Abstract
With the change from the pre-internet era to online society, user authentication technology is required, and for that, password-based authentication technology is generally used. However, the technology has vulnerabilities and security threats that cannot ensure security and reliability, due to the exposure of the keyboard data that comprises a password input from the keyboard. In order to settle this problem, image-based authentication technology has emerged; but the password input from the mouse is not secure, due to the exposure of the mouse data. This problem has led to the emergence of mouse data protection technology. This technology protects mouse data by generating a large number of random mouse positions at any time, thereby inducing an attacker to track any mouse position generated by the defender, even if the attacker takes over the mouse data. Therefore, this mouse protection technology almost completely defends against existing mouse data attack techniques. With mouse data protection technology applied, the challenge of this paper is to verity the feasibility of mouse data attack. For the experiment, we collected both random mouse data generated by the defender and real mouse data input from the user, and verified the security of mouse data using mouse data classification based on machine learning. As a result of the experiment, we have verified the stealing of mouse data by using the proposed method with high quality, even if existing techniques of mouse data attack do not steal real mouse data. The best accuracy is 98%. In other words, the proposed method almost completely classifies the mouse data input from the user. Consequently, this paper derives and verifies the vulnerability and security threat of image-based authentication technology. Moreover, the vulnerability and security threat found in this paper not only constitute a new vulnerability and security threat, but can also be used as a criterion in security analysis and evaluation for image-based authentication technology.
Highlights
With the change from the pre-internet era to online society, online user authentication technology has been required
The model with the highest increase of F1-score was decision tree, which increased by 146 %; while the models with the lowest increase of f1-score were logistic regression, linear SVC, Support Vector Machine (SVM), and multilayer perceptron (MLP), which increased by 137.7 %
This paper analyzed the security of mouse data in the situation where defense technique is applied based on machine learning in image-based authentication
Summary
With the change from the pre-internet era to online society, online user authentication technology has been required. In order to overcome the failure of the attack caused by competing with the defender in the application program layer of the same user level, the attacker attempts to attack at the kernel level, which is lower than the user level, to steal keyboard data To cope with such kernel level attack techniques, the defender has introduced defense techniques to protect keyboard data at the kernel level by applying techniques such as interrupt service routine replacement, and filter drivers. The conventional mouse attack technique makes it difficult for the attacker to steal mouse positions input by the actual user using the GetCursorPos() function, when the defender generates random mouse positions using the SetCursorPos() function.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
