增強智慧型手機上基於行為身分驗證系統的穩健性以抵禦假冒攻擊

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：61

、訪客IP：18.217.189.152

姓名

李浩君(Hao-Chun Li) 查詢紙本館藏

畢業系所

資訊工程學系

論文名稱

增強智慧型手機上基於行為身分驗證系統的穩健性以抵禦假冒攻擊
(Enhancing the Robustness of Behavioral Biometric Systems on Smartphones to Resist Impersonation Attacks)

相關論文

★ 基於最大期望算法之分析陶瓷基板機器暗裂破片率	★ 基於時間序列預測的機器良率預測
★ 基於OpenPose特徵的行人分心偵測	★ 建構深度學習CNN模型以正確分類傳統AOI模型之偵測結果
★ 一種結合循序向後選擇法與回歸樹分析的瑕疵肇因關鍵因子擷取方法與系統－以紡織製程為例	★ 融合生成對抗網路及領域知識的分層式影像擴增
★ 針織布異常偵測方法研究	★ 基於工廠生產資料的異常機器維修預測
★ 萃取駕駛人在不同環境之駕駛行為方法	★ 基於刮痕瑕疵資料擴增的分割拼接影像生成
★ 應用卷積神經網路於航攝影像做基於坵塊的水稻判釋之研究	★ 採迴歸樹進行規則探勘以有效同時降低多種紡織瑕疵
★ 應用增量式學習於多種農作物判釋之研究	★ 應用自動化測試於異質環境機器學習管道之 MLOps 系統
★ 農業影像二元分類：坵塊分離的檢測	★ 應用遷移學習於胚布瑕疵檢測

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

至系統瀏覽論文 (2027-6-30以後開放)

摘要(中)

近年來，智慧型手機成為彼此生活中最為仰賴的產品，且常儲存個人隱私資訊，因而成為惡意人士的竊取目標之一。雖然目前有提供身分驗證機制為用戶進行身分認證，但多數方法皆屬於一次性驗證，也就是用戶只需要在使用裝置的初始階段通過認證，就可以隨意存取智慧型手機內的任何資料。本研究所採用的連續式身分驗證(Continuous Authentication) 將彌補過往身分驗證機制的不足，其目的為在不打擾用戶的使用情況下，持續收集用戶的行為資料，並定期地在後台進行認證，確保使用者為合法用戶，即行為生物識別(Behavioral Biometrics)。然而，過往研究指出，基於行為的身分驗證系統會遭受到對抗式攻擊(Adversarial Attack) 的影響，也就是假冒攻擊(Impersonation Attack)，惡意人士將偽裝成合法使用者，試圖讓系統誤判，造成系統穩健性(Robustness) 下降。因此，本研究將針對假冒攻擊問題提出兩項能夠提升基於行為身分驗證系統穩健性的方法。即基於行為相似度的分群方法和基於行為變異度的前處理方法，其中分群方法將根據用戶行為相似度來分組，並在移除系統事先指定給群組的容易被攻擊者模仿的群組總體弱特徵後，再進行模型訓練；而前處理方法則基於用戶每項特徵的行為變異度來調整每項特徵資料的權重，使得系統能夠更加容易地分辨合法用戶和攻擊者。透過本研究提出的分群和前處理方法，將可以在不需要為用戶收集攻擊者的模仿資料來執行耗時的篩選弱特徵過程的前提下，達到更好的準確率。

摘要(英)

In recent years, smartphones have become essential in our lives, often storing personal information and making them prime targets for malicious people. Current identity verification mechanisms provide authentication, but most are one-time verifications, allowing users to freely access data after initial authentication. This study addresses these shortcomings by using continuous authentication, which continuously collects user behavior data without disturbing the user and performs regular background authentication, known as behavioral biometrics. However, behavior-based authentication systems are vulnerable to adversarial attacks, or impersonation attacks, where malicious individuals pretend to be legitimate users, reducing system robustness. To enhance robustness against these attacks, this study proposes two methods: a similarity-based clustering method and a preprocessing method based on behavioral variability. The clustering method groups users by behavioral similarity and removes weak features that attackers can mimic before model training. The preprocessing method adjusts feature weights based on behavioral variability, making it easier to distinguish between legitimate users and attackers. These methods aim to improve accuracy without the need for collecting attackers’ data for weak feature selection.

關鍵字(中)

★ 連續式驗證
★ 行為生物識別
★ 假冒攻擊
★ 弱特徵

關鍵字(英)

★ Continuous Authentication
★ Behavioral Biometrics
★ Impersonation Attacks
★ Weak Feature

論文目次

摘要.............................................................................. vi
Abstract......................................................................... vii
目錄.............................................................................. viii
一、緒論.......................................................................... 1
1.1研究背景...................................................................... 1
1.2研究動機...................................................................... 3
1.3研究目的...................................................................... 5
1.4問題定義...................................................................... 5
1.5研究貢獻...................................................................... 5
1.6論文架構...................................................................... 6
二、相關研究...................................................................... 7
2.1行為生物識別(BehavioralBiometric)............................................. 7
2.2基於直方圖(Histogram)的特徵表示方法............................................ 7
2.3支援向量機(SupportVectorMachine,SVM).......................................... 8
2.4生物辨識系統的性能指標......................................................... 10
2.5基礎模型(M0i)與最佳模型(M∗ij).................................................. 11
2.6以反向特徵消去法篩選CWF........................................................ 12
2.7以投票方法篩選GWF............................................................. 13
三、研究方法...................................................................... 15
3.1資料前處理.................................................................... 15
3.1.1原始資料.................................................................... 15
3.1.2動態特徵資料................................................................ 16
3.1.3基於直方圖的特徵分布......................................................... 19
3.2模型訓練方法.................................................................. 21
3.2.1基於行為相似度的分群方法..................................................... 21
3.2.2基於行為變異度的前處理方法................................................... 23
四、實驗設計與結果分析............................................................. 26
4.1資料集介紹.................................................................... 26
4.1.1資料收集................................................................... 26
4.1.2訓練與測試資料集............................................................ 28
4.2基準模型的建立與實驗流程設計................................................... 29
4.2.1基礎模型(M0i)和最佳模型(M∗ij)............................................... 29
4.2.2通用模型(MGWFi )........................................................... 30
4.3實驗一:以基於相似度的分群方法建立模型........................................... 31
4.3.1實驗設計................................................................... 31
4.3.2實驗結果與分析.............................................................. 32
4.4實驗二:以基於行為變異度的前處理方法建立模型..................................... 36
4.4.1子實驗:行為變異度實驗結果與分析.............................................. 36
4.4.2實驗設計................................................................... 37
4.4.3實驗結果與分析............................................................. 37
五、結論與未來展望................................................................ 40
5.1結論......................................................................... 40
5.2未來展望..................................................................... 41
參考文獻......................................................................... 42

參考文獻

[1] eMarketer, Us proximity mobile payment users and penetration, 2020-2027, [Online] Available: https://www.emarketer.com/chart/262863/us-proximity-mobile-payment users-penetration-2020-2027-millions-change-of-smartphone-users (Accessed: Jun. 2024), Apr. 2023.
[2] A. Habibi Lashkari, S. Farmand, O. Zakaria, and D. Saleh, “Shoulder surfing attack in graphical password authentication,” International Journal of Computer Science and Information Security (IJCSIS), vol. 6, no. 2, pp. 145–154, Nov. 2009.
[3] I. I. Androulidakis, “Introduction: Confidentiality, integrity, and availability threats in mobile phones,” in Mobile Phone Security and Forensics: A Practical Approach, 2nd edition. Springer, Cham, 2016, pp. 1–14.
[4] J. Galbally, I. Coisel, and I. Sanchez, “A new multimodal approach for password strength estimation—part i: Theory and algorithms,” IEEE Transactions on Information Forensics and Security, vol. 12, no. 12, pp. 2829–2844, Dec. 2017.
[5] A. Alzubaidi and J. Kalita, “Authentication of smartphone users using behavioral biometrics,” IEEE Communications Surveys Tutorials, vol. 18, no. 3, pp. 1998–2026, 2016.
[6] E. Ellavarason, R. Guest, F. Deravi, R. Sanchez-Riello, and B. Corsetti, “Touch-dynamics based behavioural biometrics on mobile devices–a review from a usability and performance perspective,” ACM Computing Surveys (CSUR), vol. 53, no. 6, pp. 1–36, Dec. 2020.
[7] T. G. Rudner and H. Toner, “Key concepts in ai safety: Robustness and adversarial examples,” CSET Issue Brief, Mar. 2021.
[8] M. Agrawal, P. Mehrotra, R. Kumar, and R. R. Shah, “Gantouch: An attack-resilient framework for touch-based continuous authentication system,” IEEE Transactions on Biometrics, Behavior, and Identity Science, vol. 4, no. 4, pp. 533–543, Oct. 2022.
[9] L.-X. Lin, “Impersonation attack on touch-based behavioral smartphone authentication,” M.S. thesis, NCU, 2021.
[10] A. I. Falakh, “Weak features removal via feature ranking to prevent impersonation attack on smartphone behavior biometric system,” M.S. thesis, NCU, 2022.
[11] J.-Y. Su, “Weak features removal mechanism to prevent impersonation attack on behavior biometric system,” M.S. thesis, NCU, 2023.
[12] A. Mahfouz, T. M. Mahmoud, and A. S. Eldin, “A survey on behavioral biometric authentication on smartphones,” Journal of information security and applications, vol. 37, pp. 28–37, Dec. 2017.
[13] W.E.Burr, D. F. Dodson, W. T. Polk, et al., Electronic authentication guideline. Citeseer, 2006.
[14] B. Draffin, J. Zhu, and J. Zhang, “Keysens: Passive user authentication through micro behavior modeling of soft keyboard interaction,” in Mobile Computing, Applications, and Services: 5th International Conference, MobiCASE 2013, Paris, France, November 7-8, 2013, Revised Selected Papers 5, Springer, 2014, pp. 184–201.
[15] C.-C. Lin, C.-C. Chang, and D. Liang, “An approach for authenticating smartphone users based on histogram features,” in 2015 IEEE International Conference on Software Quality, Reliability and Security, Vancouver, BC, Canada, Aug. 2015, pp. 125–130.
[16] I. Syarif, A. Prugel-Bennett, and G. Wills, “Svm parameter optimization using grid search and genetic algorithm to improve classification performance,” TELKOMNIKA (Telecommunication Computing Electronics and Control), vol. 14, no. 4, pp. 1502–1509, 2016.
[17] A. K. Jain and A. Ross, “Introduction to biometrics,” in Handbook of Biometrics, A. K. Jain, P. Flynn, and A. A. Ross, Eds. Springer US, 2008, pp. 1–22.
[18] U. Gawande and Y. Golhar, “Biometric security system: A rigorous review of unimodal and multimodal biometrics techniques,” International Journal of Biometrics, vol. 10, no. 2, pp. 142–175, Jan. 2018.
[19] P.-E. Danielsson, “Euclidean distance mapping,” Computer Graphics and image process ing, vol. 14, no. 3, pp. 227–248, Jan. 1980.

指導教授

梁德容(De-Ron Liang)

審核日期

2024-8-5

推文