=Paper=
{{Paper
|id=Vol-2864/paper21
|storemode=property
|title=On Keystroke Pattern Variability in Virtual Desktop Infrastructure
|pdfUrl=https://ceur-ws.org/Vol-2864/paper21.pdf
|volume=Vol-2864
|authors=Ievgeniia Kuzminykh,Bogdan Ghita,Alexandr Silonosov
|dblpUrl=https://dblp.org/rec/conf/cmis/KuzminykhGS21
}}
==On Keystroke Pattern Variability in Virtual Desktop Infrastructure==
https://ceur-ws.org/Vol-2864/paper21.pdf
On Keystroke Pattern Variability in Virtual Desktop
Infrastructure
Ievgeniia Kuzminykha,b, Bogdan Ghitac and Alexandr Silonosovd
a
King’s College London, WC2R 2ND, UK; ievgeniia.kuzminykh@kcl.ac.uk
b
Kharkiv National University of Radio Electronics, Kharkov, 61000, Ukraine
c
University of Plymouth, PL4 8AA, UK
d
Blekinge Institute of Technology, Karlskrona, SE-371 79 Sweden
Abstract
The paper investigates the impact of network traffic and network characteristics on the
effectiveness of keystroke dynamics for continuous and one-time authentication in the remote
desktop applications and virtual desktop infrastructure. The context presented in the paper
contributes to the area of biometric authentication systems by identifying virtual desktop
environment as a specific application domain that uses a keystroke pattern for user
verification and identifying at what extent the context influences on permanence and the
immunity of the keystroke data which was never studied before. The results showed that the
keystroke pattern is not affected by network latency, but standard deviation, jitter, and packet
loss have a significant combined impact onto it. It can also be concluded that RDP packets
are not prioritized during transmission over the network, and therefore, we can say that any
other competing traffic is likely to render keystroke dynamics unusable for continuous
authentication during remote access.
Keywords
Biometric pattern, continuous authentication, Euclidean distance, keystroke dynamics,
remote display protocol, RDP
1. Introduction
Information Security represents a key factor to support the critical information infrastructures
across all business sectors. While password-based access control of encompassing systems remains
the de-facto option for protecting such systems, previous research demonstrated that such an approach
is insufficient; in addition, many examples of successful attacks, including fishing, identity theft,
brute force, coupled with weak password policies confirmed the inherent weakness of password-based
authentication. In order to overcome this weakness and enhance the authentication process, the
industry regulators recommend the adoption of Multi Factor Authentication (MFA). On an MFA-
based access system, the user is authenticated using two or more methods that combine knowledge-,
token-, or biometric-based inputs. While the first two options have been extensively enhanced through
security education and respectively hardware hardening, the biometric alternatives are still subject to
significant research due to the complexity and variability of the inputs. The two main classes of
biometric inputs are physiological (retina, face, fingerprint, or eye scan) and behavioral (gait, voice,
signature, typed keystrokes or mouse movements dynamics). Unlike the other options, biometric
authentication requires no additional hardware or memorizing of complex patterns, which makes it the
preferred choice for additional security provisioning. From an accuracy perspective, physiological
authentication is indeed the better option but, given its inherent intrusiveness for sample acquisition
makes it less attractive for users. In contrast, behavioral authentication is subject to variability and
therefore typically leads to poorer accuracy, but it is ideal for continuous authentication and, as it
draws data from the system interaction, it also has a higher user acceptance.
______________________
CMIS-2021: The Fourth International Workshop on Computer Modeling and Intelligent Systems, April 27, 2021, Zaporizhzhia, Ukraine
EMAIL: yevheniia.kuzminykh@nure.ua (Ie. Kuzminykh); bogdan.ghita@plymouth.ac.uk (B. Ghita); asilonos@gmail.com (A. Silonosov)
ORCID: 0000-0001-6917-4234 (Ie. Kuzminykh); 0000-0002-1788-547X (B. Ghita)
© 2020 Copyright for this paper by its authors.
Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0).
CEUR Workshop Proceedings (CEUR-WS.org)
� Given the level and variability of system and applications, the most common interaction option
and user data input remains text typing. From an MFA perspective, keystroke dynamics would be the
implicit option for continuous authentication, in spite of its inherent variability and attrition, as user
behavior may change over time and depends on age, therefore requiring frequent updates of the
associated biometric user template.
Biometric authentication has been a highly popular area of research over the past decade; a number
of studies demonstrated that keystroke dynamics provides a unique discriminator for individual users
through a number of two defining features and their related variables: the duration of a button press
and release and the delay between next button press depending on the distance between buttons on a
keyboard.
From the intrusiveness perspective, there are two types of user input when performing keystroke
dynamics: fixed- and free-text. In the fixed-text authentication, a user needs to type a predefined
phrase in order to have their biometric characteristics collected and evaluated, and subsequently be
allowed to access system. In free-text authentication, the user may type any text, including command
keys, hotkeys, arrows, which makes the method ideal for continuous authentication (CA), to be run in
the background, while the user is interacting with the system. Recent studies propose a hybrid
approach for improving Free-text approach by using a subset of typed text as input for analysis. Free-
text authentication is considered as supplemental security control since it helps to identify the change
of legitimate user, particularly when an open session or an unlocked desktop are being intercepted by
an intruder. Free-text authentication is reliable since it is hard to forge it. An attacker needs to have
access to computer and availability to capture user behavior for a long period to collect data. In this
context, one of the factors that further affects the user behavior for a free-text keystroke template is
the computer input device, due to its layout and mechanical characteristics. As a result, keystroke
biometrics accuracy is affected when collected from different devices and therefore it is preferred in
scenarios where the user is regularly performing data input on the same computer, in areas such as
healthcare or finance.
Prior studies exhaustively evaluated the strength of keystroke dynamics authentication and
proposed a number of improvements focusing on the free-text authentication methods. Given the de-
facto description of computer systems, research focused exclusively on system-based, local
authentication, while the impact of remote interaction on free-text authentication has not been
considered. In this study, we investigate how the variability of network characteristics, delay in
particular, influence the calculation of user biometric keystroke dynamics patterns. We will perform
an experiment using the most commonly used remote display protocol Microsoft RDP to determine
how changes in the network load and resulting congestion influence the keystroke dynamics pattern,
in particular, the Euclidean distance value.
Following this introduction, section 2 of the paper provides a brief overview of research on
keystroke dynamics authentication system and protocols. Section 3 outlines the methodology for data
acquisition and processing. Section 4 provides a comparative analysis and comparison of the results,
to benchmark the actual impact of network path changes on the resulting biometric profile. Based on
this evaluation, Section 5 draws a discussion and further opportunities for research and Section 6
concludes the paper.
2. Literature review
Review of state-of-the-art in network protocols that implements remote display or so called thin
client functionality shows that network latency is one of the key factor characteristic that affects remote
display performance. Simoens provided in [1] an in-depth analysis of network latency and its impact of
user input events. In [2], the authors show that high network latency affects temporal characteristics of
the provided service and thus human perception. Long and Gutwin in their study [3] covers temporal
aspect of user input actions in network context and differentiate between local lag versus network lag,
which is also exist.
As can be inferred from their required functionality, one of the main performance indicators of
remote display infrastructure is their ability to transmit commands and render the screen in a near-real-
time fashion; as a result, low latency is critical to their success. A number of studies [4, 5]
�benchmarked how network latency impacts on the perceived performance in multiplayer Internet
games, more specifically how delays in interaction affect the movement, location, and actions of a
player.
Another subject of our research is biometric pattern based on the user keystroke dynamics. In this
area slightly more works but any work related to the application of the keystroke for remote access.
In [6] authors acquired keystroke types of the users, built biometric template called enrolment
vector, and then tested five matching methods presented by different researchers by comparing
enrolment vector with test vector. Experiment included only password typing template, the position of
the keys on the keyboard was not taking into account as well as any network or environmental
conditions. All results were obtained only by manipulation of the datasets that were collected from
users who typed several times password for experiment.
Miguel Lizarraga in [7] collected keystroke dynamics from set of the users, created template for
each user and then tested similarity of template and sample. The method of verification of the
similarity is developed by authors and based on mean and standard deviation of each feature. The
features extracted were three time-features of pressed keys (down-down, down-up, and up-down
times). They tested the efficiency of the verification algorithm for different situations: when user is
legitimate and when user is impostor.
In this work [8] the timing values from 10 users for typing of the password/username pair were
collected and presented. The users should login with the same credentials. The flight and hold time for
each user were analysed and showed the difference of the user’s biometric behaviour, some users typed
text faster, some slower. The further analysis of the obtained data with timing characteristics was not
provided.
In [9] the authors investigated the feasibility of using keystrokes for creating cryptography key for
files stored remotely in the cloud as alternative to the algorithmic key generation. The key based on the
biometry provides both authentication and integrity of data. The work showed the reliability of creating
a 256-bit key with biometric pattern. The results showed very low FAR parameter for keystroke-based
cryptography key.
Another work devoted to the authentication in the cloud [10] uses keystroke activity as one of the
input parameters for creating user template align with other host-based characteristic and network
flow-based features. Totally, authors used 36 features to form user profile. But only two features were
used to describe keystroke activity of the user: the key press-down time and the time interval between
two pressed keys.
Gunetti et.al. [11] and Monrose et.al. [12] analysed non-static biometric technique based on user
free-text typing dynamics. It is an attempt to consider using of keystroke dynamics for continuous
authentication. The user’s typing profiles were obtained using of digraph-specific measures, and in
[11] Imposter Pass Rate (IPR) and False Alarm Rates (FAR) have been calculated. This technique
provides useful information for user identification and authentication even when a long time has
passed since user profiles were formed.
In [13] the authors conducted static manipulation with the dataset of collected keystroke dynamics.
The time related features were extracted from the dataset, VKF is calculated based on the typing
speed. Using Genetic Algorithm and Support Vector Machines (SVM) algorithms the feature subset
selection was done from the reduced. Feature reduction rate and FAR were calculated using the
MATLAB.
Bajaj et.al. [14] and Yvonne J. et.al. [15] used timing characteristics of the keystroke as pressing
time, dwell time and total time of password entering. Then statistical method is used to calculate the
mean time. If value is above the threshold value, then access can be grated, otherwise access is
denied. In both papers the users were required to enter only password for collecting biometric pattern.
Literature review shows that only few works analysed free-text keystroke dynamics, and there are
no studies researching how characteristics of virtual desktop infrastructures affects free-text based
authentication. Moreover, most of the researchers used extraction of timing information from the raw
data for forming user profile, but some researchers rely only on two parameters, some use 3-4 timing
parameters to describe keystroke activity of the user. Only one work proposes using additional
parameter of key location on the keyboard for user profile that we will use in our research. The use of
four timing features with adjacency class for keys to authenticate users is novel. Therefore, we
conduct an experiment to investigate the impact of network and host characteristics on the user
�biometric profile based on keystroke dynamics and to derive the threshold for delay variation beyond
which the underlying behavioural biometric algorithms become ineffective.
3. Methodology
Null hypothesis is that network latency has no effect on consistency of behaviour pattern that is
calculated based on keystroke dynamics of user input. The first part of the methodology is to develop
input rendering engine for thin client, then implement algorithms to calculate biometric pattern from
real input keystroke dynamics in a VDI session, and then calculate distance for user reference and
current biometric pattern. Current biometric pattern will be obtained under different network
environmental conditions.
Thin client as part of VDI will capture input events from locally attached keyboard, transfer them to
remote desktop over a network protocols such TCP/IP and then replay or render input events on a
remote display to simulate, user input. The infrastructure of the remote session is showed in Figure 1.
Figure 1: Typed keystrokes, mouse clicks and devices data are sent to Remote Display in a raw
format in different TCP packets. Screen image and sound are sent back to thin client
We need to experiment with network protocol, network load, running processes on the remote host
and biometric pattern which is calculated from keystroke dynamics by an algorithm. The objective is
to study how network and host characteristics affect the keystroke dynamics user pattern.
3.1. Network generator
For the purpose of experimenting with network load the review of current state-of-art techniques
to generate network workload and measure network performance in VDI scenario has been made.
Using literature review four methods of network workload generation were identified and presented in
Table 1. The table reflects main characteristics of network simulation and tools that were used for
traffic generation. Most of the papers run experiments in testbed that includes network environment
close to VDI, where client computer accesses a service or data on a server via heterogeneous network.
The results showed that the network latency is the most popular parameter for network simulation
experiments, and many researchers [18, 20, 22] used D-ITG software to simulate controlled network
traffic. Several research [19,22] used OpenFlow protocol to retrieve network latency and loss rate
from network equipment. We will use D-ITG tool as traffic generator in our experiment.
�3.2. Dataset
The subject is represented by a dataset on natural human-computer interaction [11] that includes
keystrokes dynamics of 39 users and three typing patterns of each user resulting into a total of 122
typed keystrokes to be used as input data for creating user profile. This reference profile will be
compared with current user profile that is captured under different network and host performance. The
dataset contains keystroke-timing information from three different passwords, free-text questions (500
chars) and the transcript of Steve Jobs’ Commencement Speech split into two parts. Each user
performed the typing test in two separate laboratory sessions, with each session taking about one hour
and containing approximately ten thousand keystrokes.
Table 1
Research on using the traffic generator tools
Ref Latency Workload Speed, Delay, Packet VDI Year
Mbs ms loss, %
[17] DiffProbe DiffProbe 1‐100 ‐ 0.15‐1.68 Y 2010
[18] D‐ITG D‐ITG 1 1 1 Y 2012
[19] OpenFlow OpenFlow 100 10‐20 1 Y 2014
OpenNet‐Mon,
NetEm
[20] Yaz D‐ITG 7 300‐1000 n/a N 2018
[21] NorNet Netem, D‐ITG 10‐20 25‐400 1‐5 N 2018
[22] OpenFlow D‐ITG 30 5‐100 n/a N 2018
[23] Emulab D‐ITG 4 30 1 N 2019
3.3. Feature Extraction
In order to verify the impact of external impairments on the effectiveness of keystroke
authentication, we selected a recognised, successful method and applied it to both the raw initial
dataset and the new dataset, based on the received keystroke events. We followed the studies [7,16]
and used digraph latency for feature extraction. Features were computed for each key-pair using two
main values, specifically the press time (P) and the release time (R) of each key in milliseconds. Four
keystroke features were extracted from each key-pair for each user as shown in Figure 2:
1. Press-Release Time: Hold time for a key that define the time the key remains pressed.
2. Press-Press Time: Time interval between pressing two successive keys.
3. Release-Release Time: The interval between releasing two successive keys.
4. Release-Press Time: The interval between releasing and pressing two successive keys. This value
could be positive or negative according to when keystroke was pressed, before or after previous
key was released. That is why we will use absolute value of this feature.
�Figure 2: Timing features for the key pair
It is apparent only three of the four parameters are independent but, given there was no post-
processing applied to the data, the full set of four was maintained for completeness.
Before feature extraction, the dataset was ordered by grouping records from dataset according to the
keystroke value ci that first pressed and then released. The adjacency class was introduced as an input
to set the level of adjacency between two keys on the keyboard and allows to decrease the deviation
of the time values during feature extraction. Each row was labelled by the class parameter that
corresponds to one of the five adjacency classes and related to key-pair. This ordered dataset was used
for the extraction of the timing features, and the reference profile of a user is created for a particular
typing session, consisting of mean time characteristics for 121 digraphs (corresponds to 122
characters).
The difference in the assessment of the two profiles, the reference profile Pref and current Pt is
defined in Equation (1) and could be measured using different classification algorithms as statistical
algorithms and machine learning algorithms [11, 16, 24-27]. Few of the common statistical measures
are k-nearest neighbour, Euclidean distance, Manhattan distance, Mahalanobis distance, Bayesian
distance, statistical t-test, and degree of disorder. Among ML algorithms the common algorithms
include Neural Networks, SVM, Regression, Decision Tree, Random Forest, KNN, K-Means, Naive
Bayes.
distance = |Pref - Pt |/ Pref (1)
There are two approaches to calculate distance with several features for the authentication purpose.
First way is to calculate distance for summative vector with all features that corresponds to the user
profile, another way is to calculate distance value for each feature separately. The determination of
the threshold is an important issue in the methodology. The analysis of the real collected keystroke
data needs to be done to determine thresholds. The works [7, 16] showed that a user’s feature with a
higher variation demands a lower threshold, while a feature with a lower variation demands a higher
threshold. So, the threshold for each feature in each account is obtained based on its standard
deviation. Decision about an optimal threshold for each feature based on the a priori knowledge of
authentication system administrator and usually the task of determination of the threshold is simple
linear function maxima problem. In our work we do not consider decision-making part of the
matching phase, the user’s identification and authentication is out of scope. We only used an
Euclidean distance value as indicator for changes that happened with keystroke pattern under certain
conditions with variety of network and host characteristics.
3.4. Experiment setup
For the experiment, a network consisting of two routers, two switches and the client and server
side was constructed. On the client side:
Keystroke dynamic was simulated according to one of the profiles
Remote access to the system was initiated using one of the RD protocols.
� Remote server software was installed on the server side, the pattern recognition algorithms
program was launched and the received data was compared with the user reference model that was
obtained in advance and stored on the server.
The network latency was simulated between the client and the server using the D-ITG traffic
generator simulator. We can control and change this variable of latency during an experiment by
changing parameter C (intensity of traffic, packets/sec) and c (packet size, bytes) in D-ITG. Since
keystroke dynamics is transferred over the network then changing of traffic delays will predetermine
the temporal characteristics of the keystroke dynamics and as a result will affect a pattern. The
dependent variable is a biometric pattern.
Three types of the experiment were conducted performing the efficiency of keystroke dynamics:
Under increasing network latency
During transmission the files from remote desktop to the host
During watching the video on the remote desktop.
In the first experiment, the transmission channel was loaded with UDP traffic, which was
generated using D-ITG, there were two streams of the same intensity, the channel capacity was
reduced to 1mbps to obtain high delays in early iterations. To fix the behaviour of the system in the
normal state, baseline for the network of characteristics was measured in the absence of load. Further,
the network load increased due to an increase in the -C parameter in D-ITG until the packet loss
began to exceed 1%.
In the second experiment, the communication channel was not loaded with generated traffic, but
the keystroke data prompted for authentication was accompanied by copying the file from remote
desktop to the client machine.
In the third experiment, the biometrics authentication process was accompanied by watching a
fullHD video on the youtube channel on remote desktop.
4. Results
Process of the performing continuous authentication based on the keystroke dynamics was
implemented under different conditions. The difference between reference biometric user profile and
current obtained during experiment was estimated by its distance value that shows similarity of two
patterns, and summary is showed in the Table 1.
Table 1
Results of the experiment
Experiment 1 2 3 4 5 6 7
C parameter 0 10..100 110 110, 115
D‐ITG [pkts/s
Additional Mouse Copying Watching
actions moves on file video
RDP
window
Av. Euclidean 1.068 1.07 1.074 1.77 3.2 2.12 3
distance
Av. packet loss, 0 0 0 0.14 3.6 n/a n/a
%
Av.delay, ms <1 <10 10.5 64 370 n/a n/a
As shown by the first three experiments, the impact of low or medium congestion is minimal on the
resulting keystroke dynamics parameters, as the Euclidian distance of experiments 2 and 3 is
comparable to the baseline obtained in experiment 1. In the case of experiment 3, the measured
average bitrate was 901 kb/s, which is close to the bottleneck bandwidth for the testbed, still with
minimal impact on the Euclidian distance between the original vector and the one collected at the
RDP server. Although the channel utilisation was rather high, there was no packet loss recorded and
the average delay (10.5ms) and jitter (3.2ms) were also low. In order to see the behaviour of the
�channel under heavy congestion, the data flows were further increased to an average bitrate of
916kb/s, leading to a bottleneck link utilisation of 91.7% and subsequently increasing the average
delay (370ms); given the additional traffic was CBR, the jitter varied only slightly, increasing to
3.7ms.
The last three experiments involved a combination of RDP-based interaction, RDP-based traffic,
and bandwidth limitations. Experiment 5 was similar to the original conditions, running through a
limited 1Mbps bandwidth, but included additional activity on the remote display, more specifically
random fast window movements for an open application. This affected slightly the average delay,
increasing it to 64 ms, but had a slightly more significant impact on jitter (7ms) and packet loss,
which increased to 0.14%. While none of the individual parameters increased significantly, the
resulting Euclidian distance varied by a significant factor of 1.77. Experiments 6 and 7 also
investigated the impact of additional RDP activities onto the keystroke timings but using a non-
restricted 100Mbps link. For experiment 6, a text file was transmitted from the remote machine to the
client machine via RDP, while experiment 7 generated additional traffic by streaming a video from
the remote machine to the thin client. The video chosen for experiment 7 was an HD 1080p video,
with bitrate varying between 4000-8000kbps; while this is indeed the bitrate between the YouTube
server and the RDP server, optimised for the bandwidth between the two endpoints, not the same can
be said about the link between the RDP server and the client, which uses non-optimised video
communication between the them. As a result, it is likely that the down-streaming from the server to
the client is higher in terms of bitrate.
5. Discussion
The results showed that increasing the channel load with UDP traffic to a certain level does not
affect the biometric pattern. This could be explained by the fact that UDP traffic is non-bursty,
smooth, and the standard deviation and jitter values are relatively small [28, 29]. But when the
channel utilization goes beyond 0.9 (as it is the case for experiments 3-5) the throttling algorithm is
starting to work causing a packet loss. This affects the keystroke pattern and the similarity coefficient
changes from 1 to 1.7 even with small packet loss values of 0.15-0.5%.
The keystroke dynamics pattern is also affected by the value of standard deviation and jitter, as
demonstrated where the transmission of RDP keyboard events is concurrent with events from the
VDI. In this case, the average delay was within normal limits but the deviation in delay values was
almost two times greater (100 msec). From this, we can conclude that such an effect will be caused by
applications running on TCP, since TCP traffic is characterized as bursty, greedy, and is more
resistant to delays, but has large jitter values due to its nature [30,31].
When the network load approaches bandwidth the network latency increases to an unacceptable
370msec (ITU-T recommendation for UDP traffic network latency is less than 150ms) and packet loss
occurs. This leads to a modification of the timing information required for user current biometric
pattern, as a result, the similarity coefficient has a very large distance value which means that the user
is most likely not to be identified.
Additional actions such as copying and watching videos on the remote display also significantly
affect the keystroke pattern which means that biometrics dynamics are transmitted with the same
priority as the rest of the traffic and are served in a queue. From this we can conclude that continuous
authentication will be not effective in this situation.
Not prioritizing of RDP messages that carry biometric information can be explained by the fact
related to the functioning/processing of keyboard events. Keyboard messages often have a low priority
over other operations such as file management [32]. This is evident when typing in a word processor. If
there is any disk activity when typing, the text being written is held in a buffer until such time that the
processor is free to deal with it (causing the display to pause and then the 7 characters appearing). In
order to achieve the high accuracy of timing between keystrokes, the keyboard driver and timing
device need a high priority in order not to be affected by other activities.
�6. Conclusion
This paper presents assessment of the applicability of keystroke dynamics for continuous and one-
time authentication in the remote desktop applications and VDI. The combination of four features
(Press-Release, PP, RR, RP times) were collected to form a user profile that was object of the
experiments. This profile was compared with the current user profiles obtained during experiments
under increasing network latency, during transmission the files from remote desktop to the host and
during watching the video on the remote desktop. The similarity of two profiles was assessed using
Euclidean distance.
We found that the pattern is not affected by network latency that approved our null hypothesis; but
by the values of its standard deviation, jitter, and packet loss. This means that working with
applications that require TCP transmission on the remote desktop will have a greater effect on the
pattern than UDP based ones. It can also be concluded that data transmitted via RDP is not priority
traffic which means that as of today, it is impossible to use keystroke dynamic based pattern for
continuous authentication for remote access. For one-time authentication at the beginning of the
session it is possible to use keystroke pattern when there is no other running application or open
windows that can affect the pattern.
But for future, that needs to be reconsidered and modified the RDP protocol in order to take into
account the prioritizing of the traffic that is necessary for transmission of biometric information. It is
very important in the situation we are faced now, during coronavirus, caused social isolation and
needs to work remotely. The biometric identification and authentication based on the keystroke
dynamics could be great solution for control the remote access.
7. References
[1] P. Simoens, B. Vankeirsbilck, L. Deboosere, F. A. Ali, F. D. Turck, B. Dhoedt, and P.
Demeester, Upstream bandwidth optimization of thin client protocols through latency-aware
adaptive user event buffering, Int. J. Communication Systems 24 (2011): 666–690.
[2] Md Liakat Ali, John V Monaco, Charles C Tappert, and Meikang Qiu, Keystroke biometric
systems for user authentication, Journal of Signal Processing Systems, 86(2-3):175–190, 2017
[3] M. Long and C. Gutwin, Characterizing and modeling the effects of local latency on game
performance and experience, in: Proceedings of the 2018 Annual Symposium on Computer-
Human Interaction in Play, 2018, pp. 285–297.
[4] D. Stuckel, C. Gutwin, The effects of local lag on tightly-coupled interaction in distributed
groupware, in: Proceedings of ACM conference on Computer, CSCW '08, 2008, pp. 447–
456.
[5] K. Almeroth, J. Nelson, On the impact of delay on real-time multiplayer games, in:
Proceedings of 12th International Workshop on Network and Operating Systems Support for
Digital Audio and Video (NOSSDAV'02), 2002, pp. 23-29.
[6] R. Giot, M. El-Abed and C. Rosenberger, Keystroke dynamics authentication for
collaborative systems, in Proceedings of 2009 International Symposium on Collaborative
Technologies and Systems, 2009, pp. 172-179.
[7] Livia C. F. Araújo, Luiz H. R. Sucupira Jr., Miguel G. Lizárraga, Lee L. Ling, Andjoão B. T.
Yabu-Uti, “User Authentication Through Typing Biometrics Features," IEEE Transactions on
Signal Processing 53(2) (2005): 851-855.
[8] P. V. Pawar, Static User Authentication through Typing Behavior, International Journal of
Latest Trends in Engineering and Technology 4(1) (2014): 144-148.
[9] L. Abed, N. Clarke, B. Ghita, A. Alruban, Securing Cloud Storage by Transparent Biometric
Cryptography, in: J.L. Lanet, C. Toma (Eds.), Innovative Security Solutions for Information
Technology and Communications, volume 11359 of LNCS, Springer, Cham, 2018, pp.97-
108. doi: 10.1007/978-3-030-12942-2_9.
[10] W. Liu, A. S. Uluagac and R. Beyah, MACA: A privacy-preserving multi-factor
cloud authentication system utilizing big data, in Proceedings of IEEE Conference on
Computer Communications Workshops (INFOCOM WKSHPS), 2014, pp. 518-523.
�[11] D. Gunetti, C. Picardi, and G. Ruffo, Keystroke Analysis of Different Languages: A
Case Study, in: A.F. Famili, J.N. Kok, J.M. Peña, A. Siebes, A. Feelders (Eds.), Advances in
Intelligent Data Analysis, volume 3646 of Lecture Notes in Computer Science, Springer,
Berlin, Heidelberg, 2005, pp. 133-144. doi:10.1007/11552253_13.
[12] F. Monrose, A. Rubin, Keystroke dynamics as a biometric for authentication, Future
Generation Computer Systems 16 (2000): 351-359.
[13] K. Senathipathi, K. Batri, Keystroke Dynamics Based on Human Authentication
System using Genetic Algorithm, European Journal of Scientific Research 82(3) (2012): 446-
459.
[14] S. Bajaj, S. Kaur, Typing Speed Analysis of Human for Password Protection (Based
on Keystrokes Dynamics), International Journal of Innovative Technology and Exploring
Engineering 3 (2) (2013): 88-91.
[15] Y.J. Stark, M.R. Kellas-Dicks. Incorporating False Reject Data into Templates for
User Authentication. US Patent US8533486B1, 2013.
[16] A. Alsultan, K. Warwick, H. Wei, Improving the Performance of Free-text Keystroke
Dynamics Authentication by Fusion, Applied Soft Computing, 70 (2018): 1024-1033.
[17] K. Partha, and C. Dovrolis, Diffprobe: detecting ISP service discrimination, in:
Proceedings of IEEE INFOCOM, San Diego, CA, USA, 2010, pp. 1-9, doi:
10.1109/INFCOM.2010.5461983.
[18] A. Botta, A. Dainotti, A. Pescapè, A tool for the generation of realistic network
workload for emerging networking scenarios, Computer Networks (Elsevier) 56 (15) (2012):
3531-3547.
[19] N. L. M. van Adrichem, C. Doerr and F. A. Kuipers, Opennetmon: Network
monitoring in openflow software-defined networks, in IEEE Network Operations and
Management Symposium (NOMS), Krakow, Poland, 2014, pp. 1-8, doi:
10.1109/NOMS.2014.6838228.
[20] G. Aceto, F. Palumbo, V. Persico and A. Pescape, Available Bandwidth vs.
Achievable Throughput Measurements in 4G Mobile Networks, in: 14th International
Conference on Network and Service Management (CNSM), Rome, Italy, 2018, pp. 125-133.
[21] S. Ferlin, S. Kucera, H. Claussen and Ö. Alay, MPTCP Meets FEC: Supporting
Latency-Sensitive Applications Over Heterogeneous Networks, IEEE/ACM Transactions on
Networking, 26 (5) (2018): 2005-2018, doi: 10.1109/TNET.2018.2864192.
[22] H. Tahaei, R. B. Salleh, M. F. Ab Razak, K. Ko and N. B. Anuar, "Cost effective
network flow measurement for software defined networks: A distributed controller scenario."
IEEE Access 6 (2018): 5182-5198.
[23] V. Vu Anh, and B. Walker, Redundant Multipath-TCP Scheduling with Desired
Packet Latency, in: Proceedings of the 14th Workshop on Challenged Networks, Oct 2019,
pp. 7-19.
[24] P. Kang, S. Cho, Keystroke dynamics-based user authentication using long and free
text strings from various input devices, Inf. Sci., 308 (2015): 72-93.
[25] J. Huang, D. Hou, S. Schuckers, T. Law and A. Sherwin, Benchmarking keystroke
authentication algorithms, in: IEEE Workshop on Information Forensics and Security
(WIFS), Rennes, France, 2017, pp. 1-6, doi: 10.1109/WIFS.2017.8267670.
[26] A. Carlsson, I. Kuzminykh, R. Franksson, A. Liljegren, Measuring a LoRa Network:
Performance, Possibilities and Limitations, in: O.Galinina, S.Andreev, S. Balandin, Y.
Koucheryavy (Eds.), Internet of Things, Smart Spaces, and Next Generation Networks and
Systems, volume 11118 of LNCS, Springer, Cham, 2018.
[27] I. Kuzminykh, D. Shevchuk, S.Shiaeles, B. Ghita, Audio Interval Retrieval Using
Convolutional Neural Networks. In: O. Galinina, S. Andreev, S. Balandin, Y. Koucheryavy
(Eds.), Internet of Things, Smart Spaces, and Next Generation Networks and Systems,
NEW2AN 2020, ruSMART 2020, volume 12525 of LNCS, Springer, Cham, 2020.
[28] T. Bakhshi and B. Ghita, Traffic Profiling: Evaluating Stability in Multi-device User
Environments, in: Proccedings of 30th International Conference on Advanced Information
Networking and Applications Workshops (WAINA), Crans-Montana, Switzerland, 2016, pp.
731-736, doi: 10.1109/WAINA.2016.8.
�[29] T. Lebedenko, M. Ievdokymenko, A.S. Ali, Research of Influence Flow
Characteristics to Network Routers Queues Utilization, in: Proceedings of 1st International
Conference Advanced Information and Communication Technologies, Lviv, Ukraine, 2016,
pp.111-112.
[30] H.Oudah, B.Ghita, T. Bakhshi, A Novel Features Set for Internet Traffic
Classification using Burstiness, in: Proceedings of the 5th International Conference on
Information Systems Security and Privacy, Prague, Czech Republic, 2019, pp. 397-404,
doi:10.5220/0007384203970404.
[31] I. Kuzminykh, B. Ghita, A. Silonosov, Impact of Network and Host Characteristics
on the Keystroke Pattern in Remote Desktop Sessions, arXiv preprint arXiv:2012.03577,
2020.
[32] R. Shorrock, D. J. Atkinson, S. S. Dlay, Biometric verification of computer users
with probabilistic and cascade forward neural networks, URL:
https://pdfs.semanticscholar.org/9825/90e785721f5dae5e53183b97c028a996544e.pdf.
�