Keystroke Anomaly Detector (KAD): A Real-Time Behavioural Biometric Security System

Abstract - The proliferation of automated cyber-attacks and sophisticated social engineering tactics has rendered traditional point-in-time authentication insufficient for securing workstation environments. This paper proposes the Keystroke Anomaly Detector (KAD), a real-time behavioral-biometric security system designed for Windows workstations to strengthen Cyber Supply Chain (CSC) security. KAD addresses unauthorized access, impersonation, and HID injection attacks by learning a user's unique typing rhythm through 23 biometric keystroke features. An ensemble of unsupervised Machine Learning algorithms — Isolation Forest and One-Class Support Vector Machine (SVM) — detects real-time anomalies, while a Cyber Threat Intelligence (CTI) module performs regex-based command signature detection. A weighted detection engine combines ML anomaly scores (45%), behavioral rhythm scores (25%), and command signature scores (30%) into a unified risk assessment. Critical threats trigger automated responses including keyboard locking, webcam evidence capture, and Telegram notifications. Experimental results demonstrate high true positive rates for impersonation, HID injection, and malicious command scenarios, with low false positives under normal conditions. The system operates via a local Flask-based web dashboard and requires no additional hardware. Key Words: Keystroke Dynamics, Behavioral Biometrics, Machine Learning, Anomaly Detection, Endpoint Security, Isolation Forest, One-Class SVM, Cyber Supply Chain Security.