Behavioral Biometrics and Machine Learning to Secure Website Logins

  • Falaah Arif KhanEmail author
  • Sajin Kunhambu
  • K. Chakravarthy G
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 969)


In a world dominated by e-commerce and electronic transactions, the business value of a secure website is immeasurable. With the ongoing wave of Artificial Intelligence and Big Data, hackers have far more sophisticated tools at their disposal to orchestrate identity fraud on login portals. Such attacks bypass static security rules and hence protection against them requires the use of machine learning based ‘intelligent’ security algorithms. This paper explores the use of client behavioral biometrics to secure website logins. A client’s mouse dynamics, keystrokes and click patterns during login are used to create a customized security model for each user that can differentiate the user of interest from any other impersonator. Such a model, combined with existing protocols, will provide enhanced security for the user’ profile, even if credentials are compromised. The module first employs a means of collecting relevant behavioral data from the client side when a new account is created. The collection module can easily be integrated with any web application without impacting website performance. After sufficient collection of login data, a biometric-based fraud detection algorithm is created that secures the account against future impersonators. Our choice of algorithms is the Multilayer Perceptron, Support Vector Machine and Adaptive Boosting, the outcomes of which are polled to give the prediction. We find that such a model shows good performance (accuracy, precision and recall) for different train: test splits. Moreover, the model is easily implementable for any web based authentication, is scalable and can be fully automated, if a dataset like ours can be created from client activity on the web application of interest.


Behavioral biometrics Machine learning Artificial Intelligence Login fraud Intelligent security Keystroke Mouse movements Multilayer Perceptron Support vector machine Adaptive Boosting 



We thank our managers; Mukund and Swami for their unwavering support. We also extend a hearty thanks to all the interns at Dell, Hyderabad who took part in the process of data collection. Without the data, there could have been no machine learning and so your contribution does not go unnoticed. We dedicate this project to the Python community for all the extraordinary work they do in creating new useful libraries for developers, while maintaining requisite documentation and user support on existing libraries. The work of this study, like the work of countless others, would not have been possible without their unwavering dedication to the Pythonic way.


  1. 1.
    Zheng, N., Paloski, A., Wang, H.: An efficient user verification system via mouse movements. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 139–150 (2011)Google Scholar
  2. 2.
    Gurav, S., Gadekar, R., Mhangore, S.: Combining keystroke and mouse dynamics for user authentication. Int. J. Emerg. Trends Technol. Comput. Sci. (IJETTCS) 6(2), 055–058 (2017). ISSN 22786856Google Scholar
  3. 3.
    Ponkshe, R.V., Chole, V.: Keystroke and mouse dynamics: a review on behavioral biometrics. Int. J. Comput. Sci. Mob. Comput. 4, 341–345 (2015)Google Scholar
  4. 4.
    Wu, J.-H., Lin, C.-T., Lee, Y.-J., Chong, S.-K.: Keystroke and mouse movement profiling for data loss preventionGoogle Scholar
  5. 5.
    Traore, I., Woungang, I., Obaidat, M.S., Nakkabi, Y., Lai, I.: Combining mouse and keystroke dynamics biometrics for risk based authentication in web environmentsGoogle Scholar
  6. 6.
    Cho, S., Han, C., Han, D., Kim, H.: Web based keystroke dynamics identity verification using neural network. J. Organ. Comput. Electron. Commer. 10(4), 295–307 (2000)Google Scholar
  7. 7.
    Fülöp, Á., Kovács, L., Kurics, T., Windhager-Pokol, E.: Balabit mouse dynamics challenge data set (2016)Google Scholar
  8. 8.
    Killourhy, K.S., Maxion, R.A.: Comparing anomaly detectors for keystroke dynamics. In: Proceedings of the 39th Annual International Conference on Dependable Systems and Networks (DSN-2009), pp. 125–134, Estoril, Lisbon, Portugal, 29 June–2 July, 2009Google Scholar
  9. 9.
    Li, Y., Cao, B.Z., Zhao, S., Gao, Y., Liu, J.: Study on the BeiHang keystroke dynamics database. In: International Joint Conference on Biometrics (IJCB), pp. 1–5 (2011)Google Scholar
  10. 10.
    Monrose, F., Rubin, A.: Authentication via keystroke dynamics. In: ACM Conference on Computer and Communications Security, pp. 48–56 (1997)Google Scholar
  11. 11.
    Hashiaa, S., Pollettb, C., Stamp, M.: On using mouse movements as a biometric. In: International Conference on User Science and Engineering (i- USEr), pp. 206–211, December 2011Google Scholar
  12. 12.
    Jorgensen, Z., Yu, T.: On mouse dynamics as a behavioral biometric for authentication. IEEE Syst. J. 8(2), 262–284 (2013)Google Scholar
  13. 13.
    Gamboa, H., Fred, A.: A behavioral biometric system based on human-computer interaction. In: Proceedings of the SPIE, vol. 5404, Biometric Technology for Human Identification, 381, 25 August 2004Google Scholar
  14. 14.
    Teh, P.S., Teoh, A.B.J., Ong, T.S., Tee, C.: Keystroke dynamics in password authentication enhancement. Expert Syst. Appl. 37, 8618–8627 (2010)CrossRefGoogle Scholar
  15. 15.
    Lau, S.-h., Maxion, R.: Clusters and Markers for Keystroke Typing Rhythms. Learning from Authoritative Security Experiment Result, LASER 2014 (2014)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  • Falaah Arif Khan
    • 1
    Email author
  • Sajin Kunhambu
    • 2
  • K. Chakravarthy G
    • 2
  1. 1.DES India, DellBangaloreIndia
  2. 2.DCS DCP India, DellBangaloreIndia

Personalised recommendations