| 摘要: | 人們對智慧型手機和網路的依賴為許多線上服務的帶來了許多成長的機會,而在
這些線上服務中,某些服務甚至需要處理個人的私密以及敏感訊息,如網路銀行、電
子錢包等。因此,採用多重的安全措施可以使系統的安全性更佳的完善。而近期越來
越受到研究人員關注的一種安全措施是基於生物行為特徵的身分認證系統
(Behavioral Biometrics System,BBS),特別是採用操作智慧型手機的行為作為特
徵。然而,一些研究指出存在冒充使用者行為的攻擊方式,這類的攻擊會為了騙過身
分認證系統而試圖去模仿使用者的行為。
因此,本研究提出了在三種情境下是否存在使用者弱特徵的判別方法:個體弱特
徵(Individual Weak Features,IWF)、共同弱特徵(Common Weak Features,CWF)
和總體弱特徵(General Weak Features,GWF)。首先,我們會進行假冒攻擊,也就是
模仿使用者操作手機的行為,接者將這些攻擊者資料輸入進SVM 模型中,並與未受到
攻擊的基本SVM 模型進行比較,以辨認出弱特徵。 本研究實驗了四種演算法來識別弱
特徵,分別為基本特徵排名法(Baseline Feature Rank,BFR)、反向特徵消去法(
Backward Feature Elimination,BFE)、增強特徵排名法(Enhanced Feature Rank,
EFR)和多模型遞迴特徵消去法(Multi Model Recursive Feature Elimination,
MMRFE)。透過假設測試出的結果,可以證明IWF、CWF 和 GWF 皆可使模型可靠度維持
在一定的程度;而相對於 MMRFE、BFR 和 EFR,使用 BFE 可以得到最好的結果。;Our dependence of smartphone and internet has brought many opportunities for the
growth of smartphone based online services. Some of these services are even deal with
private and sensitive information such as mobile banking, electronic wallet, and the likes.
Since that, multiple security measures are implemented to have the system as secure as
possible. One of the security method which is getting more attention from researcher is
behavioral biometrics system (BBS), especially the one based on smartphone swipe and
handling behavior. This type of security system provide non-intrusive continuous
authentication of the user which can protect the user in-between primary authentication
system. However, some research shows the existence of impersonation attack, where an
attacker is trying to mimic the user behavior to fool the system.
Thus, this research proposed a method to identify the existence of weak features in
several scopes: Individual Weak Features (IWF), Common Weak Features (CWF), and General
Weak Features (GWF). First, a simulated attack is carried out. Then, the effect on these attack
to the augmented Support Vector Machine (SVM) model is compared with the base SVM
model is analysed to identify the weak features. Several algorithms are implemented to
identify the weak features, namely Baseline Feature Rank (BFR), Backward Feature Elimination
(BFE), Enhanced Feature Rank (EFR), and Multi Model Recursive Feature Elimination (MMRFE).
By hypothesis testing the IWF, CWF, and GWF is proven to maintain reliability of the model to
certain level. With the best one using BFE followed by MMRFE, BFR, and EFR. |
