Behavioral Biometry as a Cyber Security Tool Maryna Chyzhevska1, Nataliia Romanovska2, Andrii Ramskyi3, Vitalii Venger2, and Mykola Obushnyi4 1 National University “Yuri Kondratyuk Poltava Polytechnic,” 24 Pervomaiskyi ave., Poltava, 36011, Ukraine 2 State Institution “Institute for Economics and Forecasting, NAS of Ukraine,” 26 Panasa Myrnoho str., Kyiv, 01011, Ukraine 3 Borys Grinchenko Kyiv University, 18/2 Bulvarno-Kudriavska str., Kyiv, 04053, Ukraine 4 Taras Shevchenko National University of Kyiv, 60 Volodymyrska str., Kyiv, 01033, Ukraine Abstract With the intensification of digitalization of all processes and activities, the issue of information protection and increasing the level of cyber security is becoming important. Particular attention in this aspect should be focused on the field of queuing. The article provides a brief overview of digital transformation and data protection, which shows that the largest share is occupied by accidents of server equipment, infrastructure / network equipment, applications, data storage system equipment and cyber attacks. The authors focus on key aspects and trends related to the cyber threat landscape; argued the need to introduce new tools for biometric identification and authentication, the most promising of which is behavioral biometrics. The proposed comparative characteristic of types of behavioral biometrics allowed to define spheres of their application and to reveal the drawbacks and advantages. Keywords 1 Cybers security, cyber attack, cyber threats, identification, authentication, digitalization, behavioral biometrics. 1. Introduction The last two years have been significant for the whole world in the paradigm shift of public communications, which has led to the intensification of their digitalization. Despite the fact that traffic in certain industries and activities has decreased, the number of fraudsters remains the same or even increases. This makes the security situation much more complex and dynamic, as new threats become much larger than before. There is a need to develop new approaches to effective technical solutions and take into account the problem of cyber security. In addition, the global COVID-19 pandemic and the resulting quarantine restrictions have changed the global communication landscape and approaches to the use of digital services. Businesses and consumers around the world are forced to respond quickly to changing realities. 2. Digital Transformation and Data Protection 2.1. The Main Problems of Cyber Security Following the landmark attacks on SolarWinds in December 2020 and Microsoft Exchange in January 2021, new attempts have been made in recent months. The operators of the extortionist programs carried out incidents with high consequences - at Colonial Pipeline and JBS Foods, at Quanta, Acer and Kaseya - and demanded ever higher ransoms. CPITS-II-2021: Cybersecurity Providing in Information and Telecommunication Systems, October 26, 2021, Kyiv, Ukraine EMAIL: marfin.poltava@gmail.com (M. Chyzhevska); romnatalina@gmail.com (N. Romanovska); a.ramskyi@kubg.edu.ua (A. Ramskyi); vengerv@ukr.net (V. Venger); mobushnyy@gmail.com (M. Obushnyi) ORCID: 0000-0003-1637-9564 (M. Chyzhevska); 0000-0002-1377-7551 (N. Romanovska); 0000-0001-7368-697X (A. Ramskyi); 0000- 0003-1018-0909 (V. Venger); 0000-0002-9121-5095 (M. Obushnyi) ©️ 2022 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0). CEUR Workshop Proceedings (CEUR-WS.org) 88 For industrial organizations, the number of attacks by extortionist programs increased by 500% in the period from 2018 to 2021, and another 116% - only in the period from January to May 2021 [1]. A total of 20120074547 records were broken. In early 2021, Veeam conducted extensive research on data protection. Based on the results, the Veeam Data Protection Report-2021 was written (Table 1). The data show that the largest share is occupied by accidents of server equipment, infrastructure / network equipment, applications, storage system equipment and cyber attacks. According to Forbes, in 2020, 1120 leaks and cyber attacks were recorded. Most of these incidents have been reported by the world's leading media. Table 1 Causes of equipment failure and disconnection of services, % Indicator Causes of The most The most accidents important for 2020 important for 2021 Server equipment failure 57 13 12 Infrastructure / network equipment 57 8 16 failure Application crash 56 6 11 Data storage system hardware failure 51 15 8 Cyber attacks 51 7 16 Operating system failure 50 22 9 Administrator error in settings 46 6 6 Public cloud failure 45 10 8 Accidental deletion, overwriting or 44 3 8 data corruption Intentional actions by the 37 8 5 administrator or user 2.2. Cyber Threats During the COVID-19 Pandemic Countries, organizations and citizens have been greatly affected by the COVID-19 pandemic, which has changed the conditions of activity, the activity itself and even life as a whole. Note that most cyber attacks are usually not publicized due to reputational risks, and therefore it is extremely difficult to calculate the exact number of threats, even for organizations involved in investigating incidents and analyzing the actions of hacker groups. Most of these studies aim to draw the attention of organizations and ordinary citizens who are interested in the current state of information security, to the most relevant methods and motives of cyber attacks as well as to identify major trends in the change of the landscape of cyber threats [2]. Let’s highlight key aspects and trends related to the cyber threat landscape [3–5]:  during the COVID-19 pandemic, the number of fake websites for online shopping and fraudulent online sellers increased. From copies of popular brand websites to fraudulent services that never supply the product, the corona virus has identified weaknesses in the trust model used in online stores;  with the COVID-19 pandemic, the number of cyber bullying and extortion cases has also increased. The introduction of mobile technologies and subscriptions to digital platforms make both the younger generation and the elderly more vulnerable to these types of threats;  fraudsters use social media platforms to increase the effectiveness of targeted attacks, and financial rewards are still the main motivation for most cyber attacks;  clearly targeted and ongoing attacks on valuable data, such as intellectual property and state secrets, are carefully planned and often carried out by state-funded entities. Massive attacks with a short duration and wide impact are used for various purposes, such as, for example, theft of credentials; 89  the number of phishing victims in the EU continues to rise when criminals use the COVID-19 theme to lure “customers.” COVID-19-themed attacks include messages and file attachments that contain malicious links to redirect users to phishing sites or malware;  business e-mail manipulation and attacks are used in cyber fraud, resulting in the loss of millions of Euros for EU citizens and corporations. European small and medium-sized enterprises have also fallen victim to these threats;  many cases of cyber security still go unnoticed or are detected over time. The number of potential threats in the virtual or physical environment continues to expand as a new phase of digital transformation emerges. Organized crime groups are taking advantage of the situation, uncertainty and doubts caused by COVID-19 and inventing new ways to pose threats to IT and cyber security. In turn, businesses and people want to have more information and support and be protected. Consumers want more control over personal information and guarantees about its security in terms of content and secrecy from third parties [6–9]. 3. Biometric Information Protection 3.1. Biometric Authentication Technologies In these conditions the use of biometrics as an effective means of confirming the correctness of identification is important in solving queuing problems. It is quite attractive for an organization to control any access, as biometrics provides a high level of authentication and can be integrated into any access control system with different keys and passwords [10]. Threats to biometric systems can occur in the form of fictitious data transmission, when an attempt is made to undermine the principles of system security by providing natural biometric characteristics or artifacts that contain copied or forged characteristics in the middle. Control access systems can be divided into three classes according to what a person has to present: what he or she knows; what he or she owns; what is part of himself/ herself. Biometrics uses scientifically justified methods to describe and measure the characteristics of the body of living beings [11]. In relation to automatic identification systems, the term “biometric” means that these systems and methods are based on the use of unique qualities of the human body for identification and authentication. Biometric identification is often called real authentication because it is based on a person's personal characteristics, not on virtual keys or passwords. A feature of biometric identification is the large size of biometric databases: each of the samples is compared with all available records in the database. For use in real life, such a system requires a high speed comparison of biometric characteristics. Two methods of authentication are used in biometrics: 1. Verification:  measurement data are compared with one record offered by an external identifier (nickname, password or other identifier) from the database of registered users; 2. Identification:  the measurement data is compared with all entries in the database of registered users, and not only with one of them, selected on the basis of the identifier. The main purpose of biometrics is to create a registration system that rarely denies access to legitimate users and at the same time completely eliminates the possibility of authorization of attackers. 3.2. Features of Application of Behavioral Biometrics Modern authentication technology is behavioral biometrics, which involves the collection of a variety of data [12,13]. For example, a smart phone that collects behavioral information may obtain multiple measurement points to estimate the likelihood of fraudulent activity, while static biometrics provides less raw data [14]. The combination of behavioral characteristics in different mathematical algorithms makes it possible to obtain a more multifaceted user profile, which allows you to weed out fraudsters. Its value lies in the fact that it can detect fraud at an early stage before the cyber attack. 90 Behavioral biometrics can be adapted to a variety of devices, including smart phone operating systems as a whole, not just applications. Each person has unique features of interaction with their digital devices: the speed of typing on the keyboard, the force of pressing or the angle at which the fingers move across the screen. It is almost impossible to reproduce such behavior by any another person. While behavioral biometrics is most commonly used by banks and financial institutions today, experts are expected to use it in e-commerce, online services, healthcare, government and in many more spheres in the near future [15]. Of course, as in any promising technology, there are pros and cons. Among the first are: inaccuracies in identification due to the fact that user behavior is not always constant, which is associated with, for example, fatigue, intoxication, malaise or haste, as well as the availability of many personal data to determine standard behavior of a user. The positive features include the fact that each user has their own unique set of behavioral characteristics that are analyzed; to perform the identification does not require a change in the script intended for the user: the method of seamless integration; increased recognition accuracy in multifactor identification systems [16]. There are several methods of behavioral biometrics [17]. Their comparative characteristics are presented in Table 2. Table 2 Methods of behavioral biometrics Security Usage Industry level / Method Description scenarios or Pros Cons leaders accurac scope y level Keystroke Brings Typing DNA, ID Device user High/hig No special The rhythm dynamics standard Control, identification, h equipment of typing may passwords to BehavioSec part of required; change due a new level by multifactor speed and to fatigue, tracking the authenticatio safety; illness, rhythm of n, is used for difficult to exposure to their input. surveillance copy by drugs or Such sensors observation alcohol, can respond changes in to the time the keyboard; required to it is not press each possible to key, the delay identify the between the same person keys, the using number of different characters keyboard entered per layouts minute, etc. Keyboard templates work with passwords and PINs to increase security. Signature A pen and a Aerial, Redrock Verification High/ It is almost High error recognitio special tablet Biometrics, and average impossible rate until the n connected to Sense, Oxford authorization to forge; user gets a computer University, of documents, Widesprea used to the are used to identification d in notebook for 91 compare and Mobbeel in the banking business signing; hand check sector practice; injuries can patterns. A fast and affect the high-quality safe; recognition tablet can ease of accuracy capture integration behavioral characteristic s such as speed, pressure, and time spent signing. At the registration stage, a person must sign up several times on a tablet to collect data. Then, signature recognition algorithms extract unique characteristic s such as time, pressure, speed, direction of impact, important points on the signature path, and signature size. The algorithm assigns different degrees of importance to these points Recognitio The user must Apple Inc, Telephone High/low Ease of Sensitivity of n of the say the word Microsoft, and Internet integration; technology to speaker or phrase into Google LLC transactions, fast quality of a the audio recognition microphone microphone. signatures for time; and noise; This is digital contactless risk of necessary to documents, scanning counterfeitin obtain a online g sample of education human systems, language. The emergency electrical services signal of the 92 microphone will be converted to digital using an analog-to- digital converter. It is written to computer memory in the form of a digitized sample. The computer then compares and tries to compare the voice of the person speaking with the stored digitized sample and identifies the person. Speaker recognition focuses on the context of the phrase said by the user, not on the recognition of his voice Voice Voice Nuance Online High/low Ease of Risk of recognitio recognition Communication banking integration; counterfeitin n function s, Google LLC, sector, fast g; inability to compares a Amazon.com, emergency recognition reduce spoken Apple Inc. services, call time; external phrase to a center contactless noise; digital recognition, scanning. problems pattern. It is high demand . with used as a for voice recognition means of recognition in accuracy identification healthcare and authenticatio n in security systems such as access control and timekeeping. The system creates digital 93 templates with a very high probability of correct interpretation . Each person's voice includes physiological and behavioral characteristic s. Physiological aspects depend on the size and shape of the mouth, throat, larynx, nasal cavity, body weight and other factors. Behavioral traits depend on language, level of education and place of residence, which can lead to certain intonations, accents and dialects Recognitio Stroke SFootBD, Medicine and Low/low Contactless Not as n on the biometrics Watrix, Cometa criminology scanning; reliable as go captures step Srl possibility other patterns using to cover a biometric video and large area; methods; then converts fast clothing and the mapped recognition footwear can data into a time. affect the mathematical Technology accuracy of equation. This is evolving recognition type of rapidly biometrics is invisible, making it ideal for mass crowd monitoring. Another 94 advantage is that these systems can quickly identify people at a long distance Movement Lip Hong Kong Can be used High/low Contactless The of lips` recognition is Baptist to improve scanning; technology is recognitio one of the University, security fast being refined n newest forms AimBrain, Liopa systems and recognition of biometric complement time; verification. biometrics increases Just as a deaf such as face the person can recognition, accuracy of track the retina recognition movement of scanning, and in the fingerprinting combinatio interlocutor's n with lips, biometric other forms systems of record the biometrics activity of the muscles around the mouth, forming a pattern of movement. Biometric sensors of this type often require the user to repeat the password to determine the appropriate lip movements, and then allow or deny access based on a comparison with the recorded sample. Biometric data can be stored on different media depending on the type and specific biometric technology. Data can be stored on a biometric database server as part of public infrastructure or can be physically distributed to private companies. Biometric data can also be stored on smart phones that use fingerprint and face recognition technology. None of the above personal characteristics of an individual can be compared in reliability of recognition with the genetic code of a person. However, practical methods of identification that use the 95 unique features of fragments of the genetic code are currently rarely used due to their complexity and high cost. 4. Conclusions Thus, the identification of the individual as the consumer of information is becoming increasingly important. It explains the huge interest in biometric technologies and the role of information, and hence its protection from unauthorized access. They are quite attractive for the organization in charge of access, as they provide a high level of authentication, can be integrated into any access control system simultaneously with different keys and passwords. 5. References [1] Dangerous extortionist programs attack: how not to become the next victim. https://eset.ua/ua/news/view/903/opasnyye-programmy-vymogateli-atakuyut-kak-ne-stat- sleduyushchey-zhertvoy [2] M.TajDini, et al., Wireless Sensors for Brain Activity—A Survey. In Electronics, Vol. 9, Issue 12, 2092. MDPI AG., 2020. https://doi.org/10.3390/electronics9122092 [3] Z. B. Hu, et al., Authentication System by Human Brainwaves Using Machine Learning and Artificial Intelligence. In Advances in Computer Science for Engineering and Education IV, 374– 388, 2021. https://doi.org/10.1007/978-3-030-80472-5_31 [4] H. Shevchenko, et al., Information security risk analysis SWOT, in: Workshop on Cybersecurity Providing in Information and Telecommunication Systems, CPITS, vol. 2923, 309–317, 2021. [5] The threat of cyberattacks is growing due to the pandemic: EU report. https://yur- gazeta.com/golovna/zagroza-kiberatak-zrostae-cherez-pandemiyu-zvit-es.html [6] V. Buriachok, V. Sokolov, P. Skladannyi, Security rating metrics for distributed wireless systems, in: Workshop of the 8th International Conference on "Mathematics. Information Technologies. Education": Modern Machine Learning Technologies and Data Science (MoMLeT and DS), vol. 2386, 222–233, 2019. [7] D. Berestov, et al., Analysis of features and prospects of application of dynamic iterative assessment of information security risks, in: Workshop on Cybersecurity Providing in Information and Telecommunication Systems (CPITS), vol. 2923, 329–335, 2021. [8] F. Kipchuk, et al. Investigation of Availability of Wireless Access Points based on Embedded Systems. 2019 IEEE International Scientific-Practical Conference Problems of Infocommunications, Science and Technology (PIC S&T), 2019. https://doi.org/10.1109/picst47496.2019.9061551 [9] V. Astapenya, et al., Analysis of Ways and Methods of Increasing the Availability of Information in Distributed Information Systems. In 2021 IEEE 8th International Conference on Problems of Infocommunications, Science and Technology (PICST), 2021. IEEE. https://doi.org/10.1109/picst54195.2021.9772161 [10] L. Banga, S. Pillai, Impact of Behavioural Biometrics on Mobile Banking System, Journal of Physics: Conference Series, Vol. 1964, 2021. https://iopscience.iop.org/article/10.1088/1742- 6596/1964/6/062109/pdf [11] M. Shopon; S.N. Tumpa; Y. Bhatia; K.N. Pavan Kumar; M.L. Gavrilova. Biometric Systems De- Identification: Current Advancements and Future Directions. J. Cybersecur. Priv. 2021, 1, 470– 495. [12] A. Dantcheva; P. Elia; A. Ross. What else does your biometric data reveal? A survey on soft biometrics. IEEE Trans. Inf. Forensics Secur. 2015, 11, 441–467. [13] M. Sultana; P.P. Paul; M. Gavrilova. Social behavioral biometrics: An emerging trend. Int. J. Pattern Recognit. Artif. Intell. 2015, 29, 1556013. [14] S.N. Tumpa; K.P. Kumar; M. Sultana; G.S.J. Hsu; O. Yadid-Pecht; S. Yanushkevich; M.L. Gavrilova. Social Behavioral Biometrics in Smart Societies. In Advancements in Computer Vision Applications in Intelligent Systems and Multimedia Technologies; IGI Global: Hershey, PA, USA, 2020; pp. 1–24. 96 [15] F. Bahmaninezhad; C. Zhang; J.H. Hansen. Convolutional Neural Network Based Speaker De- Identification. Odyssey, 2018, 255–260. https://www.semanticscholar.org/paper/Convolutional- Neural-Network-Based-SpeakerBahmaninezhad- Zhang/f2cd2f81b188166058ea04b454a4c59135d744a5 [16] Y.R. Vampolskiy, V. Govindaraju. Behavioural biometrics: a survey and classification, Int. J. Biometrics, 2008, Vol. 1, No. 1, 81–113. [17] A.K. Anil, K. Jain, Biometrics of Next Generation—An Overview. http://biometrics.cse.msu.edu/ Publications/GeneralBiometrics/JainKumarNextGenBiometrics_BookChap10.pdf 97