Analysis of the resilience of the adaptive authentication model to adversarial attacks via hybrid digital fingerprint imitation
https://doi.org/10.55648/1998-6920-2026-20-2-28-44
Abstract
The article investigates the resilience of the adaptive authentication model to adversarial attacks via hybrid digital fingerprint imitation. An adversarial extension of the adaptive authentication model based on a digital fingerprint combining technical and behavioral attributes is proposed. The attack is formalized as a conditional optimization problem with separate values of permissible perturbations of technical (εd) and behavioral (εb) attributes under conditions of limited feedback. To evaluate model resilence, a probabilistic resilience measure R is introduced, consistent with the classical FAR/FRR metrics. Experimental validation was performed on a dataset of 1280 sessions (32 users, 30 attributes) using the CMA-ES algorithm. The experimental results showed that models with adaptive weighting provide a twofold increase in resilience compared to the model with equal weights in the realistic attack regime (εd ≤0.2): R=0.66-0.79 versus 0.39–0.53, and reduce the probability of a successful attack to 0.36 under a strategy for optimizing technical and behavioral features. It has been experimentally established that the automatic reduction of weights with an increase in the variance of features complicates adversarial attacks by attackers. The identified security vulnerability at εd ≥0.5 (R≤0.07) defines the limits of the model's applicability and justifies the need for multifactor authentication with a high proportion of perturbations.
About the Authors
Alexander Alexandrovich SalomatinRussian Federation
PhD, Senior Researcher, V.A. Trapeznikov Institute of Control Sciences, Russian Academy of Sciences
Alexander Sergeevich Shirokov
Russian Federation
Research Fellow, V.A. Trapeznikov Institute of Control Sciences of the Russian Academy of Sciences (ICU RAS)
Andrey Kimovich Melnikov
Russian Federation
PhD, Associate Professor at the Higher Attestation Commission, Chief Researcher, JSC Computational Solutions
References
1. Vekhov V.B., Smushkin A.B. Kriminalisticheskoe issledovanie tsifrovykh otpechatkov komp'yuternykh ustroistv // Vserossiiskii kriminologicheskii zhurnal. – 2024. – T. 18, № 4. – S. 390-397. – DOI 10.17150/2500-4255.2024.18(4).390-397. – EDN PCRWRC
2. Salomatin A.A., Lukinova O.V. Teoreticheskie osnovy adaptatsii legitimizatsii pol'-zovatelya na os-nove dinamiki vektora atributov tsifrovogo otpechatka // Izvestiya Yugo-zapadnogo gosudarstvennogo universiteta. – 2026. – (in press).
3. Bonneau J., Herley C., van Oorschot P. C., Stajano F. Passwords and the Evolution of Imperfect Au-thentication // Communications of the ACM. – 2015. – Vol. 58, No. 7. – P. 78–87.
4. Bonneau J., Herley C., van Oorschot P. C., Stajano F. The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes // IEEE Symposium on Security and Pri-vacy. – San Francisco, CA, USA. – 2012. – P. 553–567. – DOI: 10.1109/SP.2012.44
5. Das A., Bonneau J., Caesar M., Borisov N., Wang X. The Tangled Web of Password Reuse // Proceed-ings of the Network and Distributed System Security Symposium. – 2014. – DOI: 10.14722/ndss.2014.23357
6. Juels A., Rivest R. Honeywords: Making Password-Cracking Detectable // Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security. – 2013. – P. 145–160. – DOI: 10.1145/2508859.2516671
7. Eberz S., Rasmussen K. B., Lenders V., Martinovic I. Evaluating Behavioral Biometrics for Continu-ous Authentication: Challenges and Metrics // Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. – 2017. – P. 386–399. – DOI: 10.1145/3052973.3053032
8. Viswanath B., Bashir M. A., Crovella M., Guha S., Gummadi K. P., Krishnamurthy B., Mislove A. Towards Detecting Anomalous User Behavior in Online Social Networks // USENIX Security Sympo-sium. – 2014. – P. 223–238.
9. Monrose F., Rubin A. Authentication via Keystroke Dynamics // Proceedings of the 4th ACM Confer-ence on Computer and Communications Security. – 1997. – P. 48–56. – DOI: 10.1145/266420.266434
10. Killourhy K., Maxion R. Comparing Anomaly Detection Algorithms for Keystroke Dynamics // IEEE/IFIP International Conference on Dependable Systems and Networks. – Lisbon, Portugal. – 2009. – P. 125–134. – DOI: 10.1109/DSN.2009.5270346.
11. Shen C., Cai Z., Guan X., Maxion R. Performance Evaluation of Anomaly-Detection Algorithms for Mouse Dynamics // Computers & Security. – 2014. – Vol. 45. – P. 156–171. – DOI: 10.1016/j.cose.2014.05.002
12. Serwadda A., Phoha V. When Kids’ Toys Breach Mobile Phone Security // Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security. – 2013. – P. 599–610. – DOI: 10.1145/2508859.2516659
13. Biggio B., Roli F. Wild Patterns: Ten Years after the Rise of Adversarial Machine Learning // Pattern Recognition. – 2018. – Vol. 84. – P. 317–331. – DOI: 10.1016/j.patcog.2018.07.023.
14. Goodfellow I. J., Shlens J., Szegedy C. Explaining and Harnessing Adversarial Examples // arXiv. – 2015. – DOI: 10.48550/arXiv.1412.6572
15. Papernot N. et al. Practical Black-Box Attacks Against Machine Learning // Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. – 2017. – P. 506–519. – DOI: 10.1145/3052973.3053009
16. Sommer R., Paxson V. Outside the Closed World: On Using Machine Learning for Network Intrusion Detection // IEEE Symposium on Security and Privacy. – Oakland, CA, USA. – 2010. – P. 305–316. – DOI: 10.1109/SP.2010.25.
17. Dalvi N. et al. Adversarial Classification // Proceedings of the Tenth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. – 2004. – P. 99–108. – DOI: 10.1145/1014052.1014066
18. Li B., Vorobeychik Y. Scalable Optimization of Randomized Operational Decisions in Adversarial Classification Settings // Proceedings of the Eighteenth International Conference on Artificial Intelli-gence and Statistics. – 2015. – Vol. 38. – P. 599–607.
19. Barreno M. et al. The Security of Machine Learning // Machine Learning. – 2010. – Vol. 81. – P. 121–148. – DOI: 10.1007/s10994-010-5188-5
20. Chandola V. et al. Anomaly Detection: A Survey // ACM Computing Surveys. – 2009. – Vol. 41, No. 3. – Article 15. – P. 1–58. – DOI: 10.1145/1541880.1541882
21. Apify. fingerprint-generator: Realistic browser fingerprint generator. – 2024. – URL: https://github.com/apify/fingerprint-generator (accessed: 06.04.2026).
22. Andriamilanto N., Allard T., Le Guelvouit G., Garel A. A Large-scale Empirical Analysis of Browser Fingerprints Properties for Web Authentication // ACM Transactions on the Web. – 2021. – Vol. 16, No. 1. – Art. 4. – DOI: 10.1145/3478026
23. Barford P., Crovella M. Generating Representative Web Workloads for Network and Server Perfor-mance Evaluation // Proceedings of the 1998 ACM SIGMETRICS International Conference on Meas-urement and Modeling of Computer Systems. – 1998. – P. 151–160.
24. Weinreich H., Obendorf H., Herder E., Mayer H. Not Quite the Average: An Empirical Study of Web Use // ACM Transactions on the Web. – 2008. – Vol. 2, No. 1. – Art. 5. – P. 1–31. – DOI: 10.1145/1326561.1326566
25. Zhang Y., Chen W., Wang D., Yang Q. User-click Modeling for Understanding and Predicting Search-Behavior // KDD '11: Proceedings of the 17th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. – San Diego, CA, USA, 2011. – P. 1388–1396. – DOI: 10.1145/2020408.2020613
26. Hansen N. The CMA Evolution Strategy: A Tutorial // arXiv preprint arXiv:1604.00772. – 2016.
Review
For citations:
Salomatin A.A., Shirokov A.S., Melnikov A.K. Analysis of the resilience of the adaptive authentication model to adversarial attacks via hybrid digital fingerprint imitation. The Herald of the Siberian State University of Telecommunications and Information Science. 2026;20(2):28-44. (In Russ.) https://doi.org/10.55648/1998-6920-2026-20-2-28-44
JATS XML
















