BIForum 2017 - Keystroke Analysis for Fraud Detection

Transcript

1. Keystroke Behavioural Analysis For Fraud Detection Valerio Maggio @leriomaggio Data

   Scientist and Researcher Fondazione Bruno Kessler (FBK)
 Trento, Italy

2. Two Common forms of Frauds Account Hijacking Card Faking

3. Account Hijacking Account Hijacking User Identification

4. User Identification

5. Keystroke Dynamics Keystroke dynamics consists in analysing the way a

   user types by monitoring keyboard inputs thousand of times per second, and processing this data through an algorithm, which then defines a pattern for future comparison Identifying an individual based on their way of typing on a physical or virtual keyboard

6. Keystroke Dynamic Analysis Time between two key pressures 
 Down-Down

   Time Time between one pressure and one release- 
 Dwell Time Time between one release and one pressure
 Flight Time Time between two key release
 Up-Up Time

7. Keystroke Patterns Leaning : State of the Art

8. Data Pipeline: (1) Data Collection Time between two key pressures

   
 Down-Down Time Time between one pressure and one release- 
 Dwell Time Time between one release and one pressure
 Flight Time Time between two key release
 Up-Up Time

9. Data Pipeline: (2) Feature Extraction Time between two key pressures

   Time between one pressure and one release Time between one release and one pressure Time between two key release TimeShifting key-presses - if deletions happen Only Data leading to a Successful Login

10. Feature Analysis & Data Preparation

11. Feature Analysis & Data Preparation

12. Feature Analysis & Data Preparation 1. Analyse Feature Distribution 2.

    Rank users accordingly
13. None

14. Up-Up Time - Username Field - web vs app

15. Up-Up Time - Password Field - web vs app

16. Dwell Time - Username Field - web vs app

17. Dwell Time - Password Field - web vs app

18. Data Cleaning Complexity-Invariant Distance Measure

19. Data Cleaning Complexity-Invariant Distance Measure

20. Feature Scaling Original 
 Feature Data MinMax Scaling Standard Scaling

21. Data Preparation All feature Combinations HDF5 format

22. Data Analysis Protocol (DAP) Reduce the 
 Selection Bias!! 80%

    20% Use separately for 
 HyperParams Search Don’t Mix

23. Keystroke Patterns (Classical) Machine Learning … …

24. Deep Keystroke Learning Deep AutoEncoder Encoder Decoder … Classification Deep

    Network One AutoEncoder + FC Network Outlier Detector (per user)

25. Deep Keystroke Learning
 User Identification Deep AutoEncoder Encoder Decoder …

    Classification Deep Network Confusion Classification Matrix Avg. Accuracy Score: 0.999090 One AutoEncoder + FC Network Outlier Detector (per user) Avg. FPR: 0.002246

26. Outlier Detection

27. Feature Importance rf.fit(X,y_DL)

28. Conclusions and Take Aways • Data Processing and Cleaning is

    never painless • 80% of the time for Data Science Processing • 20% is for Machine/Deep Learning Code • 90% of which is looking for Optimum HyperParameters 
 (exp. for Deep Learning) • Use Unsupervised Approaches to get useful insights on the data • Feature Scaling is paramount • Beware of the Selection Bias (Multiple Time K-Fold CV) • DL is not silver bullet

29. Thanks a lot for your kind attention +ValerioMaggio [email protected] it.linkedin.com/in/valeriomaggio

    @leriomaggio