Competition between SOM Clusters to Model User Authentication System in Computer Networks Shrijit S. Joshi Computer Science, Louisiana Tech University Ruston, LA, USA E-mail: ssj005@latech.edu Vir V. Phoha Computer Science, Louisiana Tech University Ruston, LA, USA E-mail: phoha@latech.edu Abstract—Traditional authentication systems employed on Internet are facing an acute problem of intrusions. In this context we propose a neural architecture for user authentication through keystroke dynamics. Proposed architecture consists of a set of self organizing maps where each user has a distinct map. Each map consists of n neurons in the input layer where n is the length of a keystroke pattern; however to determine the number of neurons in the output layer, a strategy is proposed. For authenticating claimed user, probable user(s) for a given pattern and the degree of similarity between the map of the claimed user and a given pattern are determined. Finally, a decision on the authenticity is made using threshold criteria. Evaluation results show the best false accept rate of 0.88% when false reject rate was 3.55% with authentication accuracy of 97.83%. An application scenario of the method in a computer network environment is also presented. Keywords-Keystroke dynamics, Self organizing map, User authentication, Computer security I. INTRODUCTION Traditional approaches for user authentication, such as knowledge-based and token-based user authentication systems, are unable to differentiate between a valid user and an impostor user as the knowledge or token can be lost or forgotten by a valid user and can be fraudulently acquired by an impostor user [1]. However keystroke dynamics [2] being a behavioral pattern exhibited by an individual while typing on keyboard, can neither be lost nor be forgotten by a valid user. In addition, user authentication through keystroke dynamics is appealing for many reasons such as it is not intrusive and it is relatively inexpensive to implement, since the only hardware required is keyboard [3]. A. Related Research The first suggested use of keystroke dynamics for user authentication appeared in 1974 [4]. Since then researchers have developed user authentication systems through keystroke dynamics using various pattern recognition techniques like neural networks [5-9], statistical classification techniques [10- 13], decision trees [14], and others [15]. However, the problem is still open, since most of the earlier methods have one of the following two problems: (i) For training the system, user has to either type a very long reference string or type a reference string for a long period of time or (ii) Entire system has to be retrained when a new user is registered to the system or when the typing pattern of the user changes with time. In [6-9], researchers have developed user authentication systems using back-propagation (BP) based neural networks. These authentication systems have to be entirely retrained when a new user is registered to the system or when the typing pattern of any user changes. Hence, situation where there is a high turnover of users, the down time associated with retraining can be significant. For training the system, methods proposed in [10-12, 16] require users to type a very long reference string and methods proposed in [7, 10-12, 15-18] require users to type the reference string for a long period of time. In order to provide a better solution for the above mentioned problems and to devise a system with lower error rates (various error rates of an authentication system are explained in Section VI.A), we propose a method using the concept of self organizing map (SOM). In our method (we call the proposed method as CSOMA i.e., Competition between Self Organizing Maps for Authentication) for training the system, user is required to type a reference string of 37 characters for nine consecutive times. CSOMA can add user to the system and can adapt to the changing typing pattern of the users without retraining the entire system. In addition, CSOMA provides a solution for several problems (problems are discussed in Section VII) associated with the authentication mechanisms currently employed on the Internet. B. Motivation for using Self Organizing Map for User Authentication through Keystroke Dynamics Artificial neural network (ANN) can be viewed as weighted directed graph in which a set of processing elements are neurons and directed edges are weights between neurons [19]. BP [19] and SOM [20] are the most widely used algorithms related to ANN research area. Classifiers built on SOM and BP have comparable error rates but the former classifier trains faster than the later one [21]. In addition, classifiers built on SOM have demonstrated effectively for the categorization of signal patterns such as methods proposed in [22-24] and their classification accuracy is at least as high as that of other pattern recognition approaches. In the context of computer user authentication through keystroke dynamics, keystroke events have a non-deterministic nature. Hence, modeling keystroke patterns with SOM, which This work is supported in part by the Army Research Office under Grant No. DAAD 19-01-1-0646