More Web Proxy on the site http://driver.im/

research-article

SCRAP: Synthetically Composed Replay Attacks vs. Adversarial Machine Learning Attacks against Mouse-based Biometric Authentication

Authors:

Christian Lopez,

Esteban Rivera,

Alejandra Castelblanco,

Martin OchoaAuthors Info & Claims

AISec'20: Proceedings of the 13th ACM Workshop on Artificial Intelligence and Security

Pages 37 - 47

https://doi.org/10.1145/3411508.3421378

Published: 09 November 2020 Publication History

Abstract

Adversarial attacks have gained popularity recently due to their simplicity and impact. Their applicability to diverse security scenarios is however less understood. In particular, in some scenarios, attackers may come up naturally with ad-hoc black-box attack techniques inspired directly on characteristics of the problem space rather than using generic adversarial techniques. In this paper we explore an intuitive attack technique for Mouse-based Behavioral Biometrics and compare its effectiveness against adversarial machine learning attacks. We show that attacks leveraging on domain knowledge have higher transferability when applied to various machine-learning techniques and are also more difficult to defend against. We also propose countermeasures against such attacks and discuss their effectiveness.

References

[1]

Ahmed, A. A. E., and Traore, I. A new biometric technology based on mouse dynamics. IEEE Transactions on dependable and secure computing 4, 3 (2007), 165--179.

Digital Library

[2]

Almalki, S., Chatterjee, P., and Roy, K. Continuous authentication using mouse clickstream data analysis. In International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage (2019), Springer, pp. 76--85.

[3]

Antal, M., and Egyed-Zsigmond, E. Intrusion detection using mouse dynamics. IET Biometrics 8, 5 (2019), 285--294.

[4]

Athalye, A., Carlini, N., and Wagner, D. Obfuscated gradients give a false sense of security: Circumventing defenses to adversarial examples. In Proceedings of the 35th International Conference on Machine Learning (StockholmsmÃ?ssan, Stockholm Sweden, 10-15 Jul 2018), J. Dy and A. Krause, Eds., vol. 80 of Proceedings of Machine Learning Research, PMLR, pp. 274--283.

[5]

Ballard, L., Monrose, F., and Lopresti, D. P. Biometric authentication revisited: Understanding the impact of wolves in sheep's clothing. In USENIX Security Symposium (2006).

Digital Library

[6]

Bhattacharyya, D., Ranjan, R., Alisherov, F., Choi, M., et al. Biometric authentication: A review. International Journal of u-and e-Service, Science and Technology 2, 3 (2009), 13--28.

[7]

Brendel, W., Rauber, J., and Bethge, M. Decision-based adversarial attacks: Reliable attacks against black-box machine learning models. arXiv preprint arXiv:1712.04248 (2017).

[8]

Chong, P., Tan, Y. X. M., Guarnizo, J., Elovici, Y., and Binder, A. Mouse authentication without the temporal aspect--what does a 2d-cnn learn? In 2018 IEEE Security and Privacy Workshops (SPW) (2018), IEEE, pp. 15--21.

[9]

Cimato, S., Gamassi, M., Piuri, V., Sassi, R., and Scotti, F. Privacy-aware biometrics: Design and implementation of a multimodal verification system. In 2008 Annual computer security applications conference (ACSAC) (2008), IEEE, pp. 130--139.

[10]

Feher, C., Elovici, Y., Moskovitch, R., Rokach, L., and Schclar, A. User identity verification via mouse dynamics. Information Sciences 201 (2012), 19--36.

Digital Library

[11]

Fülöp, Koács, L. and Kurics, T., and Windhager-Pokol, E. Balabit Mouse Dynamics Challenge data set, 2016. Available at: https://github.com/balabit/Mouse-Dynamics-Challenge.

[12]

Gamboa, H., and Fred, A. L. An identity authentication system based on human computer interaction behaviour. In PRIS (2003), pp. 46--55.

[13]

Goodfellow, I. J., Shlens, J., and Szegedy, C. Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572 (2014).

[14]

Harilal, A., Toffalini, F., Homoliak, I., Castellanos, J., Guarnizo, J., Mondal, S., and Ochoa, M. The wolf of sutd (twos): A dataset of malicious insider threat behavior based on a gamified competition. Journal of Wireless Mobile Networks 9 (03 2018).

[15]

Hashia, S., Pollett, C., and Stamp, M. On using mouse movements as a biometric. In Proceeding in the International Conference on Computer Science and its Applications (2005), vol. 1, The International Conference on Computer Science and its Applications (ICCSA..., p. 5.

[16]

Hu, S., Bai, J., Liu, H., Wang, C., and Wang, B. Deceive mouse-dynamics-based authentication model via movement simulation. In 2017 10th International Symposium on Computational Intelligence and Design (ISCID) (2017), vol. 1, IEEE, pp. 482--485.

[17]

Hu, T., Niu, W., Zhang, X., Liu, X., Lu, J., and Liu, Y. An insider threat detection approach based on mouse dynamics and deep learning. Security and Communication Networks 2019 (2019).

[18]

Kataria, A. N., Adhyaru, D. M., Sharma, A. K., and Zaveri, T. H. A survey of automated biometric authentication techniques. In 2013 Nirma University International Conference on Engineering (NUiCONE) (2013), IEEE, pp. 1--6.

[19]

Meng, D., and Chen, H. MagNet: A Two-Pronged defense against adversarial examples. In Proceedings of the ACM Conference on Computer and Communications Security (New York, NY, USA, oct 2017), Association for Computing Machinery, pp. 135--147.

Digital Library

[20]

Mondal, S., and Bours, P. A study on continuous authentication using a combination of keystroke and mouse biometrics. Neurocomputing 230 (2017), 1--22.

Digital Library

[21]

Nakkabi, Y., Traoré, I., and Ahmed, A. A. E. Improving mouse dynamics biometric performance using variance reduction via extractors with separate features. IEEE Transactions on Systems, Man, and Cybernetics-Part A: Systems and Humans 40, 6 (2010), 1345--1353.

Digital Library

[22]

Nazar, A. Synthesis & simulation of mouse dynamics. PhD thesis, 2007.

[23]

Papernot, N., McDaniel, P., Goodfellow, I., Jha, S., Celik, Z. B., and Swami, A. Practical black-box attacks against machine learning. In Proceedings of the 2017 ACM on Asia conference on computer and communications security (2017), pp. 506--519.

Digital Library

[24]

Ratha, N. K., Connell, J. H., and Bolle, R. M. Enhancing security and privacy in biometrics-based authentication systems. IBM systems Journal 40, 3 (2001), 614--634.

[25]

Ren, K., Zheng, T., Qin, Z., and Liu, X. Adversarial Attacks and Defenses in Deep Learning. Engineering 6, 3 (mar 2020), 346--360.

[26]

Samangouei, P., Kabkab, M., and Chellappa, R. Defense-GAN: Protecting Classifiers Against Adversarial Attacks Using Generative Models.

[27]

Sayed, B., Traoré, I., Woungang, I., and Obaidat, M. S. Biometric authentication using mouse gesture dynamics. IEEE Systems Journal 7, 2 (2013), 262--274.

[28]

Shen, C., Cai, Z., Guan, X., Du, Y., and Maxion, R. A. User authentication through mouse dynamics. IEEE Transactions on Information Forensics and Security 8, 1 (2012), 16--30.

[29]

Solano, J., Camacho, L., Correa, A., Deiro, C., Vargas, J., and Ochoa, M. Risk-based static authentication in web applications with behavioral biometrics and session context analytics. In International Conference on Applied Cryptography and Network Security (2019), Springer, pp. 3--23.

Digital Library

[30]

Solano, J., Tengana Hurtado, L., Castelblanco, A., Rivera, E., Lopez, C., and Ochoa, M. A few-shot practical behavioral biometrics model for login authentication in web applications. In Proceedings of the Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb 20), San Diego, CA (2020).

[31]

Tan, Y. X. M., Iacovazzi, A., Homoliak, I., Elovici, Y., and Binder, A. Adversarial attacks on remote user authentication using behavioural mouse dynamics. In 2019 International Joint Conference on Neural Networks (IJCNN) (2019), IEEE, pp. 1--10.

[32]

Tramè r, F., Kurakin, A., Papernot, N., Goodfellow, I., Boneh, D., and McDaniel, P. Ensemble Adversarial Training: Attacks and Defenses. 6th International Conference on Learning Representations, ICLR 2018 - Conference Track Proceedings (may 2017).

[33]

Wallace, E., Stern, M., and Song, D. Imitation Attacks and Defenses for Black-box Machine Translation Systems.

[34]

Weaver, A. C. Biometric authentication. Computer 39, 2 (2006), 96--97.

Digital Library

[35]

Zantedeschi, V., Nicolae, M. I., and Rawat, A. Efficient defenses against adversarial atacks. In AISec 2017 - Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security, co-located with CCS 2017 (New York, New York, USA, nov 2017), Association for Computing Machinery, Inc, pp. 39--49.

[36]

Zheng, N., Paloski, A., and Wang, H. An efficient user verification system via mouse movements. In Proceedings of the 18th ACM conference on Computer and communications security (2011), pp. 139--150.

Digital Library

Cited By

Tran HHu JHu W(2024)Biometrics-Based Authenticated Key Exchange With Multi-Factor Fuzzy ExtractorIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.346862419(9344-9358)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3468624
Gunawardena RJayawardena SSeneviratne SMasood RKanhere S(2024)Single-Sensor Sparse Adversarial Perturbation Attacks Against Behavioral BiometricsIEEE Internet of Things Journal10.1109/JIOT.2024.340110111:16(27303-27321)Online publication date: 15-Aug-2024
https://doi.org/10.1109/JIOT.2024.3401101
Sadeghpour SVlajic N(2023)ReMouse Dataset: On the Efficacy of Measuring the Similarity of Human-Generated Trajectories for the Detection of Session-Replay BotsJournal of Cybersecurity and Privacy10.3390/jcp30100073:1(95-117)Online publication date: 2-Mar-2023
https://doi.org/10.3390/jcp3010007
Show More Cited By

Index Terms

SCRAP: Synthetically Composed Replay Attacks vs. Adversarial Machine Learning Attacks against Mouse-based Biometric Authentication

Recommendations

Adversarial Machine Learning Attacks and Defense Methods in the Cyber Security Domain

In recent years, machine learning algorithms, and more specifically deep learning algorithms, have been widely used in many fields, including cyber security. However, machine learning systems are vulnerable to adversarial attacks, and this limits the ...
Practical Black-Box Attacks against Machine Learning
ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security

Machine learning (ML) models, e.g., deep neural networks (DNNs), are vulnerable to adversarial examples: malicious inputs modified to yield erroneous model outputs, while appearing unmodified to human observers. Potential attacks include having ...
Adversarial attacks against mouse- and keyboard-based biometric authentication: black-box versus domain-specific techniques
Abstract
Adversarial attacks have recently gained popularity due to their simplicity, impact, and applicability to a wide range of machine learning scenarios. However, knowledge of a particular security scenario can be advantageous for adversaries to craft ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

AISec'20: Proceedings of the 13th ACM Workshop on Artificial Intelligence and Security

November 2020

134 pages

ISBN:9781450380942

DOI:10.1145/3411508

General Chairs:
Jay Ligatti
University of South Florida, USA
,
Xinming Ou
University of South Florida, USA
,
Program Chairs:
Sadia Afroz
UC Berkeley
,
Nicholas Carlini
Google Brain
,
Ambra Demontis
University of Cagliari

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 November 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '20

Sponsor:

SIGSAC

CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security

November 13, 2020

Virtual Event, USA

Acceptance Rates

Overall Acceptance Rate 94 of 231 submissions, 41%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

15
Total Citations
View Citations
311
Total Downloads

Downloads (Last 12 months)39
Downloads (Last 6 weeks)7

Reflects downloads up to 12 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Tran HHu JHu W(2024)Biometrics-Based Authenticated Key Exchange With Multi-Factor Fuzzy ExtractorIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.346862419(9344-9358)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3468624
Gunawardena RJayawardena SSeneviratne SMasood RKanhere S(2024)Single-Sensor Sparse Adversarial Perturbation Attacks Against Behavioral BiometricsIEEE Internet of Things Journal10.1109/JIOT.2024.340110111:16(27303-27321)Online publication date: 15-Aug-2024
https://doi.org/10.1109/JIOT.2024.3401101
Sadeghpour SVlajic N(2023)ReMouse Dataset: On the Efficacy of Measuring the Similarity of Human-Generated Trajectories for the Detection of Session-Replay BotsJournal of Cybersecurity and Privacy10.3390/jcp30100073:1(95-117)Online publication date: 2-Mar-2023
https://doi.org/10.3390/jcp3010007
Roy AWong KPhan R(2023)Attacking Mouse Dynamics Authentication Using Novel Wasserstein Conditional DCGANIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.324541818(3622-3631)Online publication date: 2023
https://doi.org/10.1109/TIFS.2023.3245418
Afanaseva NLozhnikov P(2023)Bot Detection Using Mouse Movements2023 Dynamics of Systems, Mechanisms and Machines (Dynamics)10.1109/Dynamics60586.2023.10349640(1-4)Online publication date: 14-Nov-2023
https://doi.org/10.1109/Dynamics60586.2023.10349640
Sadeghpour SVlajic N(2023)Analysis of Novel Mouse Dynamics Dataset with Repeat Sessions: Helpful Observations for Tackling Session-Replay Bot2023 IEEE 20th Consumer Communications & Networking Conference (CCNC)10.1109/CCNC51644.2023.10060083(790-797)Online publication date: 8-Jan-2023
https://doi.org/10.1109/CCNC51644.2023.10060083
López CSolano JRivera ETengana LFlorez-Lozano JCastelblanco AOchoa M(2023)Adversarial attacks against mouse- and keyboard-based biometric authentication: black-box versus domain-specific techniquesInternational Journal of Information Security10.1007/s10207-023-00711-022:6(1665-1685)Online publication date: 11-Jun-2023
https://doi.org/10.1007/s10207-023-00711-0
Motahar TWiese J(2022)A Review of Personal Informatics Research for People with Motor DisabilitiesProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/35346146:2(1-31)Online publication date: 7-Jul-2022
https://dl.acm.org/doi/10.1145/3534614
Jin YGao YXu XChoi SLi JLiu FLi ZJin Z(2022)EarCommandProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/35346136:2(1-28)Online publication date: 7-Jul-2022
https://dl.acm.org/doi/10.1145/3534613
Xin JPhoha VSalekin A(2022)Combating False Data Injection Attacks on Human-Centric Sensing ApplicationsProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/35345776:2(1-22)Online publication date: 7-Jul-2022
https://dl.acm.org/doi/10.1145/3534577
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents