Abstract
In this work, we propose the use of a genetic-algorithm-based attack against machine learning classifiers with the aim of ‘stealing’ users’ biometric actigraphy profiles from health related sensor data. The target classification model uses daily actigraphy patterns for user identification. The biometric profiles are modeled as what we call impersonator examples which are generated based solely on the predictions’ confidence score by repeatedly querying the target classifier. We conducted experiments in a black-box setting on a public dataset that contains actigraphy profiles from 55 individuals. The data consists of daily motion patterns recorded with an actigraphy device. These patterns can be used as biometric profiles to identify each individual. Our attack was able to generate examples capable of impersonating a target user with a success rate of 94.5%. Furthermore, we found that the impersonator examples have high transferability to other classifiers trained with the same training set. We also show that the generated biometric profiles have a close resemblance to the ground truth profiles which can lead to sensitive data exposure, like revealing the time of the day an individual wakes-up and goes to bed.
Highlights
The use of wearable devices, sensing technologies and machine learning methods to monitor and predict user behavior has gained a lot of attention in recent years
We proposed the use of a genetic algorithm based approach to attack a classifier with the objective of generating actigraphy biometric profiles
We introduced the concept of impersonator examples which are generated biometric profiles that are able to impersonate a given user
Summary
The use of wearable devices, sensing technologies and machine learning methods to monitor and predict user behavior has gained a lot of attention in recent years. It has been shown that these technologies have great potential to solve many relevant problems such as continuous mental health monitoring [22], elderly care assistance [44], cancer detection [26] and sports monitoring [4] Many of those works use wearable sensors data, such as accelerometers, gyroscopes, temperature or heart rate, to train machine learning models. Recent works have suggested that such devices can be used to capture user behavior to build biometric profiles, i.e., behaviour signatures that uniquely identify someone, similar to a fingerprint These types of systems can be used for continuous user authentication [1]. We propose the use of a genetic algorithm based attack against machine learning classifiers with the objective of ‘stealing’ users’ biometric profiles.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
