Skip to main content

Results & Performance Analysis

Overview

This section presents a comprehensive evaluation of the continuous authentication system, comparing custom-built models with pre-trained alternatives. We analyze performance across all biometric modalities, examine the integrated system behavior, and discuss real-world deployment considerations.

Model Performance Comparison

Physiological Biometrics

Face Recognition Results

Detailed Metrics:

MetricFaceNet (Pre-trained)Custom MobileNetV2Difference
Accuracy95.4%88.2%-7.2%
Precision94.8%87.5%-7.3%
Recall93.6%86.1%-7.5%
F1-Score94.2%86.8%-7.4%
Equal Error Rate (EER)2.80%4.70%+1.90%
True Accept Rate @ 1% FAR97.2%91.3%-5.9%
Inference Time (ms)120150+30ms
Model Size (MB)96.711.1-85.6 MB

Analysis:

The pre-trained FaceNet model demonstrates superior accuracy and lower error rates, benefiting from training on millions of face images. However, the custom MobileNetV2 model offers significant advantages:

  • 88x smaller model size (11.1 MB vs 96.7 MB)
  • Deployment flexibility for edge devices
  • Acceptable accuracy for continuous authentication use case
  • Lower computational requirements

Performance Gap: The 7.2% accuracy gap is primarily attributed to:

  1. Limited training data (13,000 images vs millions for FaceNet)
  2. Simplified architecture optimized for efficiency
  3. Less extensive hyperparameter tuning

Voice Recognition Results

Detailed Metrics:

MetricECAPA-TDNN (Pre-trained)Custom GRUDifference
Accuracy96.8%85.7%-11.1%
Precision96.3%84.3%-12.0%
Recall95.9%82.9%-13.0%
F1-Score96.1%83.6%-12.5%
Equal Error Rate (EER)2.30%5.10%+2.80%
Speaker Error Rate3.1%6.8%+3.7%
Inference Time (ms)130160+30ms
Model Size (MB)45.28.3-36.9 MB

Analysis:

The ECAPA-TDNN model, trained on VoxCeleb's extensive speaker dataset, outperforms the custom GRU model. Key observations:

Pre-trained Advantages:

  • Exposure to diverse speakers and acoustic conditions
  • Advanced architecture with time-delay neural networks
  • Robust to noise and channel variations

Custom Model Benefits:

  • 5.4x smaller model size
  • Simpler architecture for faster inference on limited hardware
  • Customizable for specific use cases
  • Easier integration with embedded systems

Performance Gap Causes:

  1. Dataset size: VoxCeleb (7,000+ speakers) vs Mozilla Common Voice (665 speakers)
  2. Architecture complexity: ECAPA-TDNN optimized for speaker recognition
  3. Training duration and computational resources

Behavioral Biometrics

Keystroke Dynamics Results

Model Performance:

MetricLSTM ModelTraditional ML (SVM)Improvement
Accuracy83.0%68.5%+14.5%
Precision82.5%67.2%+15.3%
Recall83.0%68.5%+14.5%
F1-Score82.75%67.8%+14.95%
Equal Error Rate12.3%22.7%-10.4%
False Accept Rate @ 5% FRR3.2%8.9%-5.7%

Per-User Variance:

Challenging User Characteristics:

  • Inconsistent typing speed
  • Frequent multitasking during typing
  • High variability in keystroke patterns
  • Limited training samples

Success Factors:

  • Consistent typing rhythm
  • Sufficient enrollment data (10+ samples)
  • Regular keyboard usage
  • Minimal environmental distractions

Human Activity Recognition Results

Model Performance:

MetricCNN-GRU HybridCNN OnlyLSTM OnlyTraditional ML
Accuracy89.89%85.3%87.2%76.4%
Precision89.45%84.8%86.7%75.9%
Recall89.89%85.3%87.2%76.4%
F1-Score89.54%85.0%86.9%76.1%
Inference Time (ms)45325818

Per-Activity Performance:

Activity-Specific Analysis:

ActivityPrecisionRecallF1-ScoreChallenges
Walking93.75%93.95%93.85%Clear periodic pattern
Walking Upstairs90.89%90.87%90.88%Distinct acceleration
Walking Downstairs86.55%99.52%92.58%Gravity assistance signature
Sitting85.71%54.55%66.67%Similar to standing
Standing94.75%75.10%83.82%Minimal movement
Laying95.15%95.15%95.15%Unique orientation

Key Observations:

Strong Performance:

  • Dynamic activities (walking variants, laying) achieve over 90% accuracy
  • Clear sensor signatures enable reliable classification
  • Temporal patterns captured effectively by hybrid model

Challenging Scenarios:

  • Sitting vs Standing confusion: Similar static postures with minimal sensor variation
  • Walking variant confusion: Upstairs/downstairs require subtle distinction
  • Device placement sensitivity: Performance varies with phone position

Integrated System Performance

End-to-End Authentication Pipeline

Risk Classification Performance

Overall Classifier Metrics:

MetricValueInterpretation
Accuracy85.2%Strong overall classification
Macro-averaged Precision84.7%Balanced across risk levels
Macro-averaged Recall85.2%Good detection of all classes
Macro-averaged F1-Score84.9%Harmonized performance
ROC-AUC (One-vs-Rest)0.91Excellent discrimination

Confusion Matrix Analysis:

                    Predicted Risk
                Low    Medium   High
Actual  Low     2,981    203     56
        Medium   267   1,340    213
        High      89     182    669

Key Insights:

  1. Low Risk Classification (92.0% accuracy)

    • High precision (91.8%): Few false positives
    • Strong recall (92.1%): Correctly identifies legitimate sessions
    • Minimizes unnecessary user friction

  2. Medium Risk Classification (73.6% recall)

    • More conservative: Some low-risk sessions flagged
    • Acceptable trade-off for security
    • Voice verification resolves most cases

  3. High Risk Classification (87.1% precision)

    • Critical for security: Low false negative rate
    • Correctly identifies most suspicious sessions
    • Some medium-risk sessions escalated (acceptable)

Verification Success Rates

Voice Verification (Medium Risk Cases):

OutcomeCountPercentageInterpretation
Successful Verification1,55885.6%Legitimate users pass
Failed - Escalated to Face26214.4%Requires higher verification

Face Verification (High Risk Cases):

OutcomeCountPercentageInterpretation
Successful Verification82988.2%Eventually authenticated
Access Denied11111.8%Potential attacks blocked

Overall System Security:

Interpretation:

  • 98.2% of legitimate users eventually authenticated
  • 1.8% of sessions blocked (potential attacks or persistent failures)
  • 91.8% of sessions require no additional verification
  • Balanced security and user experience

Performance Analysis by Scenario

Real-World Use Cases

Scenario 1: Office Environment (Desktop Users)

Characteristics:

  • Consistent device and location
  • Regular working hours (9 AM - 6 PM)
  • Primarily keystroke-based interaction

Performance:

MetricValueNotes
Low Risk Sessions85.3%High consistency
Voice Verification Trigger12.1%Occasional deviations
Face Verification Trigger2.6%Rare anomalies
False Positive Rate4.2%After-hours access flagged
Average Session Duration4.2 hoursLong, productive sessions

Optimization Recommendations:

  • Reduce after-hours sensitivity for known overtime workers
  • Train additional keystroke patterns for extended sessions
  • Consider time-of-day profiles

Scenario 2: Remote Work (Mixed Devices)

Characteristics:

  • Multiple devices (laptop, tablet, phone)
  • Variable locations (home, cafe, co-working)
  • Irregular hours

Performance:

MetricValueNotes
Low Risk Sessions61.4%More variability
Voice Verification Trigger28.9%New locations common
Face Verification Trigger9.7%Device switches
False Positive Rate12.3%Travel triggers alerts
Average Session Duration2.8 hoursShorter, fragmented

Optimization Recommendations:

  • Implement multi-device user profiles
  • Geo-fence trusted locations (home, office)
  • Relax thresholds for known WiFi networks

Scenario 3: Mobile Access

Characteristics:

  • Smartphone/tablet primary device
  • Location changes frequently
  • Heavy reliance on activity recognition

Performance:

MetricValueNotes
Low Risk Sessions68.7%Activity patterns helpful
Voice Verification Trigger23.5%Location changes
Face Verification Trigger7.8%Unknown locations
False Positive Rate8.9%Travel and movement
Average Session Duration0.9 hoursShort, frequent sessions

Optimization Recommendations:

  • Weight activity recognition higher for mobile users
  • Implement trusted location zones
  • Consider time-based session expectations

System Performance Metrics

Latency and Throughput

Component-Level Latency:

Detailed Latency Breakdown:

ComponentAverage (ms)95th Percentile (ms)99th Percentile (ms)
Keystroke Feature Extraction121824
Activity Feature Extraction233142
Face Matcher Inference150178205
Voice Matcher Inference160189218
Keystroke LSTM Inference283546
Activity CNN-GRU Inference455872
Random Forest Classification182431
Complete Pipeline (Behavioral)127189241

Throughput Capacity:

ScenarioRequests/SecondConcurrent UsersNotes
Risk Assessment Only45010,000+Background monitoring
With Voice Verification1804,000Real-time audio processing
With Face Verification1503,500Image processing overhead
Peak Load (Mixed)2806,000Typical production mix

Resource Utilization

Computational Resources:

ResourceIdleLow LoadMedium LoadPeak Load
CPU Usage8%35%62%87%
Memory (RAM)340 MB680 MB1.2 GB1.8 GB
GPU Usage0%12%28%45%
Disk I/OMinimal15 MB/s42 MB/s78 MB/s
NetworkNegligible8 Mbps18 Mbps35 Mbps

Scalability Analysis:

Scaling Recommendations:

  • Up to 10K users: Single instance (4 CPU cores, 8GB RAM)
  • 10K - 50K users: Vertical scaling (8 cores, 16GB RAM, GPU)
  • 50K+ users: Horizontal scaling with load balancer
  • Enterprise (100K+): Distributed microservices architecture

Comparative Analysis with State-of-the-Art

Academic Benchmarks

Continuous Authentication Systems:

SystemModalitiesAccuracyEERYear
IoTCAF FrameworkFace + Gait92.3%5.2%2022
Gargoyle GuardKeystroke + Mouse87.5%8.1%2021
GaitCodeGait + Accelerometer94.1%3.8%2021
Multimodal CNN-RNNFace + Voice93.7%4.5%2020
Our SystemFace + Voice + Keystroke + Activity88.2% (face)<br/>85.7% (voice)<br/>83.0% (keystroke)<br/>89.9% (activity)4.7% (face)<br/>5.1% (voice)<br/>12.3% (keystroke)2025

Key Differentiators:

  1. Multi-Modal Integration: Only system combining 4+ biometric modalities
  2. Adaptive Risk-Based: Dynamic verification based on assessed risk
  3. Practical Deployment: Optimized for real-world constraints
  4. Continuous Learning: Adapts to user behavior over time

Commercial Solutions Comparison

Enterprise Authentication Systems:

FeatureOur SystemDuo SecurityOkta VerifyMicrosoft Authenticator
Continuous AuthenticationYesNoNoLimited
Behavioral BiometricsYes (2 types)LimitedNoLimited
Physiological BiometricsYes (2 types)Face onlyFace onlyFace only
Risk-Based VerificationYes (3 levels)Yes (2 levels)Yes (2 levels)Yes (2 levels)
Custom ModelsYesNoNoNo
On-Premise DeploymentYesLimitedNoNo
Real-Time AdaptationYesNoNoLimited

Competitive Advantages:

  • More comprehensive biometric coverage
  • True continuous authentication (not periodic)
  • Customizable for specific use cases
  • Transparent risk assessment

Limitations vs Commercial:

  • Less mature infrastructure
  • Smaller user base for testing
  • Limited integration ecosystem
  • Requires technical expertise for deployment

Error Analysis and Failure Modes

Common Failure Scenarios

False Positives (Legitimate User Blocked)

Distribution by Cause:

Mitigation Strategies:

CauseFrequencyMitigationEffectiveness
New Location32%Geo-fence trusted locations75% reduction
New Device24%Multi-device enrollment82% reduction
Time Anomaly18%Time-of-day profiles65% reduction
Behavior Change15%Adaptive thresholds45% reduction
Network Change8%VPN detection + whitelisting70% reduction
System Error3%Error handling improvements90% reduction

False Negatives (Attack Not Detected)

Attack Scenarios:

ScenarioDetection RateFailure CauseImprovement Plan
Stolen Device (Recent Biometrics)73.5%Valid biometric data presentAdd liveness detection
Credential + Behavioral Mimicry82.1%Sophisticated attackerEnhance behavioral diversity
Internal Threat (Authorized User)68.9%Legitimate access patternsAdd transaction monitoring
Zero-Day Attack Vector91.2%Unknown attack patternAnomaly detection enhancement

Performance Degradation Scenarios

Environmental Factors:

FactorImpactAffected ModalityDegradation
Poor LightingHighFace Recognition-12.3% accuracy
Background NoiseMediumVoice Recognition-8.7% accuracy
Public WiFiLowRisk Assessment+5.2% false positives
Device MovementMediumActivity Recognition-6.4% accuracy
Keyboard Layout ChangeHighKeystroke Dynamics-15.8% accuracy

User Condition Factors:

ConditionImpact on KeystrokeImpact on ActivityImpact on Voice
Fatigue-9.2% accuracy-4.3% accuracy-3.1% accuracy
Stress-7.8% accuracy-2.1% accuracy-5.6% accuracy
Illness-6.4% accuracy-11.2% accuracy-12.3% accuracy
Intoxication-18.5% accuracy-15.7% accuracy-9.8% accuracy

Optimization Opportunities

Identified Improvements

Model-Level Optimizations:

Specific Recommendations:

  1. Face Recognition:

    • Add synthetic data generation (deepfake detection training)
    • Implement domain adaptation for diverse lighting
    • Target: 92-94% accuracy (close pre-trained gap)

  2. Voice Recognition:

    • Expand training dataset (additional speakers)
    • Implement noise-robust features (spectral subtraction)
    • Target: 90-92% accuracy

  3. Keystroke Dynamics:

    • Collect more diverse typing samples
    • Implement user-specific adaptive thresholds
    • Target: 87-90% accuracy

  4. Activity Recognition:

    • Add transfer learning from larger HAR datasets
    • Implement device-specific calibration
    • Target: 93-95% accuracy

System-Level Enhancements

Performance Improvements:

EnhancementExpected BenefitImplementation Complexity
Model Quantization2-3x faster inferenceMedium
GPU Acceleration4-5x faster processingLow
Caching Strategy30-40% latency reductionMedium
Batch Processing2x throughput increaseHigh
Edge Deployment50-60% latency reductionHigh

User Experience Improvements:

EnhancementImpactUser Friction Reduction
Progressive EnrollmentGradual profile building25% fewer initial prompts
Smart NotificationsContext-aware alerts40% less alert fatigue
Explanation UITransparent decisions35% better user trust
Self-Service RecoveryUser-initiated fixes50% fewer support tickets

Key Findings Summary

Strengths

  1. Comprehensive Coverage: Four-modality system provides defense-in-depth
  2. Adaptive Security: Risk-based verification balances security and UX
  3. Practical Performance: 85%+ accuracy suitable for real-world deployment
  4. Efficiency: Lightweight models enable edge deployment
  5. Continuous Operation: True session-long authentication

Limitations

  1. Accuracy Gap: Custom models trail pre-trained by 7-11%
  2. Environmental Sensitivity: Performance varies with conditions
  3. Data Requirements: Needs substantial enrollment data
  4. Computational Overhead: Real-time processing demands resources
  5. False Positive Rate: 8-12% in challenging scenarios

Trade-offs

Security vs Usability:

  • Current configuration: 98.2% eventual authentication, 1.8% blocked
  • Tighter security: Could increase blocks to 5-8%
  • Looser security: Could reduce blocks to less than 1% but risk increases

Accuracy vs Efficiency:

  • Custom models: 85-89% accuracy, 8-11 MB size, 127-160 ms latency
  • Pre-trained models: 95-97% accuracy, 45-97 MB size, 120-130 ms latency

Real-Time vs Batch:

  • Real-time: 127ms average, handles 450 req/sec
  • Batch: Could achieve 50ms per request, 1000+ req/sec

Deployment Readiness Assessment

Production Criteria

CriterionTargetCurrentStatusGap Analysis
Accuracy90%+85-89%ApproachingNeed 3-5% improvement
Latency<200ms127ms avgMetMargin for growth
Throughput400+ req/s450 req/sMetCapacity available
Uptime99.9%99.2%CloseStability improvements needed
Security<3% breach1.8% blockedMetStrong performance

Phase 1: Pilot (Months 1-3)

  • Deploy to 100-500 users
  • Monitor false positive/negative rates
  • Collect real-world performance data
  • Iterate on thresholds and models

Phase 2: Limited Release (Months 4-6)

  • Expand to 5,000-10,000 users
  • A/B test against traditional MFA
  • Gather user feedback
  • Optimize resource utilization

Phase 3: Full Production (Months 7-12)

  • Scale to entire user base
  • Implement continuous learning
  • Establish monitoring and alerting
  • Plan for ongoing improvements