透過特徵排名剔除弱特徵以防止智慧型手機的行為生物身分認證 系統受到模擬攻擊

、線上人數：18

、訪客IP：3.142.124.252

姓名	阿伊夫(Afif Izzul Falakh) 查詢紙本館藏	畢業系所	資訊工程學系
論文名稱	透過特徵排名剔除弱特徵以防止智慧型手機的行為生物身分認證系統受到模擬攻擊 (Weak Features Removal Via Feature Ranking to Prevent Impersonation Attack on Smartphone Behavior Biometric System)
檔案	[Endnote RIS 格式] [Bibtex 格式] [相關文章] [文章引用] [完整記錄] [館藏目錄] 至系統瀏覽論文 (2025-7-29以後開放)
摘要(中)	人們對智慧型手機和網路的依賴為許多線上服務的帶來了許多成長的機會，而在這些線上服務中，某些服務甚至需要處理個人的私密以及敏感訊息，如網路銀行、電子錢包等。因此，採用多重的安全措施可以使系統的安全性更佳的完善。而近期越來越受到研究人員關注的一種安全措施是基於生物行為特徵的身分認證系統（Behavioral Biometrics System，BBS），特別是採用操作智慧型手機的行為作為特徵。然而，一些研究指出存在冒充使用者行為的攻擊方式，這類的攻擊會為了騙過身分認證系統而試圖去模仿使用者的行為。因此，本研究提出了在三種情境下是否存在使用者弱特徵的判別方法：個體弱特徵（Individual Weak Features，IWF）、共同弱特徵（Common Weak Features，CWF）和總體弱特徵（General Weak Features，GWF）。首先，我們會進行假冒攻擊，也就是模仿使用者操作手機的行為，接者將這些攻擊者資料輸入進SVM 模型中，並與未受到攻擊的基本SVM 模型進行比較，以辨認出弱特徵。本研究實驗了四種演算法來識別弱特徵，分別為基本特徵排名法（Baseline Feature Rank，BFR）、反向特徵消去法（ Backward Feature Elimination，BFE）、增強特徵排名法（Enhanced Feature Rank， EFR）和多模型遞迴特徵消去法（Multi Model Recursive Feature Elimination， MMRFE）。透過假設測試出的結果，可以證明IWF、CWF 和 GWF 皆可使模型可靠度維持在一定的程度；而相對於 MMRFE、BFR 和 EFR，使用 BFE 可以得到最好的結果。
摘要(英)	Our dependence of smartphone and internet has brought many opportunities for the growth of smartphone based online services. Some of these services are even deal with private and sensitive information such as mobile banking, electronic wallet, and the likes. Since that, multiple security measures are implemented to have the system as secure as possible. One of the security method which is getting more attention from researcher is behavioral biometrics system (BBS), especially the one based on smartphone swipe and handling behavior. This type of security system provide non-intrusive continuous authentication of the user which can protect the user in-between primary authentication system. However, some research shows the existence of impersonation attack, where an attacker is trying to mimic the user behavior to fool the system. Thus, this research proposed a method to identify the existence of weak features in several scopes: Individual Weak Features (IWF), Common Weak Features (CWF), and General Weak Features (GWF). First, a simulated attack is carried out. Then, the effect on these attack to the augmented Support Vector Machine (SVM) model is compared with the base SVM model is analysed to identify the weak features. Several algorithms are implemented to identify the weak features, namely Baseline Feature Rank (BFR), Backward Feature Elimination (BFE), Enhanced Feature Rank (EFR), and Multi Model Recursive Feature Elimination (MMRFE). By hypothesis testing the IWF, CWF, and GWF is proven to maintain reliability of the model to certain level. With the best one using BFE followed by MMRFE, BFR, and EFR.
關鍵字(中)	★ 生物行為特徵 ★ 身份認證 ★ SVM ★ 假冒攻擊 ★ 弱特徵	關鍵字(英)	★ behavioral biometrics ★ authentication ★ SVM ★ impersonation ★ weak features
論文目次	中文摘要 ................................................................................................................................ i Abstract ............................................................................................................................... ii Acknowledgment ....................................................................................................................... iii Table Of Contents ...................................................................................................................... iv List Of Figures ............................................................................................................................ vi List Of Tables............................................................................................................................ viii Explanation Of Symbols .............................................................................................................. x Chapter I Introduction ........................................................................................................... 1 1.1. Background ............................................................................................................ 1 1.2. Motivation ............................................................................................................. 3 1.3. Baseline Research Hypothesis ............................................................................... 5 1.4. Research Objective ................................................................................................ 8 1.5. Problem Statements .............................................................................................. 8 1.6. Contribution .......................................................................................................... 8 1.7. Limitation of Study ................................................................................................ 8 1.8. Thesis Structure ..................................................................................................... 9 Chapter II Literature Review ................................................................................................ 10 2.1. Behavioral Biometric System .............................................................................. 10 2.2. Histogram Feature Representation for Behavior ................................................ 11 2.3. Feature Selection and Number of Samples Importance ..................................... 12 2.4. Multi Sensor Behavior System ............................................................................ 13 2.5. Server-side Processing ........................................................................................ 14 2.6. Impersonation Attack .......................................................................................... 15 2.7. Support Vector Machine (SVM) .......................................................................... 15 2.7.1. Training SVM Hyperparameter C ........................................................................ 18 2.7.2. Linear SVM Weak Features ................................................................................. 21 2.8. BBS Evaluation Metrics ....................................................................................... 22 2.9. Sample Bootstrapping ......................................................................................... 23 Chapter III Proposed Method ............................................................................................... 25 3.1. Data Preprocessing .............................................................................................. 26 3.2. Baseline Model Building ...................................................................................... 32 v 3.3. Feature Ranking and Removal Algorithms .......................................................... 34 3.4. Enhanced Model Building ................................................................................... 38 3.4.1. IWF Scope ............................................................................................................ 38 3.4.2. CWF Scope ........................................................................................................... 39 3.4.3. GWF Scope .......................................................................................................... 40 Chapter IV Experiments And Result Analysis ........................................................................ 41 4.1. Experiments ......................................................................................................... 41 4.1.1. Design .................................................................................................................. 41 4.1.2. Tools Preparation ................................................................................................ 47 4.1.3. Data Collection .................................................................................................... 50 4.1.4. Evaluation ............................................................................................................ 60 4.2. Results & Analysis ................................................................................................ 61 4.2.1. Baseline Model .................................................................................................... 61 4.2.2. Enhanced Model in IWF Scope ............................................................................ 64 4.2.3. Enhanced Model in CWF Scope .......................................................................... 69 4.2.4. Enhanced Model in GWF Scope .......................................................................... 74 Chapter V Conclusion ........................................................................................................... 78 5.1. Conclusion ........................................................................................................... 78 5.2. Future Works ....................................................................................................... 79 Bibliography ............................................................................................................................. 80
參考文獻	[1] Y. Yang, B. Guo, Z. Wang, M. Li, Z. Yu, and X. Zhou, “BehaveSense: Continuous authentication for security-sensitive mobile apps using behavioral biometrics,” Ad Hoc Networks, vol. 84, pp. 9–18, Mar. 2019, doi: 10.1016/j.adhoc.2018.09.015. [2] N.-F. Li, P. Tian, and J. Wang, “An authentication method based on user specific behavior,” in 2016 5th International Conference on Computer Science and Network Technology (ICCSNT), Dec. 2016, pp. 132–135. doi: 10.1109/ICCSNT.2016.8070134. [3] A. Suharsono and D. Liang, “Hand Stability Based Features for Touch Behavior Smartphone Authentication,” in 2020 3rd IEEE International Conference on Knowledge Innovation and Invention (ICKII), Aug. 2020, pp. 167–170. doi: 10.1109/ICKII50300.2020.9318982. [4] S. Shah and S. Kanhere, “Recent Trends in User Authentication - A Survey,” IEEE Access, vol. PP, pp. 1–1, Aug. 2019, doi: 10.1109/ACCESS.2019.2932400. [5] I. Stylios, S. Kokolakis, O. Thanou, and S. Chatzis, “Behavioral biometrics & continuous user authentication on mobile devices: A survey,” Information Fusion, vol. 66, pp. 76–99, Feb. 2021, doi: 10.1016/j.inffus.2020.08.021. [6] C. Adams, “Impersonation Attack,” in Encyclopedia of Cryptography and Security, H. C. A. van Tilborg, Ed. Boston, MA: Springer US, 2005, pp. 286–286. doi: 10.1007/0-387-23483- 7_196. [7] S. Poudel, A. Serwadda, and V. V. Phoha, “On humanoid robots imitating human touch gestures on the smart phone,” in 2015 IEEE 7th International Conference on Biometrics Theory, Applications and Systems (BTAS), Sep. 2015, pp. 1–7. doi: 10.1109/BTAS.2015.7358781. [8] L.-X. Lin, “Impersonation Attack on Touch-Based Behavioral Smartphone Authentication,” Thesis, CSIE, NCU, Taoyaun, 2021. Accessed: Jun. 15, 2022. [Online]. Available: https://etd.lib.nctu.edu.tw/cgibin/ gs32/ncugsweb.cgi/ccd=yezwX1/record?r1=1&h1=0#XXXX [9] A. Mahfouz, T. M. Mahmoud, and A. S. Eldin, “A survey on behavioral biometric authentication on smartphones,” Journal of Information Security and Applications, vol. 37, pp. 28–37, Dec. 2017, doi: 10.1016/j.jisa.2017.10.002. [10] Y. Yang, J. Sun, and L. Guo, “PersonaIA: A Lightweight Implicit Authentication System Based on Customized User Behavior Selection,” IEEE Transactions on Dependable and Secure Computing, vol. 16, no. 1, pp. 113–126, Jan. 2019, doi: 10.1109/TDSC.2016.2645208. [11] M. Rees, “Behavioral Biometrics: A Complete Guide,” Expert Insights, Dec. 13, 2021. https://expertinsights.com/insights/a-guide-to-behavioral-biometrics/ (accessed Jun. 16, 2022). 81 [12] R. Das, The Science of Biometrics: Security Technology for Identity Verification. Routledge, 2018. [13] R. Yampolskiy and V. Govindaraju, “Behavioural biometrics: A survey and classification,” International Journal of Biometrics, vol. 1, Jan. 2008, doi: 10.1504/IJBM.2008.018665. [14] C.-C. Lin, C.-C. Chang, and D. Liang, “An Approach for Authenticating Smartphone Users Based on Histogram Features,” in 2015 IEEE International Conference on Software Quality, Reliability and Security, Aug. 2015, pp. 125–130. doi: 10.1109/QRS.2015.27. [15] A. A. Alariki, A. Bt Abdul Manaf, and S. Khan, “A study of touching behavior for authentication in touch screen smart devices,” in 2016 International Conference on Intelligent Systems Engineering (ICISE), Jan. 2016, pp. 216–221. doi: 10.1109/IN℡SE.2016.7475123. [16] M. W. Abo El-Soud, T. Gaber, F. AlFayez, and M. M. Eltoukhy, “Implicit authentication method for smartphone users based on rank aggregation and random forest,” Alexandria Engineering Journal, vol. 60, no. 1, pp. 273–283, Feb. 2021, doi: 10.1016/j.aej.2020.08.006. [17] W. Meng, Y. Wang, D. S. Wong, S. Wen, and Y. Xiang, “TouchWB: Touch behavioral user authentication based on web browsing on smartphones,” Journal of Network and Computer Applications, vol. 117, pp. 1–9, Sep. 2018, doi: 10.1016/j.jnca.2018.05.010. [18] B. Zou and Y. Li, “Touch-based Smartphone Authentication Using Import Vector Domain Description,” in 2018 IEEE 29th International Conference on Application-specific Systems, Architectures and Processors (ASAP), Jul. 2018, pp. 1–4. doi: 10.1109/ASAP.2018.8445125. [19] C. Shen, Y. Li, Y. Chen, X. Guan, and R. A. Maxion, “Performance Analysis of Multi-Motion Sensor Behavior for Active Smartphone Authentication,” IEEE Transactions on Information Forensics and Security, vol. 13, no. 1, pp. 48–62, Jan. 2018, doi: 10.1109/TIFS.2017.2737969. [20] S. Ray, “SVM \| Support Vector Machine Algorithm in Machine Learning,” Analytics Vidhya, Sep. 12, 2017. https://www.analyticsvidhya.com/blog/2017/09/understaingsupport- vector-machine-example-code/ (accessed Jun. 16, 2022). [21] S. Fan, “Understanding the mathematics behind Support Vector Machines,” Shuzhan Fan, May 07, 2018. https://shuzhanfan.github.io/ (accessed Jun. 16, 2022). [22] C.-W. Hsu, C.-C. Chang, and C.-J. Lin, “A Practical Guide to Support Vector Classification,” p. 16, May 2016. [23] I. Syarif, A. Prugel-Bennett, and G. Wills, “SVM Parameter Optimization using Grid Search and Genetic Algorithm to Improve Classification Performance,” TELKOMNIKA (Telecommunication Computing Electronics and Control), vol. 14, p. 1502, Dec. 2016, doi: 10.12928/telkomnika.v14i4.3956. 82 [24] J. Brownlee, “How to Model Human Activity From Smartphone Data,” Machine Learning Mastery, Sep. 16, 2018. https://machinelearningmastery.com/how-to-model-humanactivity- from-smartphone-data/ (accessed Jun. 19, 2021). [25] M. Fedotenkova, “Extraction of multivariate components in brain signals obtained during general anesthesia,” 2016. [26] F. Rothlauf et al., Applications of Evolutionary Computing: EvoWorkshops 2006: EvoBIO, EvoCOMNET, EvoHOT, EvoIASP, EvoINTERACTION, EvoMUSART, and EvoSTOC, Budapest, Hungary, April 10-12, 2006, Proceedings. Springer, 2006. [27] I. Guyon, J. Weston, S. Barnhill, and V. Vapnik, “Gene Selection for Cancer Classification using Support Vector Machines,” Machine Learning, vol. 46, no. 1, pp. 389–422, Jan. 2002, doi: 10.1023/A:1012487302797. [28] U. Gawande and Y. Golhar, “Biometric security system: A rigorous review of unimodal and multimodal biometrics techniques,” International Journal of Biometrics, vol. 10, p. 142, Jan. 2018, doi: 10.1504/IJBM.2018.091629. [29] M. Elhoseny, A. Elkhateeb, A. Talaat, and A. E. Hassanien, “Multimodal Biometric Personal Identification and Verification,” in Studies in Computational Intelligence, 2018, pp. 249–276. doi: 10.1007/978-3-319-63754-9_12. [30] P. R. Hinton, Statistics Explained, 3rd ed. New York, NY, USA: Routledge, 2014. [31] J. Frost, “Introduction to Bootstrapping in Statistics with an Example,” Statistics By Jim, Oct. 08, 2018. http://statisticsbyjim.com/hypothesis-testing/bootstrapping/ (accessed Jun. 19, 2022).
指導教授	梁德容博士張欽圳博士 Dr. Mardhani Riasetiawan(De-Ron Liang, Ph.D. Chin-Chun Chang, Ph.D. Dr. Mardhani Riasetiawan)	審核日期	2022-8-20
推文	facebook plurk twitter funp google live udn HD myshare reddit netvibes friend youpush delicious baidu
網路書籤	Google bookmarks del.icio.us hemidemi myshare

博碩士論文 110522612 詳細資訊