Open access peer-reviewed chapter - ONLINE FIRST

# Behavioral Biometrics: Past, Present and Future

Written By

Mridula Sharma and Haytham Elmiligi

Reviewed: January 24th, 2022 Published: March 6th, 2022

DOI: 10.5772/intechopen.102841

From the Edited Volume

## Recent Advances in Biometrics [Working Title]

Chapter metrics overview

View Full Metrics

## Abstract

Behavioral biometrics are changing the way users are authenticated to access resources by adding an extra layer of security seamlessly. Behavioral biometric authentication identifies users based on a set of unique behaviors that can be observed when users perform daily activities or interact with smart devices. There are different types of behavioral biometrics that can be used to create unique profiles of users. For example, skill-based behavioral biometrics are common biometrics that is based on the instinctive, unique and stable muscle actions taken by the user. Other types include style-based behavioral biometrics, knowledge-based behavioral biometrics, strategy-based behavioral biometrics, etc. Behavioral biometrics can also be classified based on their use model. Behavioral biometrics can be used for one-time authentication or continuous authentication. One-time authentication occurs only once when a user requests access to a resource. Continuous authentication is a method of confirming the user’s identity in real-time while they are using the service. This chapter discusses the different types of behavioral biometrics and explores the various classifications of behavioral biometrics-based on their use models. The chapter highlights the most trending research directions in behavioral biometrics authentication and presents examples of current commercial solutions that are based on behavioral biometrics.

### Keywords

• behavioral biometrics
• gait
• mouse dynamics
• keystroke dynamics

## 1. Introduction

Multi-factor authentication is a promising authentication method, in which the user is required to provide two or more verification factors to gain access to a service or a resource. Multi-factor authentication could use One time Passwords (OTPs), physical biometrics such as face-recognition or finger-prints, etc. Although passwords have been used regularly for authenticating users for years, they are losing their popularity as passwords can be cracked or stolen quite easily. Biometric security was introduced as a better solution to verify individuals based on their unique characteristics [1]. Physical biometrics, such as fingerprints, face recognition and iris scanning, are currently being used extensively in many applications to secure access to servers and services. However, they are mainly used to perform static authentication to grant access to authorized individuals. Physical biometrics are not commonly used to constantly authenticate users while they are using the service.

With the escalating cybercrimes, static authorization fails to keep systems secure. Session hijacking and man-in-the-middle attacks are just two examples of possible threats that can have significant impacts on systems and networks, even if static authentication was deployed. Therefore, security experts are currently considering the implementation of dynamic, continuous authentication in a wide range of applications. Continuous authentication can be done using behavioral biometrics (BB), which is one of the most promising solutions to this problem. Also known as behaviometrics, it is the future of user authentication as it provides a secure, seamless, and hassle-free digital experience. Behavioral biometric authentication systems are currently being deployed in banks, government organizations, and other facilities to provide an efficient protection system against cybercrimes [2].

Since behavioral biometrics is a continuous way of authentication, it keeps checking the behavioral patterns of users. Body movements, voice modulations, typing style and speed, mouse movement styles, and behavior are some of the behavioral biometrics which are known to have uniqueness in it. The behavioral biometrics are primarily based on either the way human-computer interactions take place or the measurements of the body parts and muscle actions [2]. It focuses on how a user conducts a specific activity rather than focusing on an activity’s outcome [3].

This chapter begins with an overview of behavioral biometrics in Section 2, which discusses the different types of behavioral biometrics, their advantages, and their shortcomings. Section 3 provides a survey of the research work on behavioral biometrics in the literature. This includes the latest research trends and directions related to behavioral biometrics. There are also several industrial organizations providing commercial platforms that support behavioral biometrics authentication. Section 4 provides a review of those companies and their products. Section 5 presents cases studies of various application domains where behavioral biometrics is used for security authentication. Finally, we draw our conclusion in Section 6.

## 2. Behavioral biometrics: what and why?

With the increasing level of fraud and unauthorized intrusions in various areas of life, especially in banking; the need of multi-factor authentication was significant. Companies and service providers started enforcing multi-factor authentication as a new security requirements to maintain access to services or resources. Biometrics are currently used in many applications as the second level of authentication, along with passwords, for authorizing or even identifying users.

### 2.1 Behavioral biometrics vs. physical biometrics

There are two main categories of biometrics that are currently being used. These two categories are physical and behavioral. Physical (physiological) biometrics depends on the measurements of a specific individual’s features for identity verification/authentication. This includes face geometry, fingerprints, certain parts of the eye, vein patterns, and other corporal traits. To put it simply, physical biometrics replace “things that you know” (passwords and PINs) with “things that you are” [4]. Other examples include DNA, ear, footprint, palm print, retinal, etc.

On the other hand, behavioral biometrics is the measurement and analysis of human-specific behavioral traits based on human movement or their interaction with the computer parts, such as mouse, keyboard or handheld devices like ipads, or phones.

Physical biometrics are commonly used for one-time authentication, whereas, for dynamic authentication, behavioral biometrics can be more effective. Behavioral biometrics deployment can be divided into four distinct types of applications: continuous authentication, risk-based authentication, insider threat detection, and fraud detection and prevention [3, 5]. Behavioral biometric authorization integrates three main fields: human behavioral pattern analysis, smart sensors technologies, and machine learning models.

The biometric types are shown in Figure 1.

### 2.2 Advantages of behavioral biometrics

There are many advantages of behavioral biometrics over physical biometrics. The following points highlight these advantages [5, 6, 7].

• Continuous collection and authorization—Behavioral biometrics enable constant monitoring of users. This helps to ensure that only the authorized user is the one who is using the system, even after the initial identity check has been done.

• Non-obtrusive collection—The behavioral data can be collected in a seamless manner without disturbing the normal service usage.

• No need of special hardware—The behavioral data may be collected using a standard camera or voice recorders. The video or audio recordings are processed to retrieve the data for authorization afterward.

• Useful for authorization—Behavioral biometrics deliver continual user authentication and is a powerful defense. But it is only a complement to one-time authentication techniques such as passwords, PIN, and other physiological biometrics.

• Universality—When applied to a large population, the universality of behavioral biometrics is very low as the degree of difference in behaviors may not be very large. But when used in a specific domain, the actual universality of behavioral biometrics reaches up to 100%, making it highly acceptable.

• Circumvention—Behavioral biometrics traits are very difficult to emulate or copy.

• Unique combination—Behavioral biometrics is mostly a unique combination of analyzed behavioral characteristics for each real person.

• Smooth Integration—Once the behavioral biometrics model is defined, it can be integrated very easily with already existing security systems. For example, the regular video surveillance system can be utilized to implement behavioral biometrics system.

• High verification accuracy—In multi-modal identification systems, the behavioral biometrics verification accuracy is proven to be quite high.

• Acceptability—Most often, behavioral biometrics are collected without user participation. Therefore, it does have a high degree of acceptability. However, on privacy and ethical grounds, it faces several objections as well.

### 2.3 Shortcomings of behavioral biometrics

Although behavioral biometrics authentication has high accuracy and acceptance rate, it still has several challenges that hinder the implementation of such systems in a wide range of applications. The following points highlight these challenges.

• Implementation Cost—Although, the new hardware is not required, still a framework that can create the dataset for behavioral biometric analysis needs to be built and integrated separately into the existing security systems. The implementation of such a new framework can be costly since it is still in the development stages.

• Large Data Acquisition—The integration of behavioral biometrics authentication requires the collection of huge personal data records to profile a user’s typical behavior accurately.

• Adaptation to Behavioral changes—One of the biggest challenges is the ability to create a classification model that can adapt to behavioral changes. Changes in human behavior can happen for many reasons, such as external factors like weather, tiredness, or even aging. Behavioral biometrics authentication models need to be constantly re-trained to be up to date with the changes in human behavior. People may behave differently when they are in a hurry, tired, drunk or when they are not feeling well. Behavioral biometrics models face many challenges related to the adaptation to behavioral changes.

• Privacy Issues—Some users are still reluctant to use behavioral biometrics authentication due to ethical and privacy issues.

### 2.4 Commonly used behavioral biometrics

Behavioral biometrics systems measure various human actions. These actions can be the result of human skills, such as motor skills, style, preference, knowledge, or strategy [5]. Based on the traits and features used for collecting human behavior, behavioral biometrics can be classified as:

• Skill-based Behavioral Biometrics—The behavior is based on the instinctive, unique and stable muscle actions taken by the user. Examples are car driving style, keyboard dynamics, programming style, gaming, etc.

• Knowledge-based Behavioral Biometrics—The knowledgeability of the user is recorded as their usual behavior. Examples are biometric sketch, text authorship, etc.

• Style-based Behavioral Biometrics—Each user has a unique style that can be used to authorize them. Examples are haptic, gaming, programming, mouse, painting, email behavior, gesture etc.

• Strategy-based Behavioral Biometrics—Users may have a specific strategy that they adopt. An example is the gaming technique.

• Preference-based Behavioral Biometrics—Based on the user’s preference of words, letters, or their belongings. Examples are credit card usage, bank usage, tool usage, language usage etc.

• Motor-skill-based Behavioral Biometrics—Based on the muscle-control actions of the users makes it innate, unique, and stable. Examples are blinking, GAIT, handgrip, haptic, lip movement, signature, tapping, voice/speech, etc.

### 2.5 How does behavioral biometric authentication work?

For the purpose of identification or authorization, behavioral biometrics data is first collected and stored. The data is processed further to prepare a signature profile. Using machine learning classifiers, predictive models are trained, developed, and evaluated. Later, this model is used as a comparison tool, whenever the user uses the application. Using behavioral patterns, the model is used to continuously verify the user’s profile throughout their working sessions. The generic architecture of a biometric system consists of five main modules:

• Data Collection Module: This module captures the biometric raw data to extract a numerical representation.

• Feature Engineering Module: To reduce the extracted numerical representation and optimize the data into required features that need to be stored for the verification and identification purposes.

• Storage module: This module stores the individuals’ biometric profiles in the form of dataset.

• Matching module: The module is used to compare the newly extracted biometric profile to one or more previously stored profiles.

• Decision module: This is the verification step to return a value that decides for identification/authorization.

The BB model is shown in Figure 2.

## 3. Behavioral biometrics models in literature

Behavioral biometrics has drawn the attention of both researchers and industry experts. The common areas where behavioral biometrics has played a very important role are user profiling, user modeling, opponent modeling, criminal profiling, jury profiling, etc. [5]. The information/data that may be collected for behavioral analysis may come from several sources like sensors, cameras, keyboard and mouse usage, device, audit logs, signatures or handwriting, programming style, language, smell, etc. [5]. Moreover, physical traits like odor, heartbeat, and even DNA are also being used in some applications. Researchers have also started exploring ECG, brainwaves, and passthoughts to analyze behavioral traits [5].

The most commonly used behavioral biometrics is keystroke dynamics. Keystroke dynamics have been used to authenticate users for years. Keystroke dynamics data can be collected by typing standard or non-standard passwords. Features extracted from the raw data that represent the typing patterns are used to create a unique profile for each user and to authorize those users later to resources [8, 9, 10]. It can also be used to recognize the emotions of a person [11]. To recognize the emotion from typing patterns, users are asked to type a specific sentence. Using feature extraction techniques, predictive models can be trained to classify various emotions. In one study, touch sense was defined and created as an emotion detection model based on typing and swiping patterns of a user with an accuracy rate of 73% [12]. Typing and swiping patterns are used in several applications to detect the emotions of smartphone users [12].

Another example of behavioral biometrics is mouse dynamics, where the recognition of a user profile is done based on the way a user uses his/her mouse on the computer [13, 14, 15]. The behavioral profile is created by extracting specific features related to the mouse movements of a user. Mouse and keystroke dynamics are related and complement to each other. The use of the mouse is very important in graphical user interface applications, while the keyboard is commonly used in word processing and command-line applications [16]. Mouse and keystroke dynamics are significantly important in enhancing computer security.

One of the most interesting research directions in behavioral biometrics is GAIT analysis. GAIT analysis is used to authenticate users based on their style or manner of walking [17, 18]. GAIT analysis systems depend mainly on a video camera, that captures images of people walking within its field of view. The images are processed to get appropriate features of users such as joint angles or silhouettes and the values are then compared to the stored gait signatures and profiles of the authorized individuals. One of the main advantages of GAIT analysis is that it is non-intrusive, which means that it does not require cooperation from the individual, and can function at moderate distances from the individual under observation.

Biotouch is another framework based on behavioral biometrics and location for continuous authentication on mobile banking applications [19]. Biotouch uses touch patterns for profiling users while typing and holding the device. This data is then used for predictive model building and authorization.

A new technique in profiling users’ behavior is creating users’ profiles based on their game playing styles. This technique analyzes the strategies used while playing a game and creates a user profile based on these strategies, as a type of behavioral biometric. These profiles are used later for continuously observing and authorizing the player to the servers [20]. One example of using this new technique is exploring the strategies used while playing the poker game to create behavioral biometric profiles [20]. Once a profile is created, it can be used to authorize the player on the go.

Another interesting approach is using odor as a biometric to identify individuals [21]. In this approach, the tiny quantities of molecules that constantly evaporate and produce the smell, known as odorants, are detected by a special sensor called e-nose. e-noseis a chemical sensor that can be used to collect unique data about each individual participant. The data can be used to train classification models and to authenticate users [22]. e-noseis a rapid, noninvasive, and intelligent online instrument based on the feasibility and effectiveness of odor recognition. Made up of an array of sensors, it is an appropriate pattern recognition system, which is capable of identifying particular smells.

Facial recognition and emotion detection have been used in many applications to classify users. Gabor wavelets is a method to extract features from an image for recognition. For example, analyzing facial images for face recognition by pre-processing or normalizing the face image [23]. As a common rule, the eyes and the mouth will always be aligned roughly at the same position in same-sized images for face processing. Gabor filters for different scales at different orientations are applied to each facial image for the purpose of creating feature vectors to train machine learning models.

Several researchers considered handwriting biometrics as behavioral biometrics as they are based on actions performed by a specific subject. Handwriting recognition is the task of transforming a language represented in its spatial form of graphical marks into its symbolic representation [24].

Voice recognition is one of the behavioral biometrics that can be used to identify a vocal pattern based on sound variations that are most common in a person’s speech. Both speaker identification and speaker verification can be done by capturing important narrow-band speaker characteristics such as pitch and formats [25]. This technique is used for biometric authentication, forensics, security, speech recognition, and speaker diarization.

A brief list of previous studies is given in Table 1.

Behavioral BiometricsPurpose
Keystroke DynamicsTo recognize a person using keystroke dynamics [11].
Keystroke and Mouse DynamicsIdentity theft issues by verifying users based on their keystroke dynamics and mouse activities [26]
Touch and hold a deviceEmotion detection from touch interactions during text entry on smartphones [12]
Touch Patternscontinuous authentication on mobile banking applications [19]
Mouse DynamicsComputer user recognition based on the way a user uses his/her mouse [15]
GAITAuthorization process based on style or manner of walking [17, 18]
StrategyPlayer profile is used to authorize the player on the go [20]
OdorHuman recognition through the odor authentication [21]
Gabor waveletsTo extract features from an image for recognition [23]
Handwriting BiometricA process of transforming a language represented in its spatial form of graphical marks into its symbolic representation [24]
SpeechUseful for biometric authentication, forensics, security, speech recognition, and speaker diarization [25]

### Table 1.

Behavioral biometric research work.

## 4. Behavioral biometrics solutions in the industry

Not only researchers, but many industry experts are working diligently to improve the applications and performance of behavioral biometric solutions.

### 4.1 BioCatch

Founded in 2011, BioCatch is working diligently to address next-generation digital identity challenges by focusing on online user behavior. BioCatch has developed several solutions that could improve security in the following use cases: 1) Account opening protection, 2) Account takeover protection, 3) Social engineering scam detection, 4) PSD2 strong customer authentication, etc. [27]. As per BioCatch, “In our digital world, behavior tells all” [27]. Regardless of an attacker’s chosen mode of operation, user behavior can never be stolen, spoofed, or replicated. BioCatch has developed solutions that can continuously monitor a user’s physical and cognitive digital behaviors. These solutions can be used to analyze thousands of interactions per session and build models to distinguish between genuine and non-genuine users. The solutions are used for several surveillance systems like account opening protection, account takeover protection, advance social engineering, payment scams, proactive mule detection etc.

BioCatch is providing its software products to many leading banks and helping them to prevent identity thefts and other frauds detection and protection. Some major clients for BioCatch are HSBC, American Express, etc. [27].

### 4.2 Simprints

Simprints works on the motto of “Transforms the way the world fights with poverty”. They are working on building technologies that can be used to identify the person with fingerprints to generate biometric ID for data analysis. The plan is to build a technology that can radically increase transparency and effectiveness in global development, making sure that every vaccine, every dollar, every public good reaches the people who need them the most [28].

### 4.3 PluriLock

Founded in 2016, Plurilock is working to provide an advanced authentication system using behavioral biometrics [29]. They use the concept of device-based gestures to authenticate users using keystroke dynamics and mouse movements in their two products namely, PLURILOCK AWARE and PLURILOCK DEFEND [29].

• Plurilock Aware—deals with the problem of login credentials, and ends up the frustration of typing passwords and OTP. It provides identity verification by recognizing the typing patterns of the users. It is invisible to the users, not-stealable, and takes care of privacy.

• Plurilock Defend—detects the legit person, while the session is on, using continuous authentication. It also monitors the session activity. Using continuous keystroke and mouse monitoring, the risk is reflected and the system is alarmed.

The AWARE and DEFEND products use patented algorithms to bring continuous authentication to highly-regulated environments like government, critical infrastructure, financial services, and healthcare.

### 4.4 TypingDNA

Using keystroke dynamics, TypingDNA provides continuous authentication. Founded in 2016, TypingDNA works on recognizing a person’s typing behavior for authorization. The company had launched four products for verification and authentication purposes:

• VERIFY 2FA—a 2-factor authentication product, which has an AI agent, which examines and saves the typing pattern of a user for future verification [30]. The second product is authentication API. It uses four different ways to authenticate the user.

• Login authentication—when the user logs in for the first time, it will register that typing behavior and will use the created profile to verify the user later. When the user types his login credentials next time, the AI will match it with the first enrollment. If more than 90% of the features match, then the user will be authenticated [31].

• ActiveLock—This product is used to restrict the unauthorized access to the company computers using continuous authentication. If any bizarre typing pattern is recognized by the system, it will automatically lock the computer system. Also, if an authorized person forgets to log out of his computer and any unauthorized person tries to access the data, continuous authentication will catch the unusual behavior and will lock the system [32].

• Focus—Based on the typing patterns, this application helps users to recognize what mood they are in and what time of the day they are more productive. This application works as a mood tracker. When the user types anything, it examines the typing behavior and analyzes several features. This includes: when the user is actively engaged in typing, for how long he was typing, the typing speed and the typing volume. The tool uses AI to predict the mood of the user [33].

### 4.5 ThreatMark

The company provides a complete package to prevent current and future digital fraud since 2015 [34]. ThreatMark is working to prepare solutions for banks to fight fraud, from early threat detection, over behavioral biometrics to transaction risk analysis.

• Anti Fraud Suite (AFS)—Innovative, feature-rich and modular Fraud Detection Solution for Digital Banking and Payments featuring behavioral profiling, including behavioral biometrics, transaction risk analysis and threat detection in one machine learning-based analytics engine.

• Clair—Unique Solution for Online lending, Gaming and other businesses looking to minimize fraud risk and/or credit risk. Clair is using behavioral profiling and biometrics to identify users, predict future business outcomes, fraud and more.

### 4.6 3Divi

Founded in 2011, 3DiVi Inc. is an AI technology company focused on the application of deep learning to computer vision [35]. The company is working on developing state-of-the-art API/SDKs that enable smart devices to recognize humans. Their solutions are used by several big companies like Intel, Adidas, LG, Orbbec etc. The company is working hard to enable human-machine interface (HMI) in IoT, smart home, smart retail, smart car, robotics, and digital identity verticals. The product line has several specialized SDKs.

• NUITRACK SDK—a 3D tracking middleware developed by 3DiVi Inc. This is a solution for skeleton tracking and gesture recognition that enables the capabilities of Natural User Interface (NUI) on Android, Windows, and Linux.

• Interactive Android™ Box—Game with gesture recognition—Ultimate platform to build and sell applications with full body and face interactivity.

• Face SDK—face recognition with a suite of solutions designed to enhance business capabilities, automate tasks, and increase overall community safety.

• SEEMETRIX—Anonymous Face Analytics. This solution can be used to detect gender, age, emotions in a fraction of second

### 4.7 Zighra

Zighra makes authentication more secure than static MFA and enables passwordless experiences [36]. Their platforms, combine insights from generative behavioral models and biological systems to train faster, dynamically adapt, and accelerate execution compared to AI approaches commonly used today.

The software provides task-based authentication where users are asked to perform a specific action as an authenticator to determine whether the user or a bot is trying to use the device, such as holding the phone and swiping across the screen. It also provides security intelligence, using the unique ways a user types, swipes, and taps.

Transaction risk assessment is done using machine learning and behavioral biometrics to ensure the identity of the user on the device and also provides proof of presence using AI, behavioral biometrics, sensor analytics, and network intelligence together to actively authenticate the identity of the on-device user [36].

They have been awarded an innovation contract to pilot continuous authentication for remote access using patented next generation AI technology by the government of Canada [37].

### 4.8 VoiSentry

A speaker identification and verification (ID&V) system developed by Aculab, that captures tens of thousands of unique voices and speech characteristics to authorize the user on the go [38]. This solution is an ideal system for voice biometric authentication system in terms of performance and accuracy.

### 4.9 Cynet

Cynet’s user behavior analytics system continuously monitors and profiles the user activity [39]. This profile is later used to define a legitimate behavioral baseline and identify anomalous activity to indicate any compromise in the user accounts. It provides real-time monitoring of all the interactions from the time users initiate by logging in.

### 4.10 BehavioSec Inc.

The BehavioSec solution provides a continuously learning AI subsystem with pre-weighted machine learning models based on prior analysis, using a hybrid of offline and online calculations [40]. The company leverages APIs, SDKs, and rich behavioral biometrics insights, that can be used to embed seamless security into the existing systems.

### 4.11 SecureAuth Inc.

Working toward deploying MFA in a digital world [41]. The initiatives are password authentication, portal and web apps security, RSA migration etc. The products are deployed in several industries like healthcare, retail, energy, financial, and public sectors.

### 4.12 UnifyId

They are the developers of a passive behavioral authentication platform designed to identify users without any conscious user action [42]. The platform developed utilizes sensor fusion with machine learning to provide enhanced accuracy while improving the user experience. This helps in authentication both in application and in the physical world.

### 4.13 SecureTouch Inc.

A pioneer in the field of behavioral biometrics for mobile. They work to deliver continuous authentication technologies to strengthen security and reduce fraud while improving customers’ digital experience [43]. Their systems seamlessly collect and analyze a dynamic set of over 100 different behavioral parameters like keyboard-typing, scroll-velocity, touchpressure, and finger size to automatically create a unique user behavioral profile, which can be used for authorization later.

Table 2 provides a summary of the companies working on behavioral biometrics technology.

Company NameYearTypesUsed by
BioCatch [27]2011Typing speed, Swipe pattern, mouse clicksHSBC, Itau, BARCLAYS, nab, American Express, citi VENTURES, 86400 banks, NatWest
Simprints [28]2012Wireless Fingerprint scannersBRAC, Cohesu
Plurilock [29]2016Keystroke dynamics, Pointer dynamicsUS federal agencies
TypingDNA [31]2016Keystroke dynamicsMicrosoft Azure, ForgeRock, Optimal IdM, BBVA, Proctoru, Capgemini
ThreatMark [34]2015Mouse events, keystroke dynamics, site navigation patterns, interaction with website elementsSLOVENSKÁ SPORITEL̂ŇA(Bank), SBERBANK
DiVi [35]2011Facial Recognition, Skeleton trackingIntel, Adidas, LG, Orbbec
Zighra [36]2010Task-based authentication using behaviors such as holding the phone and swiping across the screenGovernment of Canada innovation Fund
VoiSentry [38]2018Speaker identification and verification systemForgeRock, University of York, MyForce
Cynet [39]2018Behavior analytic System to continuous monitoringDarktrace, Microsoft Azure, Vectra Networks
BehaioSec Inc. [40]2010The API can turn behavior into actionable intelligence with just a few lines of codeIDG, Gartner, Goode Intelligence
SecureAuth Inc. [41]2015Identity Security Without CompromiseXerox, Michaels, Unisys
Unify Id2015Passive behavioral authentication platform designed to identify users without any conscious user actionUS banks
SecureTouch Inc.2014Deliver continuous authentication technologies to strengthen security and reduce fraudZaraz, Neon Media, TimeRack

### Table 2.

Behavioral biometric commercial organizations.