Towards liveness detection in keystroke dynamics: Revealing synthetic forgeries

While the accuracy of keystroke dynamics verification systems has traditionally been evaluated using a zero-effort attack model, the current trend is to recognize that such an approach is too optimistic. Attacks using statistical models and synthetic forgeries have been shown to achieve significant...

Full description

Saved in:
Bibliographic Details
Published in:Systems and soft computing 2022-12, Vol.4, p.200037, Article 200037
Main Authors: González, Nahuel, Calot, Enrique P., Ierache, Jorge S., Hasperué, Waldo
Format: Article
Language:English
Subjects:
Keystroke dynamics
Liveness detection
Machine learning
Synthetic forgeries
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:While the accuracy of keystroke dynamics verification systems has traditionally been evaluated using a zero-effort attack model, the current trend is to recognize that such an approach is too optimistic. Attacks using statistical models and synthetic forgeries have been shown to achieve significant rates of success, motivating the study of methods for improving the imitation of legitimate user’s keystroke timings as well as the detection of such counterfeits. For these purposes, we introduce two methods using higher-order contexts and empirical distributions to generate artificial samples of keystroke timings, together with a liveness detection system for keystroke dynamics that leverages them as adversaries. To aid with this objective, we present a family of distances based on the smoothed empirical cumulative distributions of keystroke timings. One of the proposed spoofing methods outperforms other spoofing methods previously evaluated in the literature by a large margin, doubling and sometimes tripling their false acceptance rates, to around 15%, when data of the targeted user is available. If only general population data is available to an attacker, the liveness detection system achieves false acceptance and false rejection rates between 1% and 2%, consistently, over three publicly available datasets previously used in other keystroke dynamics studies. [Display omitted] •Synthetic forgeries of keystroke dynamics samples can fool verification systems.•Higher-order contexts and empirical distributions of keystroke timings improve FAR.•Verification systems can be protected against between-subject synthetic forgeries.•Protection remains effective even when an attacker acquires all the user samples.•CDF-based distances can distinguish synthetic forgeries from legitimate samples.
ISSN:2772-9419
2772-9419
DOI:10.1016/j.sasc.2022.200037