybercrime enabled by weak authentication mechanisms, a Continuous Authentication (CA) system that monitors a claimed user's identity throughout a session could be a stronger alternative. It is challenging enough to design a CA system, which is unobtrusive, user friendly (where the legitimate user is never or very infrequently locked out from the system) at the same time secure enough to detect any illegitimate user as soon as possible. There are many possible ways to implement a CA system, but behavioural biometrics are promising enough to achieve cost effectiveness (due to no special hardware required) and unobtrusiveness (Yampolskiy and Govindaraju, 2008). To create such a system, it is necessary to analyze a large amount of information about multiple users regarding how they interact with their computers. This information includes keystrokes, mouse handling, software interaction and hardware events. It is also necessary to focus on the input of the user via mouse and keyboard simultaneously to defend against an attacker avoiding detection by restricting to one input device because the system only checks the other input device (Acharya (2013), Bailey (2014), Jagadeesan (2009), Traore (2012)). Software Interaction and Hardware usage information could be used as a soft biometrics to improve the system performance (Jain et al., 2004).

Existing literature does not cover approaches well that combine both keyboard and mouse logging with arbitrary application interaction. The granularity of the measurements is sometimes too coarse for analysis with respect to behavioural biometrics. Surveying the literature, we found also that there is a lack of discussion about the capture software and the capture environment. Few of the articles provided information on the technology behind the capture software. Most of the datasets and tools used to capture are not publicly available. Hence, it is impossible to replicate their results and methodology. We address these issues and present a tool that combines different methods of interaction of a user with a computer, and we disclose implementation details so that the technologies used to capture keyboard, mouse, and application interaction can be employed in alternative implementations.

Most of the logging tools available at present can capture only mouse and keystroke information (Gamboa (2003), Garg (2006), Kukreja (2006)). According to our knowledge only AppMonitor (Alexander et al., 2008) can store software interaction, limited to two specific applications. Therefore, there is a strong demand within the behavioural biometrics based CA research community to design a logging tool which can capture the relevant users behaviour information and share the captured data with the research community for analysis. Based on our survey of related work, our tool Behaviour Logging Tool (BeLT) is the first tool which can capture extensive amounts of information, i.e. keyboard, mouse, arbitrary application interaction as well as certain hardware events, simultaneously and unobtrusively. Also, it gives users the choice to store the information either on the local computer or have it sent to a secure server.