Account-Sharing Detection Through Keystroke Dynamics Analysis

Seong-seob Hwang, Hyoung-joo Lee, and Sungzoon Cho
International Journal of Electronic Commerce,
Volume 14 Number 2, Winter 2009-10, pp. 109.

Abstract: Account sharing refers to a situation where multiple individuals share a Web site account to avoid paying a fee or providing personal information. As a result of account sharing, service providers lose revenue, underestimate membership, and have impaired understanding of their customers. A generic framework for detecting account sharing is proposed, using keystroke dynamics. Starting with the observation that a user’s keystroke patterns are consistent and distinct from those of other individuals, it is assumed that each user¬ís keystroke patterns form a ‘cluster’ in Euclidean space. The number of sharers can be estimated by the number of clusters. In this paper, the ‘optimal’ number of clusters is estimated based on the Bayesian model-selection framework with Gaussian mixture models obtained using the variational Bayesian approach. In a case study involving 25 passwords and 16 users, the proposed approach performed well in ‘sharing detection,’ with a 2 percent false alarm rate, a 2 percent miss rate, and a ‘total user estimation’ error of 7 percent. The proposed approach is viable and merits further investigation.

Key Words and Phrases
: Account sharing, biometrics, clustering, keystroke dynamics, typing pattern, Web site account management.