Vulnerability of Adaptive Strategies of Keystroke Dynamics Based Authentication Against Different Attack Types

Abstract

The attacks considered for keystroke dynamics study especially adaptive strategies have commonly treated impersonation attempts known as zero-effort attacks. These attacks are generally the acquisition of other users of the same database while typing the same password without intending to impersonate the genuine user account. To deal with more realistic scenarios, we are interested in this paper to study the robustness of an adaptive strategy against four types of imposter attacks: zero-effort, spoof, playback and synthetic applied to the WEBGREYC database. Experimental results show that 1) playback and synthetic attacks are the most dangerous and increase the EER rates compared to the other attacks; 2) we also find that the impact of these attacks is more pronounced when the percentages of imposter samples are greater than those of genuine ones; 3) the spoof attacks achieve alarmingly higher FMR, FNMR, and EER rates compared to zero-effort impostor attacks; 4) FMR, FNMR, and EER are higher when the percentage of attacks increases; 5) the attacks belonging to the same user are more dangerous than those of different users in particular when the percentage of the attacks increases. In light of our results, we point out that the traditional attacks considered in research on keystroke-based authentication must evolve according to the evolution of the attacks of nowadays password-based applications.