User Authentication Through Biometric Sensors and Decision Fusion Sayandeep Acharya * , Lex Fridman * , Patrick Brennan † , Patrick Juola † , Rachel Greenstadt * and Moshe Kam * * Drexel University Philadelphia, PA Email: {sa427, lexfridman, greenie, moshe.kam}@drexel.edu † Juola & Associates Pittsburgh, PA 15282 Email: {pjuola, pbrennan}@juolaassoc.com Abstract—The interaction between humans and most desktop and laptop computers is often performed through two input devices: the keyboard and the mouse. Continuous tracking of these devices provides an opportunity to verify the identity of a user, based on a profile of behavioral biometrics from the user’s previous interaction with these devices. We propose a bank of sensors, each feeding a binary detector (trying to distinguish the authentic user from all others). In this study the detectors use features derived from the keyboard and the mouse, and their decisions are fused to develop a global authentication decision. The binary classification of the individual features is developed using Naive Bayes Classifiers which play the role of local detectors in a parallel binary decision fusion architecture. The conclusion of each classifier (’authentic user’ or ’other’) is sent to a Decision Fusion Center (DFC) where we use the Neyman-Pearson criterion to maximize the probability of detection under an upper bound on the probability of false alarms. We compute the receiver operating characteristic (ROC) of the resulting detection scheme, and use the ROC to assess the contribution of each individual sensor to the quality of the global decision on user authenticity. In this manner we identify the characteristics (and local detectors) that are most significant to the development of correct user authentication. While the false accept rate (FAR) and false reject rate (FRR) are fixed for the local sensors, the fusion center provides trade-off between the two global error rates, and allows the designer to fix an operating point based on his/her tolerance level of false alarms. We test our approach on a real-world dataset collected from 10 office workers, who worked for a week in an office environment as we tracked their keyboard dynamics and mouse movements during interaction with laptops and desktop computers. Keywords—Decision Fusion, Behavioral Biometrics, Active Au- thentication, Binary Classification. I. I NTRODUCTION The tracking of behavioral biometrics for continuous veri- fication of a user’s identity has received considerable attention in recent years [1]. By monitoring actively metrics such as keyboard dynamics and mouse movements, classification of user as authentic or non-authentic has achieved accuracy on par with more traditional non-continuous approaches [2]. One popular non-continuous approach is for the user to verify his/her identity by typing a password or a common fixed phrase. The authentication system then estimates whether the user is who s/he claims to be by analyzing the biometric parameters associated with the typing of the password/phrase. Continuous ”active authentication”, on the other hand performs verification of the user steadily, based on a set of metrics collected during previous interaction with the computer, or up- dated based on known-user behavior. Due to the unconstrained nature of human-computer interaction, a single biometric is usually not sufficiently robust to determine the user’s identity. For that reason, many active authentication systems are (a) multi-modality, namely they monitor multiple features of a single type of biometric [3], and (b) multi-biometric, namely they consider more than one type of biometric [4]. In this study we consider multi-modality multi-biometric model for interaction with a computer through a mouse and keyboard. We evaluated our algorithms using a dataset collected from office workers in a real-world office environment. Each user is represented through features collected from the user’s keyboard dynamics and mouse movements. We fuse these features using established algorithms for parallel binary decision fusion [5], [6]. The Receiver Operating Characteristic (ROC) helps quantify the relative importance of each biometric and each feature. In §II, we discuss work on active authentication, multi- biometric system, and the tracking of mouse movement and keyboard dynamics. In §III, we describe the biometric dataset used in this study and the classifiers that mapped the data from feature space to decision space. In §IV, we discuss the decision fusion approach that combines the decisions of local sensors. In §V, we present the global performance provided by the Decision Fusion Center. We also estimate the contribution of each feature to the quality of the final decision. II. USER AUTHENTICATION VIA BIOMETRICS A. Mouse and Keyboard Dynamics The movement dynamics of the mouse and the keyboard of a personal computer have been studied for over two decades [7], [8] as the primary human computer interface input devices. Keystroke dynamics have received most of the attention in be- havioral biometrics studies [9]. The two basic tracked features of inter-key-press interval [10] and key-press dwell [11] were used as the basis for more complex features such as digraph latency [12], trigraph latency [13], or keyword latency [14]. These features provide timing information about a specific configuration of key-press and key-release events. Mouse movement in the authentication domain has re- ceived considerably less attention until recently [15]. Mouse