Adversarial Attacks against Behavioral-based Continuous Authentication

Abstract: Online identity theft and session hijacking attacks have become a major hazardin recent years and are expected to become more frequent in the years to come.Unlike the traditional authentication methods, continuous authentication based onthe characterization of user behavior in interactions with the computer system allowsto continuously verify the user’s identity and mitigates the risk of such forms ofmalicious access. However, recent developments in the field of generative modelingcan pose a significant threat to behavioral-based continuous authentication. Agenerative model is able to generate data with certain desired characteristics andcould be used to imitate a user’s behavior, allowing an attacker to bypass continuousauthentication and perform an attack without being detected. In this thesis, weinvestigate this threat and carry out adversarial attacks against behavioral-basedcontinuous authentication with the use of generative models. In our attack setup, anattacker has access to the data used to train the considered machine learning-basedcontinuous authentication classifiers. The data is used to train generative models,which then generate adversarial samples aimed at impersonating an authorized user.We focus on three explicit generative models: Kernel Density Estimation, GaussianMixture Models and Variational Autoencoders. We test our attacks based on keystrokedynamics and smartphone touch dynamics. The chosen generative models achievedgreat results, where the median amount of adversarial samples, which bypassed thecontinuous authentication systems ranged from 70 to 100% for keystroke dynamicsand from 41 to 99% for smartphone touch dynamics. The results also show the relationbetween the size of the training data used for generative models and their performance.Moreover, we observed that the generated adversarial samples exhibited only a slightlyhigher variance than that of the original samples, which indicates that the imitationattack indeed resembled the authenticated user’s movements. The vulnerability ofbehavioral-based continuous authentication to adversarial attacks discovered in this study calls for further research aimed at improving the existing security solutions.