{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,19]],"date-time":"2026-06-19T18:21:20Z","timestamp":1781893280335,"version":"3.54.5"},"reference-count":38,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2022,11,21]],"date-time":"2022-11-21T00:00:00Z","timestamp":1668988800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2022,11,21]],"date-time":"2022-11-21T00:00:00Z","timestamp":1668988800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Big Data"],"abstract":"<jats:title>Abstract<\/jats:title><jats:p>As the inter-connectivity in cyberspace continues to increase exponentially, privacy and security have become two of the most concerning issues that need to be tackled in today\u2019s state of technology. Therefore, password-based authentication should no longer be used without an additional layer of authentication, namely two-factor authentication (2FA). One of the most promising 2FA approaches is Keystroke Dynamics, which relies on the unique typing behaviour of the users. Since its discovery, Keystroke Dynamics adoption has been continuously growing to many use cases: generally to obtain access to a platform through typing behaviour similarity, into a continuous keystroke monitoring on e-learning or e-exams platforms to detect illegitimate participants or cheaters. As the adoption of Keystroke Dynamics continues to grow, so does the threats that are lurking in. This paper proposes a novel exploitation method that utilizes computer vision to extract and learn a user\u2019s typing pattern just from a screen-recorded video that captures their typing process. By using a screen-recorded video, an attacker could eliminate the needs to inject a keylogger into the victim\u2019s computer, thus rendering the attack easier to perform and more difficult to detect. Furthermore, the extracted typing pattern can be used to spoof a Keystroke Dynamics authentication mechanism with an evasion rate as high as 64%, a considerably alarming rate given the impact it yields if the attacks are successful, which allows an attacker to pretend, mimic, and falsely authenticate as the victim (i.e., total account takeover). This paper also shows that from a screen-recorded video, one can produce a staggering statistical similarity in keystroke timing patterns as if they used an actual keylogger, and the extracted patterns can be potentially used to spoof the Keystroke Dynamics authentication service. To the author\u2019s best knowledge, there is no precedence of previous research that suggests this kind of attack (i.e. using video to spoof keystroke dynamics). This research can be used as the baseline for future research in this area.<\/jats:p>","DOI":"10.1186\/s40537-022-00662-8","type":"journal-article","created":{"date-parts":[[2022,11,23]],"date-time":"2022-11-23T00:12:06Z","timestamp":1669162326000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":10,"title":["Spoofing keystroke dynamics authentication through synthetic typing pattern extracted from screen-recorded video"],"prefix":"10.1186","volume":"9","author":[{"given":"Chrisando Ryan Pardomuan","family":"Siahaan","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Andry","family":"Chowanda","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2022,11,21]]},"reference":[{"key":"662_CR1","doi-asserted-by":"crossref","unstructured":"De\u00a0Luca A, Denzel M, Hussmann H. Look into my eyes! can you guess my password? In: Proceedings of the 5th Symposium on Usable Privacy and Security; 2009. p. 1\u201312.","DOI":"10.1145\/1572532.1572542"},{"key":"662_CR2","unstructured":"Lashkari AH, Farmand S, Zakaria D, Bin O, Saleh D et al. Shoulder surfing attack in graphical password authentication. arXiv preprint arXiv:0912.0951 2009."},{"issue":"12","key":"662_CR3","doi-asserted-by":"publisher","first-page":"3086","DOI":"10.1109\/TIFS.2019.2911171","volume":"14","author":"D Shukla","year":"2019","unstructured":"Shukla D, Phoha VV. Stealing passwords by observing hands movement. IEEE Trans Inform For Secur. 2019;14(12):3086\u2013101.","journal-title":"IEEE Trans Inform For Secur"},{"key":"662_CR4","doi-asserted-by":"crossref","unstructured":"Sun Y, Upadhyaya S. Synthetic forgery attack against continuous keystroke authentication systems. In: 2018 27th International Conference on Computer Communication and Networks (ICCCN), 2018. p. 1\u20137.","DOI":"10.1109\/ICCCN.2018.8487341"},{"key":"662_CR5","doi-asserted-by":"crossref","unstructured":"Mhenni A, Migdal D, Cherrier E, Rosenberger C, Amara NEB. Vulnerability of adaptive strategies of keystroke dynamics based authentication against different attack types. In: 2019 International Conference on Cyberworlds (CW), 2019. p. 274\u20138.","DOI":"10.1109\/CW.2019.00052"},{"key":"662_CR6","doi-asserted-by":"crossref","unstructured":"Gonz\u00e1lez N, Calot EP, Ierache JS, Hasperu\u00e9 W. The reverse problem of keystroke dynamics: Guessing typed text with keystroke timings only. In: 2021 International Conference on Electrical, Computer and Energy Technologies (ICECET), 2021. p. 1\u20136.","DOI":"10.1109\/ICECET52533.2021.9698782"},{"issue":"4","key":"662_CR7","doi-asserted-by":"publisher","first-page":"405","DOI":"10.3233\/JCS-191289","volume":"27","author":"K Balagani","year":"2019","unstructured":"Balagani K, Cardaioli M, Conti M, Gasti P, Georgiev M, Gurtler T, Lain D, Miller C, Molas K, Samarin N, et al. Pilot: Password and pin information leakage from obfuscated typing videos. J Computer Secur. 2019;27(4):405\u201325.","journal-title":"J Computer Secur"},{"key":"662_CR8","doi-asserted-by":"crossref","unstructured":"Balagani KS, Conti M, Gasti P, Georgiev M, Gurtler T, Lain D, Miller C, Molas K, Samarin N, Saraci E, et al. Silk-tv: Secret information leakage from keystroke timing videos. In: European Symposium on Research in Computer Security. New York: Springer; 2018. p. 263\u201380.","DOI":"10.1007\/978-3-319-99073-6_13"},{"key":"662_CR9","doi-asserted-by":"crossref","unstructured":"Teh PS, Teoh ABJ, Yue S. A survey of keystroke dynamics biometrics. The Scientific World Journal (2013).","DOI":"10.1155\/2013\/408280"},{"key":"662_CR10","doi-asserted-by":"crossref","unstructured":"Obaidat MS. A verification methodology for computer systems users. In: Proceedings of the 1995 ACM Symposium on Applied Computing, 1995. p. 258\u201362.","DOI":"10.1145\/315891.315976"},{"key":"662_CR11","doi-asserted-by":"crossref","unstructured":"Giuffrida C, Majdanik K, Conti M, Bos H. I sensed it was you: authenticating mobile users with sensor-enhanced keystroke dynamics. In: International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. New York: Springer; 2014. p. 92\u2013111.","DOI":"10.1007\/978-3-319-08509-8_6"},{"key":"662_CR12","doi-asserted-by":"crossref","unstructured":"Messerman A, Mustafi\u0107 T, Camtepe SA, Albayrak S. Continuous and non-intrusive identity verification in real-time environments based on free-text keystroke dynamics. In: 2011 International Joint Conference on Biometrics (IJCB), IEEE; 2011. p. 1\u20138.","DOI":"10.1109\/IJCB.2011.6117552"},{"issue":"10","key":"662_CR13","doi-asserted-by":"publisher","first-page":"1632","DOI":"10.1093\/comjnl\/bxr064","volume":"54","author":"K Xi","year":"2011","unstructured":"Xi K, Tang Y, Hu J. Correlation keystroke verification scheme for user access control in cloud computing environment. Computer J. 2011;54(10):1632\u201344.","journal-title":"Computer J"},{"key":"662_CR14","doi-asserted-by":"crossref","unstructured":"Stewart JC, Monaco JV, Cha S-H, Tappert CC. An investigation of keystroke and stylometry traits for authenticating online test takers. In: 2011 International Joint Conference on Biometrics (IJCB), IEEE; 2011. p. 1\u20137.","DOI":"10.1109\/IJCB.2011.6117480"},{"key":"662_CR15","doi-asserted-by":"crossref","unstructured":"Leberknight CS, Widmeyer GR, Recce ML. An investigation into the efficacy of keystroke analysis for perimeter defense and facility access. In: 2008 IEEE Conference on Technologies for Homeland Security, IEEE; 2008. p. 345\u201350.","DOI":"10.1109\/THS.2008.4534475"},{"key":"662_CR16","doi-asserted-by":"crossref","unstructured":"Ogihara A, Matsumura H, Shiozaki A. Biometric verification using keystroke motion and key press timing for atm user authentication. In: 2006 International Symposium on Intelligent Signal Processing and Communications, IEEE; 2006. p. 223\u20136.","DOI":"10.1109\/ISPACS.2006.364872"},{"key":"662_CR17","unstructured":"Mandujano S, Soto R. Deterring password sharing: User authentication via fuzzy c-means clustering applied to keystroke biometric data. In: Proceedings of the Fifth Mexican International Conference in Computer Science, 2004. ENC 2004., IEEE; 2004. p. 181\u20137."},{"issue":"3","key":"662_CR18","doi-asserted-by":"publisher","first-page":"82","DOI":"10.3390\/fi14030082","volume":"14","author":"EK Alamri","year":"2022","unstructured":"Alamri EK, Alnajim AM, Alsuhibany SA. Investigation of using captcha keystroke dynamics to enhance the prevention of phishing attacks. Future Internet. 2022;14(3):82. https:\/\/doi.org\/10.3390\/fi14030082.","journal-title":"Future Internet"},{"key":"662_CR19","unstructured":"Sultanov A, Kogos K. Insider threat detection based on stress recognition using keystroke dynamics. CoRR abs\/2005.02862 (2020). arXiv:2005.02862."},{"key":"662_CR20","doi-asserted-by":"crossref","unstructured":"Maalej A, Kallel I. Does keystroke dynamics tell us about emotions? a systematic literature review and dataset construction. In: 2020 16th International Conference on Intelligent Environments (IE). IEEE; 2020. p. 60\u20137.","DOI":"10.1109\/IE49459.2020.9155004"},{"key":"662_CR21","doi-asserted-by":"publisher","first-page":"240","DOI":"10.1016\/j.cose.2019.05.008","volume":"85","author":"N Farhi","year":"2019","unstructured":"Farhi N, Nissim N, Elovici Y. Malboard: A novel user keystroke impersonation attack and trusted detection framework based on side-channel analysis. Computers Security. 2019;85:240\u201369.","journal-title":"Computers Security"},{"issue":"2","key":"662_CR22","doi-asserted-by":"publisher","first-page":"168","DOI":"10.1145\/75577.75582","volume":"33","author":"R Joyce","year":"1990","unstructured":"Joyce R, Gupta G. Identity authentication based on keystroke latencies. Commun ACM. 1990;33(2):168\u201376.","journal-title":"Commun ACM"},{"issue":"2","key":"662_CR23","doi-asserted-by":"publisher","first-page":"851","DOI":"10.1109\/TSP.2004.839903","volume":"53","author":"LC Ara\u00fajo","year":"2005","unstructured":"Ara\u00fajo LC, Sucupira LH, Lizarraga MG, Ling LL, Yabu-Uti JBT. User authentication through typing biometrics features. IEEE Trans Signal Process. 2005;53(2):851\u20135.","journal-title":"IEEE Trans Signal Process"},{"issue":"12","key":"662_CR24","doi-asserted-by":"publisher","first-page":"1217","DOI":"10.1109\/34.62613","volume":"12","author":"S Bleha","year":"1990","unstructured":"Bleha S, Slivinsky C, Hussien B. Computer-access security systems using keystroke dynamics. IEEE Trans Pattern Anal Mach Intell. 1990;12(12):1217\u201322.","journal-title":"IEEE Trans Pattern Anal Mach Intell"},{"key":"662_CR25","doi-asserted-by":"crossref","unstructured":"Kang P, Hwang S-s, Cho S. Continual retraining of keystroke dynamics based authenticator. In: International Conference on Biometrics, Springer; 2007:1203\u20131211.","DOI":"10.1007\/978-3-540-74549-5_125"},{"key":"662_CR26","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-77326-1","volume-title":"Introduction to Biometrics","author":"AK Jain","year":"2011","unstructured":"Jain AK, Ross AA, Nandakumar K. Introduction to Biometrics. New York: Springer; 2011."},{"key":"662_CR27","unstructured":"Kulakis G, Olson K, Doremus J, Geiger S, Monaco JV. Obtaining receiver operating characteristic curves from commercial biometric systems, 2016."},{"key":"662_CR28","unstructured":"Chirita S. NY DMV approves Keystroke Analysis as a validation method, 2021. https:\/\/blog.typingdna.com\/dmv-approves-keystroke-analysis\/."},{"key":"662_CR29","unstructured":"Sloan T. European Banking Authority identifies approved methods for Biometrics, 2019. https:\/\/www.paymentsjournal.com\/european-banking-authority-identifies-approved-methods-for-biometrics\/."},{"issue":"1","key":"662_CR30","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3372420","volume":"23","author":"H Khan","year":"2020","unstructured":"Khan H, Hengartner U, Vogel D. Mimicry attacks on smartphone keystroke authentication. ACM Trans Privacy Security (TOPS). 2020;23(1):1\u201334.","journal-title":"ACM Trans Privacy Security (TOPS)"},{"key":"662_CR31","doi-asserted-by":"crossref","unstructured":"Chen Y, Li T, Zhang R, Zhang Y, Hedgpeth T. Eyetell: Video-assisted touchscreen keystroke inference from eye movements. In: 2018 IEEE Symposium on Security and Privacy (SP), IEEE; 2018. p. 144\u201360.","DOI":"10.1109\/SP.2018.00010"},{"key":"662_CR32","unstructured":"Bradski G. The OpenCV Library. Dr. Dobb\u2019s Journal of Software Tools, 2000."},{"key":"662_CR33","unstructured":"Phinney T. Point size and the EM Square: Not what people think, 2012. http:\/\/www.thomasphinney.com\/2011\/03\/point-size\/."},{"key":"662_CR34","doi-asserted-by":"crossref","unstructured":"He K, Zhang X, Ren S, Sun J. Deep residual learning for image recognition. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, 2016. p. 770\u20138.","DOI":"10.1109\/CVPR.2016.90"},{"key":"662_CR35","doi-asserted-by":"crossref","unstructured":"Rey D, Neuh\u00e4user M. In: Lovric, M. (ed.) Wilcoxon-Signed-Rank Test, 2011:1658\u20131659. Springer, Berlin, Heidelberg.","DOI":"10.1007\/978-3-642-04898-2_616"},{"key":"662_CR36","doi-asserted-by":"crossref","unstructured":"Killourhy KS, Maxion RA. Comparing anomaly-detection algorithms for keystroke dynamics. In: 2009 IEEE\/IFIP International Conference on Dependable Systems & Networks, IEEE; 2009. p. 125\u201334.","DOI":"10.1109\/DSN.2009.5270346"},{"key":"662_CR37","doi-asserted-by":"crossref","unstructured":"Killourhy KS, Maxion RA. Free vs. transcribed text for keystroke-dynamics evaluations. In: Proceedings of the 2012 Workshop on Learning from Authoritative Security Experiment Results, 2012. p. 1\u20138.","DOI":"10.1145\/2379616.2379617"},{"key":"662_CR38","doi-asserted-by":"crossref","unstructured":"Banerjee R, Feng S, Kang JS, Choi Y. Keystroke patterns as prosody in digital writings: A case study with deceptive reviews and essays. In: Proceedings of the 2014 Conference on Empirical Methods in Natural Language Processing (EMNLP), 2014:1469\u20131473. Association for Computational Linguistics, Doha, Qatar. http:\/\/www.aclweb.org\/anthology\/D14-1155.","DOI":"10.3115\/v1\/D14-1155"}],"container-title":["Journal of Big Data"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s40537-022-00662-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s40537-022-00662-8\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s40537-022-00662-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,11,23]],"date-time":"2022-11-23T00:16:31Z","timestamp":1669162591000},"score":1,"resource":{"primary":{"URL":"https:\/\/journalofbigdata.springeropen.com\/articles\/10.1186\/s40537-022-00662-8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,11,21]]},"references-count":38,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2022,12]]}},"alternative-id":["662"],"URL":"https:\/\/doi.org\/10.1186\/s40537-022-00662-8","relation":{},"ISSN":["2196-1115"],"issn-type":[{"value":"2196-1115","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,11,21]]},"assertion":[{"value":"8 February 2022","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"20 October 2022","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"21 November 2022","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"Not applicable.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethics approval and consent to participate"}},{"value":"Not applicable.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Consent for publication"}},{"value":"The authors declare that they have no competing interests.","order":4,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"111"}}