Dillon, Roberto, and De Marsico, Maria (2025) Behavioral Biometrics for Remote Exam Integrity: Continuous Authenticity Assessment via Keystroke Dynamics. In: Procedia Computer Science (274) pp. 402-411. From: MAS 2025: 24th International Conference on Modelling and Applied Simulation, 17-19 September 2025, Fes, Morocco.

Preview

PDF - Published Version Available under License Creative Commons Attribution Non-commercial No Derivatives. Download (1MB) | Preview

Abstract

Remote exams have become a staple in education, yet ensuring academic integrity without intrusive monitoring remains a challenge. Traditional solutions, such as webcam-based proctoring, face technical limitations and raise student anxiety. This preliminary study explores keystroke dynamics as a transparent, zero-trust approach to continuous authentication to detect impersonation during remote assessments. To this aim, it evaluates three different machine learning techniques, i.e. Random Forest, Isolation Forest, and One-Class SVM with no previously stored database of students’ profiles. The lack of a users’ gallery distinguishes this proposal from most literature, which deals with authentication following an explicit enrolling phase. In this study, biometric profiles are built at the beginning of the examination after the initial identification, assuming early typing patterns belong to the original account owner. Then, the corresponding profile is constantly matched against the incoming typing data to flag possible anomalies throughout the remaining part of the exam. Experiments on synthetic agent-based data (simulating both legit and cheating combination of users) yielded promising outcomes: by defining a common Risk Score (RS) metric to summarize results across all methods, all legit exams were correctly identified with no false positives (i.e. RS = 0). Random Forest and Isolation Forest detected 83% of cheating combinations (i.e. RS > 0) while OneClassSVM detected 67%. No false negatives, i.e. 100% detection of cheating instances, could be achieved only by an ensemble approach combining all the implemented techniques together and adding their respective scores. The results suggest keystroke dynamics can help identifying suspicious activity in most cases while minimizing disruptions to legitimate test-takers. Keystroke-based authentication can be a feasible and low-intrusion alternative to camera monitoring, helping institutions balance exam security with student privacy.

Item ID:	90226
Item Type:	Conference Item (Research - E1)
ISSN:	1877-0509
Keywords:	keystroke dynamics; remote proctoring; agent-based modelling; random forest; isolation forest; OneClass-SVM
Copyright Information:	© 2025 The Authors. Published by ELSEVIER B.V. This is an open access article under the CC BY-NC-ND license (https://creativecommons.org/licenses/by-nc-nd/4.0)
Date Deposited:	20 May 2026 02:42
FoR Codes:	46 INFORMATION AND COMPUTING SCIENCES > 4604 Cybersecurity and privacy > 460499 Cybersecurity and privacy not elsewhere classified @ 100%
SEO Codes:	22 INFORMATION AND COMMUNICATION SERVICES > 2204 Information systems, technologies and services > 220402 Applied computing @ 40% 22 INFORMATION AND COMMUNICATION SERVICES > 2204 Information systems, technologies and services > 220403 Artificial intelligence @ 30% 22 INFORMATION AND COMMUNICATION SERVICES > 2204 Information systems, technologies and services > 220405 Cybersecurity @ 30%
	More Statistics