Publication Type

Conference Proceeding Article

Publication Date



Keystroke dynamics refer to information about the typing patterns of individuals, such as the relative timing when the individual presses and releases each key. Prior studies suggest that such patterns are unique and cannot be easily imitated. This lays the foundation for the use of keystroke biometrics in authentication systems. The research effort in this area has thus far focused on novel detection techniques to differentiate between legitimate users and imposters. In this paper, we demonstrate a novel feedback and training interface named Mimesis. Mimesis provides both positive and negative feedback on the differences between a submitted pattern vs. a reference pattern. This allows one person to imitate another through incremental adjustment of typing pattern. We show that even for targets whose typing patterns are only partially known, training with Mimesis allows attackers to defeat one of the best anomaly detection engines using keystroke biometrics. For a group of 84 participants playing the role of attackers and 2 eight-character passwords of different difficulty, the false acceptance rate (FAR) of the easy and difficult password increases from 0.24 and 0.20 respectively (before Mimesis training) to 0.63 and 0.42 respectively (after Mimesis training with partial information of the victim). With full information, the FAR increases to 0.99 for both passwords for the 14 best attackers.


Information Security

Research Areas



Annual Network and Distributed System Security Symposium 20th NDSS 2013, 24-27 February

First Page


Last Page


City or Country

San Diego, CA

Creative Commons License

Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.

Additional URL