Preventing Lunchtime Attacks: Fighting Insider Threats With Eye Movement Biometrics

We introduce a novel biometric based on distinctive eye movement patterns. The biometric consists of 21 features that allow us to reliably distinguish users based on differences in these patterns. We leverage this distinguishing power along with the ability to gauge the users' task familiarity, i.e., level of knowledge, to address insider threats. In a controlled experiment we test how both time and task familiarity influence eye movements and feature stability, and how different subsets of features affect the classifier performance. These feature subsets can be used to tailor the eye movement biometric to different authentication methods and threat models. Our results show that eye movement biometrics support reliable and stable identification and authentication of users. We investigate different approaches in which an attacker could attempt to use inside knowledge to mimic the legitimate user. Our results show that while this advance knowledge is measurable, it does not increase the likelihood of successful impersonation. In order to determine the time stability of our features we repeat the experiment twice within two weeks. The results indicate that we can reliably authenticate users over the entire period. We show that the classification decision depends on all features and mimicking a few of them will not be sufficient to trick the classifier. We discuss the advantages and limitations of our approach in detail and give practical insights on the use of this biometric in a real-world environment.