De-anonymization Attacks on Metaverse.

Virtual reality (VR) can provide users with an immersive experience in the metaverse. One of the most promising properties of VR is that users’ identities can be protected by changing their physical world appearances into arbitrary virtual avatars. However, recent proposed de-anonymization attacks demonstrate the feasibility of recognizing the user’s identity behind the VR avatar’s masking. In this paper, we propose AvatarHunter, a non-intrusive and user-unconscious de-anonymization attack based on victims’ inherent movement signatures. AvatarHunter imperceptibly collects the victim avatar’s gait information via recording videos from multiple views in the VR scenario without requiring any permission. A Unity-based feature extractor is designed that preserves the avatar’s movement signature while immune to the avatar’s appearance changes. Real-world experiments are conducted in VRChat, one of the most popular VR applications. The experimental results demonstrate that AvatarHunter can achieve attack success rates of 92.1% and 66.9% in closed-world and open-world avatar settings, respectively, which are much better than existing works.