Remote exams have become a staple in education, yet ensuring academic integrity without intrusive monitoring remains a challenge. Traditional solutions, such as webcam-based proctoring, face technical limitations and raise student anxiety. This preliminary study explores keystroke dynamics as a transparent, zero-trust approach to continuous authentication to detect impersonation during remote assessments. To this aim, it evaluates three different machine learning techniques, i.e. Random Forest, Isolation Forest, and One-Class SVM with no previously stored database of students’ profiles. The lack of a users’ gallery distinguishes this proposal from most literature, which deals with authentication following an explicit enrolling phase. In this study, biometric profiles are built at the beginning of the examination after the initial identification, assuming early typing patterns belong to the original account owner. Then, the corresponding profile is constantly matched against the incoming typing data to flag possible anomalies throughout the remaining part of the exam. Experiments on synthetic agent-based data (simulating both legit and cheating combination of users) yielded promising outcomes: by defining a common Risk Score (RS) metric to summarize results across all methods, all legit exams were correctly identified with no false positives (i.e. RS = 0). Random Forest and Isolation Forest detected 83% of cheating combinations (i.e. RS > 0) while OneClassSVM detected 67%. No false negatives, i.e. 100% detection of cheating instances, could be achieved only by an ensemble approach combining all the implemented techniques together and adding their respective scores. The results suggest keystroke dynamics can help identifying suspicious activity in most cases while minimizing disruptions to legitimate test-takers. Keystroke-based authentication can be a feasible and low-intrusion alternative to camera monitoring, helping institutions balance exam security with student privacy.
Behavioral Biometrics for Remote Exam Integrity: Continuous Authenticity Assessment via Keystroke Dynamics / Dillon, Roberto; De Marsico, Maria. - In: PROCEDIA COMPUTER SCIENCE. - ISSN 1877-0509. - (2025), pp. 1-10. (Intervento presentato al convegno 24th International Conference on Modelling and Applied Simulation (MAS 2025), held within the 22nd International Multidisciplinary Modeling & Simulation Multiconference (I3M 2025) tenutosi a Fes (Marocco)).
Behavioral Biometrics for Remote Exam Integrity: Continuous Authenticity Assessment via Keystroke Dynamics
Maria De Marsico
2025
Abstract
Remote exams have become a staple in education, yet ensuring academic integrity without intrusive monitoring remains a challenge. Traditional solutions, such as webcam-based proctoring, face technical limitations and raise student anxiety. This preliminary study explores keystroke dynamics as a transparent, zero-trust approach to continuous authentication to detect impersonation during remote assessments. To this aim, it evaluates three different machine learning techniques, i.e. Random Forest, Isolation Forest, and One-Class SVM with no previously stored database of students’ profiles. The lack of a users’ gallery distinguishes this proposal from most literature, which deals with authentication following an explicit enrolling phase. In this study, biometric profiles are built at the beginning of the examination after the initial identification, assuming early typing patterns belong to the original account owner. Then, the corresponding profile is constantly matched against the incoming typing data to flag possible anomalies throughout the remaining part of the exam. Experiments on synthetic agent-based data (simulating both legit and cheating combination of users) yielded promising outcomes: by defining a common Risk Score (RS) metric to summarize results across all methods, all legit exams were correctly identified with no false positives (i.e. RS = 0). Random Forest and Isolation Forest detected 83% of cheating combinations (i.e. RS > 0) while OneClassSVM detected 67%. No false negatives, i.e. 100% detection of cheating instances, could be achieved only by an ensemble approach combining all the implemented techniques together and adding their respective scores. The results suggest keystroke dynamics can help identifying suspicious activity in most cases while minimizing disruptions to legitimate test-takers. Keystroke-based authentication can be a feasible and low-intrusion alternative to camera monitoring, helping institutions balance exam security with student privacy.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
