TY - GEN
T1 - Adversarial Activity Detection Using Keystroke Acoustics
AU - Fallahi, Amin
AU - Phoha, Vir V.
N1 - Publisher Copyright:
© 2021, Springer Nature Switzerland AG.
PY - 2021
Y1 - 2021
N2 - Using keystroke acoustics to predict typed text has significant advantages, such as being recorded covertly from a distance and requiring no physical access to the computer system. Recently, some studies have been done on keystroke acoustics, however, to the best of our knowledge none have used them to predict adversarial activities, such as password dictionary attacks, data exfiltration, etc. We show that keystrokes in an adversarial environment have unique characteristics that distinguish it from benign environments and these differences can be used to predict adversarial activities and threat levels against a computer system. On a dataset of two million keystrokes consisting of seven adversarial and one benign activity, we use a signal processing approach to extract keystrokes from the audio and a clustering method to recover the typed letters followed by a text recovery module to regenerate the typed words. Furthermore, we use a neural network model to classify the benign and adversarial activities and achieve significant results: (1) we extract individual keystroke sounds from the raw audio with 91% accuracy and recover words from audio recordings in a noisy environment with 71% average top-10 accuracy. (2) We classify adversarial activities with 93.11% to 98.07% average accuracy under different operating scenarios.
AB - Using keystroke acoustics to predict typed text has significant advantages, such as being recorded covertly from a distance and requiring no physical access to the computer system. Recently, some studies have been done on keystroke acoustics, however, to the best of our knowledge none have used them to predict adversarial activities, such as password dictionary attacks, data exfiltration, etc. We show that keystrokes in an adversarial environment have unique characteristics that distinguish it from benign environments and these differences can be used to predict adversarial activities and threat levels against a computer system. On a dataset of two million keystrokes consisting of seven adversarial and one benign activity, we use a signal processing approach to extract keystrokes from the audio and a clustering method to recover the typed letters followed by a text recovery module to regenerate the typed words. Furthermore, we use a neural network model to classify the benign and adversarial activities and achieve significant results: (1) we extract individual keystroke sounds from the raw audio with 91% accuracy and recover words from audio recordings in a noisy environment with 71% average top-10 accuracy. (2) We classify adversarial activities with 93.11% to 98.07% average accuracy under different operating scenarios.
KW - Adversarial activity classification
KW - Attack detection
KW - Keystroke acoustics
UR - http://www.scopus.com/inward/record.url?scp=85116943354&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85116943354&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-88418-5_30
DO - 10.1007/978-3-030-88418-5_30
M3 - Conference contribution
AN - SCOPUS:85116943354
SN - 9783030884178
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 626
EP - 648
BT - Computer Security – ESORICS 2021 - 26th European Symposium on Research in Computer Security, Proceedings
A2 - Bertino, Elisa
A2 - Shulman, Haya
A2 - Waidner, Michael
PB - Springer Science and Business Media Deutschland GmbH
T2 - 26th European Symposium on Research in Computer Security, ESORICS 2021
Y2 - 4 October 2021 through 8 October 2021
ER -