Vulnerability Analysis Challenges of the Mouse Data Based on Machine Learning for Image-Based User Authentication

Abstract

With the change from the pre-internet era to online society, user authentication technology is required, and for that, password-based authentication technology is generally used. However, the technology has vulnerabilities and security threats that cannot ensure security and reliability, due to the exposure of the keyboard data that comprises a password input from the keyboard. In order to settle this problem, image-based authentication technology has emerged; but the password input from the mouse is not secure, due to the exposure of the mouse data. This problem has led to the emergence of mouse data protection technology. This technology protects mouse data by generating a large number of random mouse positions at any time, thereby inducing an attacker to track any mouse position generated by the defender, even if the attacker takes over the mouse data. Therefore, this mouse protection technology almost completely defends against existing mouse data attack techniques. With mouse data protection technology applied, the challenge of this paper is to verity the feasibility of mouse data attack. For the experiment, we collected both random mouse data generated by the defender and real mouse data input from the user, and verified the security of mouse data using mouse data classification based on machine learning. As a result of the experiment, we have verified the stealing of mouse data by using the proposed method with high quality, even if existing techniques of mouse data attack do not steal real mouse data. The best accuracy is 98%. In other words, the proposed method almost completely classifies the mouse data input from the user. Consequently, this paper derives and verifies the vulnerability and security threat of image-based authentication technology. Moreover, the vulnerability and security threat found in this paper not only constitute a new vulnerability and security threat, but can also be used as a criterion in security analysis and evaluation for image-based authentication technology.