Android-GAN: Defending against android pattern attacks using multi-modal generative network as anomaly detector

Abstract Android pattern lock system is a popular form of user authentication extensively used in mobile phones today. However, it is vulnerable to potential security attacks such as shoulder surfing, camera attack and smudge attack. This study proposes a new kind of authentication system based on a generative deep neural network that can defend any attacks by imposters except a registered user. This network adopts the anomaly detection paradigm where only normal data is used while training the network. For this purpose, we utilize both Generative Adversarial Networks as an anomaly detector and Long Short Term Memory that processes 1D time varying signals converted from 2D Android patterns. To handle the stability problem of GANs during the training, Replay Buffer, which has been effectively used in Deep Q-Networks, is also utilized. Evaluation of the proposed method was carried out thoroughly and the accuracy reached to 0.95 in term of the Area Under Curve. Although training this network requires extensive computing resources, it runs on a mobile phone well since the testing version is very light. Further experiments conducted using a group of mobile phone users, including posture variation study, provided comparable performance as well. Results suggest that the proposed system has a potential for real world application.

[1]  Margit Antal,et al.  Keystroke Dynamics on Android Platform , 2015 .

[2]  Alexei A. Efros,et al.  Unpaired Image-to-Image Translation Using Cycle-Consistent Adversarial Networks , 2017, 2017 IEEE International Conference on Computer Vision (ICCV).

[3]  Eric Jones,et al.  SciPy: Open Source Scientific Tools for Python , 2001 .

[4]  Georg Langs,et al.  Unsupervised Anomaly Detection with Generative Adversarial Networks to Guide Marker Discovery , 2017, IPMI.

[5]  Zhi-Hua Zhou,et al.  Isolation Forest , 2008, 2008 Eighth IEEE International Conference on Data Mining.

[6]  Jiankun Hu,et al.  A fingerprint based bio-cryptographic security protocol designed for client/server authentication in mobile computing environment , 2011, Secur. Commun. Networks.

[7]  Duncan S. Wong,et al.  Touch Gestures Based Biometric Authentication Scheme for Touchscreen Mobile Phones , 2012, Inscrypt.

[8]  Leslie Pérez Cáceres,et al.  The irace package: Iterated racing for automatic algorithm configuration , 2016 .

[9]  Adam J. Aviv,et al.  Smudge Attacks on Smartphone Touch Screens , 2010, WOOT.

[10]  Yoshua Bengio,et al.  Generative Adversarial Nets , 2014, NIPS.

[11]  Soumith Chintala,et al.  Unsupervised Representation Learning with Deep Convolutional Generative Adversarial Networks , 2015, ICLR.

[12]  Ingrid Verbauwhede,et al.  Secure IRIS Verification , 2007, 2007 IEEE International Conference on Acoustics, Speech and Signal Processing - ICASSP '07.

[13]  Richard S. Sutton,et al.  Reinforcement Learning: An Introduction , 1998, IEEE Trans. Neural Networks.

[14]  Harshal Tupsamudre,et al.  TinPal: An Enhanced Interface for Pattern Locks , 2018 .

[15]  Erik Wästlund,et al.  Exploring Touch-Screen Biometrics for User Identification on Smart Phones , 2011, PrimeLife.

[16]  Richard S. Sutton,et al.  A Deeper Look at Experience Replay , 2017, ArXiv.

[17]  Xiaojiang Chen,et al.  Cracking Android Pattern Lock in Five Attempts , 2017, NDSS.

[18]  P. Rousseeuw,et al.  A fast algorithm for the minimum covariance determinant estimator , 1999 .

[19]  Shari Trewin,et al.  Biometric authentication on a mobile device: a study of user effort, error and task disruption , 2012, ACSAC '12.

[20]  Bernhard Schölkopf,et al.  Estimating the Support of a High-Dimensional Distribution , 2001, Neural Computation.

[21]  Andrea Lagorio,et al.  On the Use of SIFT Features for Face Authentication , 2006, 2006 Conference on Computer Vision and Pattern Recognition Workshop (CVPRW'06).

[22]  Wojciech Zaremba,et al.  Improved Techniques for Training GANs , 2016, NIPS.

[23]  Kishan G. Mehrotra,et al.  Anomaly Detection Principles and Algorithms , 2017, Terrorism, Security, and Computation.

[24]  Adam J. Aviv,et al.  Towards Baselines for Shoulder Surfing on Mobile Authentication , 2017, ACSAC.

[25]  Shane Legg,et al.  Human-level control through deep reinforcement learning , 2015, Nature.

[26]  Roger Wattenhofer,et al.  A personal touch: recognizing users based on touch screen behavior , 2012, PhoneSense '12.

[27]  Kwang-Seok Hong,et al.  Person authentication using face, teeth and voice modalities for mobile device security , 2010, IEEE Transactions on Consumer Electronics.

[28]  Jürgen Schmidhuber,et al.  Long Short-Term Memory , 1997, Neural Computation.

[29]  Theodore Tryfonas,et al.  A study on usability and security features of the Android pattern lock screen , 2016, Inf. Comput. Secur..

[30]  Geoffrey E. Hinton,et al.  Speech recognition with deep recurrent neural networks , 2013, 2013 IEEE International Conference on Acoustics, Speech and Signal Processing.

[31]  Michael R. Lyu,et al.  Towards Continuous and Passive Authentication via Touch Biometrics: An Experimental Study on Smartphones , 2014, SOUPS.

[32]  Nicu Sebe,et al.  Training Adversarial Discriminators for Cross-Channel Abnormal Event Detection in Crowds , 2017, 2019 IEEE Winter Conference on Applications of Computer Vision (WACV).

[33]  Ted Taekyoung Kwon,et al.  TinyLock: Affordable defense against smudge attacks on smartphone pattern lock systems , 2014, Comput. Secur..

[34]  Jun Ho Huh,et al.  SysPal: System-Guided Pattern Locks for Android , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[35]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[36]  Xiaomin Wang,et al.  Chaotic hash-based fingerprint biometric remote user authentication scheme on mobile devices , 2008 .

[37]  Yang Wang,et al.  Dissecting pattern unlock: The effect of pattern strength meter on pattern selection , 2014, J. Inf. Secur. Appl..

[38]  Anil K. Jain,et al.  Continuous authentication of mobile user: Fusion of face image and inertial Measurement Unit data , 2015, 2015 International Conference on Biometrics (ICB).

[39]  Serge Egelman,et al.  The Anatomy of Smartphone Unlocking: A Field Study of Android Lock Screens , 2016, CHI.

[40]  David Pfau,et al.  Connecting Generative Adversarial Networks and Actor-Critic Methods , 2016, ArXiv.

[41]  Léon Bottou,et al.  Wasserstein Generative Adversarial Networks , 2017, ICML.

[42]  Yoshua Bengio,et al.  Convolutional networks for images, speech, and time series , 1998 .