Real-time identity verification using keystroke and mouse dynamics — a 29-feature behavioral biometrics pipeline packaged as a standalone Windows app.
This system continuously authenticates users during active sessions using behavioral biometrics — specifically keystroke cadence and mouse dynamics. Unlike traditional authentication that only verifies identity at login, this system monitors behavior every 30 seconds and flags anomalies in real time.
Built a data acquisition application that collected multi-session behavioral interaction data from 15+ participants, capturing typing rhythm, key hold durations, mouse velocity, acceleration, and curvature.
Engineered a 29-feature behavioral signature pipeline extracting typing cadence metrics and mouse kinematic features. Features were normalized and passed through a sliding-window continuous authentication engine that performs verification every 30 seconds.
Trained and evaluated Random Forest and SVM authentication models using cross-validation and biometric evaluation metrics: ROC curves, False Acceptance Rate (FAR), False Rejection Rate (FRR), and Equal Error Rate (EER).
Implemented multimodal fusion of keystroke and mouse dynamics to improve authentication robustness and reduce impersonation risk — combining two independent behavioral channels into a single confidence score.
Packaged the entire system into a standalone Windows security application using PyInstaller, enabling fully offline deployment without cloud infrastructure or internet access.
The hardest part was tuning the EER — getting the system sensitive enough to catch impostors without flagging legitimate users who type slightly differently when tired or stressed. The sliding window approach was key: rather than making a binary decision on a single sample, the system builds confidence over multiple 30-second windows before triggering an alert.
The system successfully detects session hijacking and insider misuse after login — addressing a critical limitation of traditional authentication systems that only verify identity once at the point of entry.
Key takeaway: What's the most important thing to know about this project?