One Cycle Attack: Fool Sensor-Based Personal Gait Authentication with Clustering

Gait authentication, especially sensor-based patterns, has been studied by researchers for decades. Nowadays, gait authentication has become an important facet of biometric systems due to the so-called unique characteristics of each user. With the development of various technologies (i.e., hardware, data processing, features extraction, and learning algorithms), the performance of sensor-based authentication methods is gradually improving. But we have found that the vulnerability of most existing methods can be compromised easily. In this paper, we propose a novel attack model, called one cycle attack, to bypass existing gait authentication methods. Firstly, the gait sequence is divided into multiple gait cycles. By adopting the K-mean algorithm, we get the average distance of each feature sample (extracted from the gait cycle) to its closest cluster center, and its result confirms that independent individuals may have similar gait cycles. Secondly, using six state-of-the-art models it was found that the adversarial gait cycle found with the clustering method can bypass the victim's model rapidly. Furthermore, to improve the accuracy of sensor-based gait authentication methods to fight against attacks, we present a WPD-LSTM (Wavelet Packet Decomposition and Long Short-Term Memory) multi-cycle defense model which considers the contextual contents of the neighboring gait cycles in the gait sequence. Experimental results on two datasets (the largest public sensor-based gait database OU-ISIR and new dataset from our laboratory) show that our attack model can bypass most of the victims' models within a limited number of attempts. Specifically, we can compromise 20%-80% of users within 5 attempts by utilizing imitation. On the contrary, the success rate of attackers has been greatly mitigated by deploying our multi-cycle defense model.