Please note: This master’s thesis presentation will take place in DC 2314 and online.
Alexandru Bara, Master’s candidate
David R. Cheriton School of Computer Science
Supervisor: Professor Urs Hengartner
In an era of escalating cyber threats, behavioural biometrics have emerged as a transformative security mechanism, leveraging user interaction patterns like keystrokes and mouse movements for continuous authentication on the web. However, detecting these scripts at scale remains challenging due to obfuscation, dynamic execution, and overlap with analytics tools.
This thesis addresses these challenges through three interconnected contributions: (1) enhancing FoxHound, a dynamic taint analysis tool, to achieve 97% effectiveness in tracking behavioural biometric data flows; (2) developing the first open-source checkout crawler to navigate e-commerce workflows with upwards of 78% accuracy; and (3) creating a machine learning classifier to distinguish behavioural biometric scripts from other tracking scripts. Large-scale analyses reveal that behavioural biometric scripts are deployed on 0.3% of top websites, with significantly higher adoption on sensitive pages (4.55% of banking logins). The work concludes with ethical recommendations to balance security benefits with privacy risks, advocating for transparency, deobfuscation, and regulatory oversight.
To attend this master’s thesis presentation in person, please go to DC 2314. You can also attend virtually using Zoom.