Adversarial Attacks on Remote User Authentication Using Behavioural Mouse Dynamics

Mouse dynamics is a potential means of authenticating users. Typically, the authentication process is based on classical machine learning techniques, but recently, deep learning techniques have been introduced for this purpose. Although prior research has demonstrated how machine learning and deep learning algorithms can be bypassed by carefully crafted adversarial samples, there has been very little research performed on the topic of behavioural biometrics in the adversarial domain. In an attempt to address this gap, we built a set of attacks, which are applications of several generative approaches, to construct adversarial mouse trajectories that bypass authentication models. These generated mouse sequences will serve as the adversarial samples in the context of our experiments. We also present an analysis of the attack approaches we explored, explaining their limitations. In contrast to previous work, we consider the attacks in a more realistic and challenging setting in which an attacker has access to recorded user data but does not have access to the authentication model or its outputs. We explore three different attack strategies: 1) statistics-based, 2) imitation-based, and 3) surrogate-based; we show that they are able to evade the functionality of the authentication models, thereby impacting their robustness adversely. We show that imitation-based attacks often perform better than surrogate-based attacks, unless, however, the attacker can guess the architecture of the authentication model. In such cases, we propose a potential detection mechanism against surrogate-based attacks.

[1]  Chao Shen,et al.  Continuous authentication for mouse dynamics: A pattern-growth approach , 2012, IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012).

[2]  Luca Antiga,et al.  Automatic differentiation in PyTorch , 2017 .

[3]  Fabian Monrose,et al.  Keystroke dynamics as a biometric for authentication , 2000, Future Gener. Comput. Syst..

[4]  Lior Rokach,et al.  Generic Black-Box End-to-End Attack Against State of the Art API Call Based Malware Classifiers , 2017, RAID.

[5]  Alexander Binder,et al.  Layer-Wise Relevance Propagation for Neural Networks with Local Renormalization Layers , 2016, ICANN.

[6]  Atul Prakash,et al.  Robust Physical-World Attacks on Machine Learning Models , 2017, ArXiv.

[7]  Jonathon Shlens,et al.  Explaining and Harnessing Adversarial Examples , 2014, ICLR.

[8]  Dawn Song,et al.  Robust Physical-World Attacks on Deep Learning Models , 2017, 1707.08945.

[9]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[10]  F. Wilcoxon Individual Comparisons by Ranking Methods , 1945 .

[11]  Soumik Mondal,et al.  A study on continuous authentication using a combination of keystroke and mouse biometrics , 2017, Neurocomputing.

[12]  Alexander Binder,et al.  On Pixel-Wise Explanations for Non-Linear Classifier Decisions by Layer-Wise Relevance Propagation , 2015, PloS one.

[13]  Debnath Bhattacharyya,et al.  Biometric Authentication: A Review , 2009 .

[14]  David A. Wagner,et al.  Towards Evaluating the Robustness of Neural Networks , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[15]  Ana L. N. Fred,et al.  A behavioral biometric system based on human-computer interaction , 2004, SPIE Defense + Commercial Sensing.

[16]  Matthias Bethge,et al.  Decision-Based Adversarial Attacks: Reliable Attacks Against Black-Box Machine Learning Models , 2017, ICLR.

[17]  Alexander Binder,et al.  Mouse Authentication Without the Temporal Aspect – What Does a 2D-CNN Learn? , 2018, 2018 IEEE Security and Privacy Workshops (SPW).

[18]  Yigitcan Aksari,et al.  Active authentication by mouse movements , 2009, 2009 24th International Symposium on Computer and Information Sciences.

[19]  Soumik Mondal,et al.  TWOS: A Dataset of Malicious Insider Threat Behavior Based on a Gamified Competition , 2017, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[20]  Patrick Bours,et al.  A Login System Using Mouse Dynamics , 2009, 2009 Fifth International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[21]  Ronald J. Williams,et al.  A Learning Algorithm for Continually Running Fully Recurrent Neural Networks , 1989, Neural Computation.

[22]  Haining Wang,et al.  An efficient user verification system via mouse movements , 2011, CCS '11.

[23]  Ananthram Swami,et al.  Practical Black-Box Attacks against Machine Learning , 2016, AsiaCCS.

[24]  Mohammad S. Obaidat,et al.  Biometric Authentication Using Mouse Gesture Dynamics , 2013, IEEE Systems Journal.

[25]  Ahmed Awad E. Ahmed,et al.  A New Biometric Technology Based on Mouse Dynamics , 2007, IEEE Transactions on Dependable and Secure Computing.

[26]  Katarzyna Harezlak,et al.  Fusion of eye movement and mouse dynamics for reliable behavioral biometrics , 2018, Pattern Analysis and Applications.

[27]  Yuval Elovici,et al.  Insight Into Insiders and IT , 2018, ACM Comput. Surv..

[28]  Youtian Du,et al.  User Authentication Through Mouse Dynamics , 2013, IEEE Transactions on Information Forensics and Security.

[29]  Lior Rokach,et al.  User identity verification via mouse dynamics , 2012, Inf. Sci..

[30]  Joan Bruna,et al.  Intriguing properties of neural networks , 2013, ICLR.

[31]  Ananthram Swami,et al.  The Limitations of Deep Learning in Adversarial Settings , 2015, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).