If you wish to truly know a man, follow the movements of his mouse.
It sounds like an ancient proverb from some rodent-infested culture. But it’s the unspoken mantra of a group of computer security researchers who have refined an innovative method of combatting identity theft.
In a newly published paper, a research team led by Clint Feher of Israel’s Ben-Gurion University introduces a novel way of verifying a computer is being operated by its rightful user. Its method, described in the journal Information Sciences, “continuously verifies users according to characteristics of their interaction with the mouse.”
How we manipulate our mice is, if not as unique as a fingerprint or DNA, surprisingly specific.
The idea of user verification through mouse monitoring is not new. As the researchers note, “a major threat to organizations is identity thefts that are committed by internal users who belong to the organization.”
To combat this, some organizations turn “physiological biometrics” to verify the identity of a computer user. But these techniques, such as fingerprint sensors or retina scanners, “are expensive and not always available,” the researchers write.
An alternative approach is the use of “behavioral biometrics.” Such a system compiles biometric data such as “characteristics of the interaction between the user and input devices such as the mouse and keyboard” and constructs a “unique user signature.”
As you might imagine, this is a tricky process, as the precise way we utilize our mouse or tap the keys of our computer can vary for all sorts of reasons, including the time of day, whether we are sitting or moving about, or how much caffeine we’ve ingested. Feher and his colleagues addressed these concerns by devising “a novel method that continuously verifies users … based on the classification results of each individual mouse action, in contrast to methods which aggregate mouse actions.”
These individual actions include the time it takes the click the mouse (with separate stats for the right and left sides), “the distance traveled between the mouse-down and mouse-up events of the first click,” “the time interval between the first click and the second click,” and many, many more.
This approach “outperforms current state-of-the-art methods by achieving higher verification accuracy while reducing the response time of the system,” they report.
Things like “lint clogging the moving parts of mechanical mice” could throw off their equations, the researchers admit. They also concede that a person “using a laptop in two different places may use the touch pad in one place and an external mouse in another,” which complicates verification.
Nevertheless, their work appears to represent an important advance in this arena, and one that could give them an appreciative following. As that other proverb goes, build a better mouse-based identity protection system, and the world will beat a path to your door.
